General Information
Hosting your own e-mail is a handy thing. This guide will show you how to set up a secure mail server using qmail, vpopmail, qmailAdmin for user management, and smtp-auth so only valid users can send mail.
Requirements
This presumes that you are building this on an 'empty' box - no previous openbsd install, etc.
- An OpenBSD box. - Install OpenBSD 3.4 Release without X (make sure that you give /home and /var/www thier own partitions)
- A valid domain to use.
- Local root access on the box or be able to su to root.
- A SSH client such as puTTy or SecureCRT (if you are setting it up remotely).
Preparation
Section A -- update the source tree
#
# |
cd /usr/src
cvs -d anoncvs@anoncvs.ca.openbsd.org:/cvs -q up -rOPENBSD_3_4 -Pd |
or you can use cvsup:
#
# |
set PKGSITE ftp.openbsd.org/pub/openbsd/3.4/packages/i386
pkg_add -v $PKGSITE/cvsup-16.1g-no_x11.tgz |
Section B -- rebuild the default kernel from stable
#
#
#
# |
cd /usr/src/sys/arch/i386/conf
/usr/sbin/config GENERIC
cd /usr/src/sys/arch/i386/compile/GENERIC
make clean && make depend && make |
To reboot with the newly compiled kernel:
#
#
#
# |
cd /usr/src/sys/arch/i386/compile/GENERIC
cp /bsd /bsd.old
cp bsd /bsd
reboot |
Section C -- Rebuilding the binaries
#
#
# |
cd /usr/src
rm -r /usr/obj/*
make obj && make build |
Section D -- Install/Run MergeMaster
Yes, make this from ports, there are dependencies you'll need later for other things.
#
#
#
# |
cd /usr/ports/sysutils/mergemaster
make install clean
cd /
mergemaster |
Make sure that you don't mangle your password db. If you do, you have 2 choices: 1. Boot single user mode and change the root password or 2. Restart from step 0.
Section E -- Make new devices
#
#
# |
cd /dev
cp /usr/src/etc/etc.'machine'/MAKEDEV ./
./MAKEDEV all |
Section F -- Fixup the file heirarchy
#
#
#
# |
cd/usr/src/etc/mtree
install -c -o root -g wheel -m 600 special /etc/mtree
install -c -o root -g wheel -m 444 4.4BSD.dist /etc/mtree
mtree -qdef /etc/mtree/4.4BSD.dist -p / -u |
Section G -- Clean up the cruft from the source tree
#
#
#
#
# |
cd /usr/src
find . -type l -name obj | xargs rm
make -k cleandir
rm -rf /usr/obj/*
make obj |
Section H -- Add new users and groups and setup for the next boot
It's time to create the working users and groups
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
# |
groupadd -g 200 nofiles
useradd -g nofiles -u 201 -d /var/qmail qmaild
useradd -g nofiles -u 202 -d /var/qmail qmaill
useradd -g nofiles -u 203 -d /var/qmail qmailp
useradd -g nofiles -u 204 -d /var/qmail/alias alias
groupadd -g 205 qmail
useradd -g qmail -u 206 -d /var/qmail qmailq
useradd -g qmail -u 207 -d /var/qmail qmailr
useradd -g qmail -u 208 -d /var/qmail qmails
mkdir /home/vpopmail
groupadd -g 210 vchkpw
useradd -g vchkpw -u 211 -d /home/vpopmail -s /sbin/nologin vpopmail
mkdir -p /var/log/qmail
cd /var/log/qmail
mkdir qmail-send qmail-smtpd qmail-pop3d
chown -R qmaill:qmail /var/log/qmail
chmod -R 750 /var/log/qmail
mkdir -p /var/qmail/supervise
cd /var/qmail/supervise
mkdir -p qmail-smtpd/log qmail-send/log qmail-pop3d/log
