Qmail with smtp-auth, vpopmail, binc-imap and qmailAdmin
Updated: 03/26/2005
General Information
Hosting your own e-mail is a handy thing. This guide will show you how to set up a secure mail server using qmail, vpopmail, qmailAdmin for user management, and smtp-auth so only valid users can send mail.Requirements
Installation
qmail with auth patch
First, we start off by installing qmail -- this is, after all, the main program that makes up the entire server. First thing we want to do is extract the source so we can apply the qmail auth patch. This allows us to have a smtp server that can relay for certain people only.|
# # |
cd /usr/ports/mail/qmail make extract |
|
# # # |
cd ./work/qmail-1.03 wget http://www.bsdguides.org/downloads/freebsd/qmail-smtpd-auth.patch patch < qmail-smtpd-auth.patch |
|
# # # # # |
cd ../.. killall -9 sendmail make fetch all install force-enable-qmail WITH_QMAILQUEUE_PATCH=yes WITH_BIG_TODO_PATCH=yes \ WITH_BIG_CONCURRENCY_PATCH=yes WITH_OUTGOINGIP_PATCH=yes echo 'no_sendmail="YES"' >> /etc/make.conf |
tcpserver ( ucspi-tcp )
Nice and simple|
# # |
cd /usr/ports/sysutils/ucspi-tcp make install clean |
Daemontools
In order to make the administration of the individual mail programs easier (POP3, SMTP, etc), daemontools will be used. In the case that a daemon/service is brought down or ended, daemontools will make sure that it is restarted within 5 seconds ( Thusly, killing your mail services would be senseless ).|
# # # |
cd /usr/ports/sysutils/daemontools make install clean echo 'svscan_enable="YES"' >> /etc/rc.conf |
Binc-Imap
Binc-Imap is a IMAP server, it is specifically geared for usage with qMail, and works very well with vpopmail|
# # |
cd /usr/ports/mail/bincimap/ make install |
vpopmail
The tools we can use to add new accounts and easily manage domains -- Remove users, add mailing lists and more. We set WITH_DOMAIN_QUOTA's so that we can set a quota for a whole domain, and single users. Adding spamassassin with the Alex Dupre patch is a nice way to get rid of unwanted ads and whatnot. Set SPAM_THRESHOLD to any number you want. Anything that is tagged as spam and is over this amount in points, will cause the mail to be deleted.|
# # |
cd /usr/ports/mail/vpopmail make install clean -DWITH_DOMAIN_QUOTAS -DWITH_SPAMASSASSIN SPAM_THRESHOLD=10 |
qmailAdmin
This will enable us to administrate the users and mailing lists over HTTP. Note: This requires you to have apache installed and running. Please remember that the paths are relative to /usr/local, so if you want it to be in /usr/home/user/cgi-bin/ you need to make the CGIBINDIR=../home/user/cgi-bin/.|
# # |
cd /usr/ports/mail/qmailadmin make all install clean CGIBINDIR=www/cgi-bin-dist WEBDATADIR=www/data-dist |
Configuration
qmail
Now we need to configure qmail to work with daemontools. We will use qmail-conf for this. The last line is to remove the auto start script the ports install added. Not needed if we are gonna use daemontools.|
# # # |
cd /usr/ports/mail/qmail-conf/ make install clean rm /usr/local/etc/rc.d/qmail.sh |
|
# # # |
hostname > /var/qmail/control/me hostname | sed "s/`hostname -s`.//g" > /var/qmail/control/defaultdomain hostname | sed "s/`hostname -s`.//g" > /var/qmail/control/plusdomain |
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # |
/var/qmail/bin/qmail-pop3d-conf /usr/local/vpopmail/bin/vchkpw qmaill /var/qmail/service/pop3d cd /var/qmail/service/pop3d/ echo ":allow" > tcp echo "200" > env/CONCURRENCY make /var/qmail/bin/qmail-smtpd-conf qmaild qmaill /var/qmail/service/smtpd cd /var/qmail/service/smtpd/ echo "200" > env/CONCURRENCY echo '127.0.0.1:allow,RELAYCLIENT=""' > tcp echo ":allow" >> tcp make cat run | sed "/qmaild/s//root/" > run.new mv run.new run cat run | sed "/\/var\/qmail\/bin\/qmail-smtpd/s//\/var\/qmail\/bin\/qmail-smtpd {vpopmail}/" > run.new mv run.new run cat run | sed "/{vpopmail}/s//\/usr\/local\/vpopmail\/bin\/vchkpw {bintrue}/" > run.new mv run.new run cat run | sed "/{bintrue}/s//\/usr\/bin\/true/" > run.new mv run.new run chmod +x run echo '#\!/bin/sh' > /var/qmail/rc echo 'exec env - PATH="/var/qmail/bin:$PATH" \' >> /var/qmail/rc echo 'qmail-start ./Maildir/ /usr/local/bin/multilog t /var/log/qmail qmaill' >> /var/qmail/rc chmod 755 /var/qmail/rc /var/qmail/bin/qmail-delivery-conf qmaill /var/qmail/service/qmail mkdir /var/log/qmail chmod 750 /var/log/qmail chown qmaill /var/log/qmail |
Spamassassin
This is not an complete guide, and it is just an easy way to get you going. Put the following in: /usr/local/etc/mail/spamassassin/local.cf|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # |
cat << EOF > /usr/local/etc/mail/spamassassin/local.cf # How many hits before a message is considered spam. required_hits 5.0 # Whether to change the subject of suspected spam rewrite_subject 1 # Text to prepend to subject if rewrite_subject is used subject_tag *****SPAM***** # Encapsulate spam in an attachment report_safe 2 # Use terse version of the spam report use_terse_report 0 # Enable the Bayes system use_bayes 1 #bayes_path /usr/local/vpopmail/.spamassassin # Enable Bayes auto-learning auto_learn 1 # Enable or disable network checks skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 # How long to wait for each rbl_timeout 5 razor_timeout 5 pyzor_timeout 5 check_mx_attempts 1 # We dont want to check if DNS is available, we know it is dns_available yes # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. ok_languages all # Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales all EOF |
Binc-IMAP
This is binc-imap with basic functionality. I will not bother to get a self signed SSL cert going or other stuff like that. If you need such functionality you can read the binc-imap support/help files.|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # |
cat << EOF > /usr/local/etc/bincimap/bincimap.conf /* -*- mode:java -*- */ // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; either version 2 of the License, or // (at your option) any later version. // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, // USA. // Global configuration file for Binc IMAP. Some settings in this file // can be overrun with command line arguments. //---------------------------------------------------------------------------- Authentication { allow plain auth in non ssl = "yes", auth penalty = 4, disable starttls = "yes" } //---------------------------------------------------------------------------- Security { jail path = "/usr/local/vpopmail/domains", jail user = "vpopmail", jail group = "vchkpw" } //---------------------------------------------------------------------------- Log { type = "multilog", environment ip variable = "TCPREMOTEIP" } //---------------------------------------------------------------------------- Mailbox { depot = "IMAPdir", type = "Maildir", path = "IMAPdir", auto create inbox = "yes", auto subscribe mailboxes = "INBOX", umask = "077" } //---------------------------------------------------------------------------- Session { idle timeout = 1860, auth timeout = 60, transfer timeout = 1200, transfer buffer size = 1024 } //---------------------------------------------------------------------------- EOF chmod uog+r-wx /usr/local/etc/bincimap/bincimap.conf |
|
# # # # # # # # # # # # # # # # # # # # # # # |
cat << EOF > /usr/local/vpopmail/domains/imapdir.sh #!/bin/sh OLDPWD=\$PWD for i in \`find /usr/local/vpopmail/domains/ -type d -maxdepth 1 | grep -v '^.\$'\`; do cd \$i for e in \`find . -type d -maxdepth 1 | grep -v '^.\$'\`; do cd \$e mkdir IMAPdir chmod 700 IMAPdir chown vpopmail:vchkpw IMAPdir cd IMAPdir ln -s ../Maildir INBOX cd .. mkdir .spamassassin chmod 700 .spamassassin chown vpopmail:vchkpw .spamassassin cd .. done cd .. done cd \$OLDPWD EOF chmod +x /usr/local/vpopmail/domains/imapdir.sh |