chmod +t qmail-smtpd qmail-send qmail-pop3d |
The pflogd(8) daemon now runs in privilege separated mode, and requires a new user and group _pflogd. Add the group by running
as root, and add the user entry using vipw(8):
# vipw
_pflogd:*:74:74::0:0:pflogd privsep:/var/empty:/sbin/nologin
|
If you plan on running without SSL, run:
#
# |
echo "sendmail_flags=NO" >> /etc/rc.conf.local
echo "httpd_flags=\"-u\"" >> /etc/rc.conf.local |
If you plan on running an SSL-enabled website, run:
#
# |
echo "sendmail_flags=NO" >> /etc/rc.conf.local
echo "httpd_flags=\"-u -DSSL\"" >> /etc/rc.conf.local |
Section I -- Reboot the machine
or
Whichever suits your needs (I've seen machines that refuse to reboot without issueing halt first)
Section J -- Change some partition permissions
Open your
/etc/fstab to make sure of the permissions on /home, /var, and /var/www directories
# vi /etc/fstab
/dev/wd0e /home ffs rw,nodev 1 2
/dev/wd1e /var ffs rw,nodev 1 2
/dev/wd1f /var/www ffs rw,nodev 1 2
|
Make sure that you REMOVE the setuid bit on these partitions
Section K -- Setup your code repository and get the source
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
# |
mkdir -p /usr/local/src
cd /usr/local/src
wget http://cr.yp.to/software/qmail-1.03.tar.gz
wget http://www.ckdhr.com/ckd/qmail-103.patch
wget http://www.qmail.org/qmailqueue-patch
wget http://www.jms1.net/qmail/auth-jms1.4a.patch
wget http://www.jms1.net/qmail/base64.c
wget http://www.jms1.net/qmail/base64.h
wget http://moni.csi.hu/pub/glibc-2.3.1/qmail-1.03.errno.patch
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
wget http://www.untroubled.org/bglibs/bglibs-1.011.tar.gz
wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
wget http://cr.yp.to/software/qmailanalog-0.70.tar.gz
wget http://linux.dalouis.com/download/source/ezmlm-0.53-idx-0.41.tar.gz
wget http://www.untroubled.org/qmail-autoresponder/qmail-autoresponder-0.96.1.tar.gz
wget http://www.untroubled.org/bglibs/bglibs-1.011.tar.gz
wget http://www.inter7.com/vpopmail/vpopmail-5.2.2.tar.gz
wget http://www.inter7.com/vqadmin/vqadmin-2.3.2.tar.gz
wget http://umn.dl.sourceforge.net/sourceforge/courier/courier-imap-2.2.1.tar.bz2
wget http://umn.dl.sourceforge.net/sourceforge/courier/maildrop-1.6.3.tar.bz2
wget http://www.inter7.com/qmailadmin/qmailadmin-1.0.6.tar.gz
wget http://umn.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.2.tar.gz
wget http://activeintra.net/openbsd/ports/security/clamav.tgz
wget http://www.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz
wget http://twtelecom.dl.sourceforge.net/sourceforge/qmail-scanner/qmail-scanner-1.20.tgz
wget http://twtelecom.dl.sourceforge.net/sourceforge/tnef/tnef-1.2.3.1.tar.gz |
Installation
Section A -- Install wget, bzip2, zip, and php4
#
#
#
#
#
#
#
#
# |
cd /usr/ports/net/wget
make install clean
cd /usr/ports/archivers/bzip2
make install clean
cd /usr/ports/archivers/zip
make install clean
cd /usr/ports/www/php4
cd core
env SUBPACKAGE='-pear' make install |
These next two entries are optional:
#
# |
cd ../extensions
env FLAVOR="no_x11" make install |
Take a break, this takes *forever*!