|
# # # # # # # # # # # # # # # # # # # # # # |
mkdir /var/spamd-service cd /var/spamd-service echo "#\!/bin/sh" > run echo "exec 2>&1" >> run echo "exec /usr/local/bin/spamd -c -v -u vpopmail -s stderr" >> run chmod +x run mkdir log cd log cat << EOF > run #!/bin/sh exec setuidgid qmaill \ multilog \ t \ \${MAXFILESIZE+"s\$MAXFILESIZE"} \ \${MAXLOGFILES+"n\$MAXLOGFILES"} \ \${PROCESSOR+"!\$PROCESSOR"} \ ./main EOF mkdir main chown qmaill:qmail main chmod +s main chmod +x run |
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # |
mkdir /var/qmail/service/binc-imap cd /var/qmail/service/binc-imap/ cat << EOF > run #!/bin/sh exec 2>&1 \ envdir ./env \ sh -c ' case "\$REMOTENAME" in h) H=;; p) H=p;; *) H=H;; esac case "\$REMOTEINFO" in r) R=;; [0-9]*) R="t\$REMOTEINFO";; *) R=R;; esac exec \ softlimit \${DATALIMIT+"-d\$DATALIMIT"} \ /usr/local/bin/tcpserver \ -vD"\$H\$R" \ \${LOCALNAME+"-l\$LOCALNAME"} \ \${BACKLOG+"-b\$BACKLOG"} \ \${CONCURRENCY+"-c\$CONCURRENCY"} \ -xtcp.cdb \ -- "\${IP-0}" "\${PORT-143}" \ /usr/local/bin/bincimap-up --logtype=multilog \ --conf=/usr/local/etc/bincimap/bincimap.conf -- \ /usr/local/vpopmail/bin/vchkpw \ /usr/local/bin/bincimapd ' EOF chmod +x run mkdir env cd env touch BACKLOG CONCURRENCY DATALIMIT IP LOCALNAME MAILDIRNAME POPUPHOST REMOTEINFO REMOTENAME echo "200" > CONCURRENCY echo "500000" > DATALIMIT cd .. echo ":allow" > tcp /usr/local/bin/tcprules tcp.cdb tcp.tmp < tcp mkdir log cd log cat << EOF > run #!/bin/sh exec setuidgid qmaill \ multilog \ t \ \${MAXFILESIZE+"s\$MAXFILESIZE"} \ \${MAXLOGFILES+"n\$MAXLOGFILES"} \ \${PROCESSOR+"!\$PROCESSOR"} \ ./main EOF mkdir main chown qmaill:qmail main chmod +s main chmod +x run |
|
# # # # # # |
mkdir /var/service ln -s /var/qmail/service/pop3d /var/service/pop3d ln -s /var/qmail/service/smtpd /var/service/smtpd ln -s /var/qmail/service/qmail /var/service/qmail ln -s /var/spamd-service /var/service/spamd-service ln -s /var/qmail/service/binc-imap /var/service/binc-imap |
Configuring vpopmail
Now we need to add a domain and a user to the entire system. We do that using the vpopmail tools installed in /usr/local/vpopmail/bin. First we want to add a domain. I suggest adding your computer's hostname or any domain that is pointed at it. Note: sub-domains allowed.| # | /usr/local/vpopmail/bin/vadddomain domain.tld |
| # | /usr/local/vpopmail/bin/vadduser user1@domain.tld |
/usr/local/vpopmail/bin and doing an ls -al. To get more info on a command, just type the command name without any parameters and the output will then be displayed.|
# cd /usr/local/vpopmail/bin # ./vadduser vadduser: usage: [options] email_address [passwd] options: -v (print the version) -q quota_in_bytes (sets the users quota) -s (don't rebuild the vpasswd.cdb file, faster for large sites) -c comment (sets the gecos comment field) -e standard_encrypted_password -n no_password -r generate a random password |
Using qmailAdmin
Using qmailAdmin is simple and straight forward. In any normal browser goto http://yourserversname.com/cgi-bin/qmailadmin/qmailadmin and login as postmaster, fill in the domain you want to login for and type in the password you set. From here you can add users, edit mailing lists and a lot of other things.daemontools
Now lets start the entire thing. We can, for easy access, just use the same script that will startup qmail and daemontools on a restart:| # | /usr/local/etc/rc.d/svscan.sh start |
|
# # |
/usr/local/etc/rc.d/svscan.sh stop /usr/local/etc/rc.d/svscan.sh start |
| # | svc -t /var/service/spamd-service |
| # | svc -dx /var/service/spamd-service |
| # | svstat /var/service/* |
| # | svstat /var/service/spamd-service |
This guide is © 2003 - 2008 Jan-Willem Regeer.
Author: Jan-Willem Regeer
bsdguides at x-istence dot com