Section B -- Start with qmail
#
#
#
#
#
#
#
#
#
#
#
#
# |
cd /usr/local/src
tar zxf qmail-1.03.tar.gz
cd qmail-1.03
patch < ../qmail-103.patch
patch < ../qmailqueue-patch
cp ../base64* ./
patch < ../auth-jms1.4a.patch
patch < ../qmail-1.03.errno.patch
vi conf-split (change to 200)
vi conf-spawn (change to 255)
make man
make setup check
./config-fast your-fqdn-hostname (ex: mail.example.org) |
Section C -- ucspi-tcp
#
#
#
#
# |
cd /usr/local/src
tar zxf ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
make
make setup check |
Section D -- daemontools
#
#
#
#
#
#
# |
cd /usr/local/src
mkdir -p /package
chmod 1755 /package
cd /package
tar zxf /usr/local/src/daemontools-0.76.tar.gz
cd admin/daemontools-0.76
package/install |
You'll be prompted to reboot. It's a real good idea.
Section E -- QmailAnalog
#
#
#
#
# |
cd /usr/local/src
tar zxf qmailanalog-0.70.tar.gz
cd qmailanalog-0.70
make
make setup check |
Now we need to edit some configuration settings:
# vi /var/qmail/qmailstats
#!/bin/sh
# Qmailanalog invocation script
PATH=/usr/local/qmailanalog/bin:/var/qmail/bin:/bin:/usr/bin
QMAILSTATS="/tmp/q.$$"
umask 077
cat /var/log/qmail/qmail-send/* /var/log/qmail/qmail-pop3d/* \
/var/log/qmail/qmail-smtpd/* | matchup > $QMAILSTATS 5>/dev/null
DATE=`date +'%D'`
(echo "To: server_admin@mydomain.com"
echo "From: postmaster@mydomain.com"
echo "Subject: Nightly Qmail Stats Report for $DATE"
echo ""
zoverall < $QMAILSTATS
zfailures < $QMAILSTATS
zdeferrals < $QMAILSTATS) | qmail-inject
rm -f $QMAILSTATS
|
Change mydomain.com to your domain.name
# crontab -e
01 0 * * * /var/qmail/qmailstats
|
Section F -- ezmlm
#
#
#
#
# |
cd /usr/local/src
tar zxf ezmlm-0.53-idx-0.41.tar.gz
cd ezmlm-0.53-idx-0.41
make
make setup |
Section G -- bglibs
#
#
#
#
# |
cd /usr/local/src
tar zxf bglibs-1.011.tar.gz
cd bglibs-1.011
make
./installer |
Section H -- Qmail-AutoResponder
#
#
#
#
#
# |
cd /usr/local/src
tar zxf qmail-autoresponder-0.96.1.tar.gz
cd qmail-autoresponder-0.96.1
make qmail-autoresponder (do not do just make, it will fail!!)
cp ./qmail-autoresponder /usr/local/bin
chmod 755 /usr/local/bin/qmail-autoresponder |
Section I -- Vpopmail
#
#
#
#
#
# |
cd /usr/local/src
tar zxf vpopmail/vpopmail-5.2.2.tar.gz
cd vpopmail-5.2.2
./configure --enable-logging=p
make
make install strip |
Section J -- Vqadmin
This is a nice cgi program for virtual domains in vpopmail.
#
#
#
#
#
# |
cd /usr/local/src
tar zxf vqadmin-2.3.2.tar.gz
cd vqadmin-2.3.2
./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/htdocs
make
make install-strip |
Now we need to configure apache to work with vqadmin. Add the following:
# vi /var/www/conf/httpd.conf
<Directory "/var/www/cgi-bin/vqadmin">
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow
</Directory>
|
Time to set up the admin username and password:
# cd /var/www/cgi-bin/vqadmin
# vi .htaccess
AuthUserFile /usr/local/blahblahblah/conf/vqadmin.passwd
|
#
#
#
# |
chown .htaccess
chmod 644 .htaccess
htpasswd -bc /path/to/where/the/password/file/is/passwordfile admin
chmod 644 /path/to/where/the/password/file/is/passwordfile |
Now open a browser (anything execpt lynx) and go to: http://your.server.name.here/cgi-bin/vqadmin/vqadmin.cgi and you will be prompted for a username and password which you just created above. Now create your domain. vqadmin will create the postmaster@ mailbox for you.
Section K -- MailDrop
#
#
#
#
#
#
#
#
# |
cd /usr/local/src
bzip2 -d maildrop-1.6.3.tar.bz2
tar xf maildrop-1.6.3.tar
cd maildrop-1.6.3
./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root \
--enable-maildrop-gid=vchkpw --enable-maildir-quota
make
make install-strip
make install-man |
Section L -- QmailAdmin
#
#
#
#
#
#
# |
cd /usr/local/src
tar zxf qmailadmin-1.0.6.tar.gz
cd qmailadmin-1.06
./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/htdocs \
--enable-autoresponder-bin=/usr/local/bin/qmail-autoresponder
make
make install-strip |
Configuration
Section A -- Replace sendmail binaries
Now we need to configure qmail to work with daemontools. We will use qmail-conf for this. The last line is to remove the auto start script the ports install added. Not needed if we are gonna use daemontools.
#
#
#
#
#
#
#
#
# |
cd /usr/sbin
mv sendmail sendmail.dist
chmod 0 sendmail.dist
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
cd /usr/libexec/sendmail
mv sendmail sendmail.dist
chmod 0 sendmail.dist
ln -s /var/qmail/bin/sendmail /usr/libexec/sendmail/sendmail
crontab -e |
Comment out the following line about the sendmail clientmqueue runner:
*/30 * * * * /usr/sbin/sendmail -L sm-msp-queue -Ac -q
|
Don't worry about any system generated mail because it will still get to you via qmail's version of sendmail.
Section B -- Finalize Qmail
In ALL of the following scripts, you need to change
yourdomain.com to your valid domain name for these to work!
# vi qmail-pop3d/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec tcpserver -H -R -v -c100 0 110 qmail-popup yourdomain.com
/usr/home/vpopmail/bin/vchkpw qmail-pop3d Maildir 2>&1
|
# vi qmail-pop3d/log/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-pop3d 2>&1
|
# vi qmail-smtpd/run
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 2000000
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD"
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp
/var/qmail/bin/qmail-smtpd your_domain.com
/usr/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
|
# vi qmail-smtpd/log/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-smtpd 2>&1
|
# vi qmail-send/run
#!/bin/sh
exec /var/qmail/rc
|
# vi qmail-send/log/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-send 2>&1
|
# vi /var/qmail/rc
#!/bin/sh
exec env - PATH="/var/qmail/bin:$PATH"
qmail-start "`cat /var/qmail/control/defaultdelivery`"
|
# vi /var/qmail/bin/qmailctl
#!/bin/sh
PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
case "$1" in
start)
echo "Starting qmail..."
echo ""
if svok /service/qmail-send ; then
svc -u /service/qmail-send /service/qmail-send/log
echo "Starting qmail-send"
else
echo "qmail-send supervise not running"
fi
if svok /service/qmail-smtpd ; then
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
echo "Starting qmail-smtpd"
else
echo "qmail-smtpd supervise not running"
fi
if svok /service/qmail-pop3d ; then
svc -u /service/qmail-pop3d /service/qmail-pop3d/log
echo "Starting qmail-pop3d"
else
echo "qmail-pop3d supervise not running"
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo "Stopping qmail..."
echo ""
echo " qmail-smtpd"
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo " qmail-send"
svc -d /service/qmail-send /service/qmail-send/log
echo " qmail-pop3d"
svc -d /service/qmail-pop3d /service/qmail-pop3d/log
if [ -f /var/lock/subsys/qmail ]; then
rm /var/lock/subsys/qmail
fi
;;
stat)
svstat /service/qmail-send
svstat /service/qmail-send/log
svstat /service/qmail-smtpd
svstat /service/qmail-smtpd/log
svstat /service/qmail-pop3d
svstat /service/qmail-pop3d/log
qmail-qstat
;;
doqueue|alrm|flush)
echo "Flushing timeout table and sending ALRM signal to qmail-send."
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /service/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /service/qmail-send
echo "Pausing qmail-smtpd"
svc -p /service/qmail-smtpd
echo "Pausing qmail-pop3d"
svc -p /service/qmail-smtpd
;;
cont)
echo "Continuing qmail-send"
svc -c /service/qmail-send
echo "Continuing qmail-smtpd"
svc -c /service/qmail-smtpd
echo "Continuing qmail-pop3d"
svc -c /service/qmail-pop3d
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /service/qmail-send /service/qmail-send/log
echo "* Sending qmail-pop3d SIGTERM and restarting."
svc -t /service/qmail-pop3d /service/qmail-pop3d/log
echo "* Restarting qmail-smtpd."
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat <<HELP
stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|hup|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac
exit 0
|
Now that the necessary startup files are created, we need to make sure the right permissions are set:
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
# |
chmod 755 /var/qmail/rc
chmod 755 /var/qmail/rc /var/qmail/bin/qmailctl
chmod 751 /var/qmail/supervise/qmail-pop3d/run
chmod 751 /var/qmail/supervise/qmail-pop3d/log/run
chmod 751 /var/qmail/supervise/qmail-smtpd/run
chmod 751 /var/qmail/supervise/qmail-smtpd/log/run
chmod 751 /var/qmail/supervise/qmail-send/run
chmod 751 /var/qmail/supervise/qmail-send/log/run
echo ./Maildir > /var/qmail/control/defaultdelivery
echo 255 > /var/qmail/control/concurrencyremote
chmod 644 /var/qmail/control/concurrencyremote
echo 30 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming
ln -s /var/qmail/bin/qmailctl /usr/bin
ln -s /var/qmail/supervise/qmail-send /service
ln -s /var/qmail/supervise/qmail-smtpd /service
ln -s /var/qmail/supervise/qmail-pop3d /service
qmailctl stop
echo '127.:allow,RELAYCLIENT=""' > /etc/tcp.smtp
qmailctl cdb
echo 'postmaster@yourdomain.org' > /var/qmail/alias/.qmail-root
echo 'postmaster@yourdomain.org' > /var/qmail/alias/.qmail-postmaster
echo 'postmaster@yourdomain.org' > /var/qmail/alias/.qmail-mailer-daemon
echo 'postmaster@yourdomain.org' > /var/qmail/alias/.qmail-anonymous
qmailctl stop
qmailctl start |
Section C -- Install Courier-IMAP & IMAP-SSL
#
#
#
#
#
#
#
#
#
#
# |
cd /usr/local/src
bzip -d courier-imap-2.2.1.tar.bz2
tar xf courier-imap-2.2.1.tar
cd courier-imap-2.2.1
./configure --with-authvchkpw --without-authldap --disable-root-check
make
make install-strip
cd /usr/lib/courier-imap/etc
cp imapd.dist imapd
cp imapd-ssl.dist imapd-ssl
cp authdaemonrc.dist authdaemonrc |
Make sure you see
IMAPDSSLSTART=YES in imapd-ssl. Then run:
#
#
# |
/usr/lib/courier-imap/libexec/imapd.rc start
/usr/lib/courier-imap/sbin/mkimapdcert
/usr/lib/courier-imap/libexec/imapd-ssl.rc start |
Section D -- Install and Configure Squirrelmail
Squirrelmail was NOT my first choice here. Yes, it's pretty, and easy to setup, and feature-replete, but it's just too 'candy' like for my taste really. If anyone has knowledge of how to get Horde and Imp working with this kind of setup, drop me a note, would you? Thanks!
#
#
#
#
#
#
#
# |
cd /var/www/htdocs
tar zxf /usr/local/src/squirrelmail-1.4.2.tar.gz
mv squirrelmail-1.4.2 webmail
cd webmail
mkdir /var/sqattach
chown -R www:www /var/sqattach
cd config
./conf.pl |
Now we need to configure the server settings of Squirrelmail.
General:
- Domain : your.domain.name
- Invert Time : false
- Sendmail or SMTP : SMTP
IMAP Settings
- IMAP Server : localhost
- IMAP Port : 143
- Authentication type : login
- Secure IMAP (TLS) : false
- Server software : other
- Delimiter : detect
SMTP Settings
- SMTP Server : localhost
- SMTP Port : 25
- POP before SMTP : false
- SMTP Authentication : login
- Secure SMTP (TLS) : false
General Settings
- Attachment Directory : /var/sqattach
Go test it. use the url http://www.yourdomain.here/webmail and login
login: postmaster@your.domainname
password: the password you chose when you created the domain
Section E -- ClamAV
#
#
#
#
#
#
#
# |
cd /usr/ports/security
tar zxf /usr/local/src/clamav.tgz
cd clamav
make install clean
cp /usr/local/share/examples/clamav/clamav.conf /etc/clamav.conf
vi /etc/clamav.conf - edit to your liking
mv /usr/local/bin/clamdscan /usr/local/bin/clamdscan.dist
cp /usr/local/bin/clamscan /usr/local/bin/clamdscan |
Create a crontab to keep the virus definitions up-to-date:
# crontab -e
0 8 * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log --daemon-notify
|
Section F -- SpamAssassin
In order for SA to work correctly, you need the following perl modules installed:
- Time::HiRes
- Net::DNS
- Digest::SHA1
- Digest::HMAC
- HTML::Parser
#
#
#
#
#
#
#
#
#
#
#
#
# |
cd /usr/local/src
tar zxf Mail-SpamAssassin-2.63.tar.gz
cd Mail-SpamAssassin-2.6.3
perl Makefile.pl
make
make install
cd /var/qmail
mkdir .spamassassin
cd .spamassassin
echo 'required_hits 5.0' > user_prefs
chown -R qmailq:qmail /var/qmail/.spamassassin
lynx /usr/ports/mail/p5-Mail-SpamAssassin/file/p5-Mail-SpamAssassin-mini-howto.html
vi /etc/mail/spamassassin/local.cf and edit to taste |
Section G -- TNEF
#
#
#
#
#
#
# |
cd /usr/local/src
tar zxvf tnef-1.2.3.1.tar.gz
cd tnef-1.2.3.1
./configure
make
make check
make install |
Section H -- Qmail-Scanner
#
#
#
#
#
# |
cd /usr/local/src
tar zxf qmail-scanner-1.20.tgz
cd qmail-scanner-1.2.0
./configure --admin postmaster --domain your.domain.here --notify admin \
--local-domains your.domain.here --install
setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -g |
You should see a line like 'perlscanner:total of 9 entries.'
The following line should be placed directly under
#!/bin/sh
# vi /var/qmail/supervise/qmail-smtpd/run
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
|
You also need to modify the 'softlimit' line to read 10000000.
We need to have qmail-scanner run a few tests and you will be emailed with the results.
#
# |
cd /usr/local/src/qmail-scanner-1.20/contrib
./test_intallation.sh -doit |
Section I -- Configure /etc/rc.local to start all the newly installed services
Remove the following line from rc.local
csh -cf '/command/svscanboot &'
|
Now add the following lines to rc.local for all services to start upon system boot:
### DaemonTools for starting Qmail
if [ -x /command/svscanboot ]; then
echo ' Qmail SMTP POP3';csh -cf '/command/svscanboot &' >/dev/null 2>&1
fi
### courier-imap
echo ' Courier-IMAP';
/usr/lib/courier-imap/libexec/imapd.rc start
### courier-imap ssl
echo ' Courier-IMAP SSL';
/usr/lib/courier-imap/libexec/imapd-ssl.rc start
### spamassassin
if [ -x /usr/bin/spamd ]; then
echo ' SpamAsassin';
/usr/bin/spamd -u _spamdaemon -d
fi
|
Congratulations, you now have a complete OpenBSD mail server. Just reboot and you are done.
Watch the console when you reboot, you should see the following lines appear shortly before the login prompt:
Qmail SMTP POP3
Courier-IMAP
Courier-IMAP SSL
SpamAssassin
Author: dotc0m
dotc0m at twcny dot rr dot com
Hi!! I justa want to know it this configuration will work on any version of OpenBSD?
Thanks.
