BSD Guides :: Doing Stuff With FreeBSD, NetBSD, OpenBSD, & Mac OS X

General Information

Hosting your own e-mail is a handy thing. This guide will show you how to set up a secure mail server using qmail, vpopmail, qmailAdmin for user management, and smtp-auth so only valid users can send mail.

Requirements

This presumes that you are building this on an 'empty' box - no previous openbsd install, etc.

An OpenBSD box. - Install OpenBSD 3.4 Release without X (make sure that you give /home and /var/www thier own partitions)
A valid domain to use.
Local root access on the box or be able to su to root.
A SSH client such as puTTy or SecureCRT (if you are setting it up remotely).

Preparation

Section A -- update the source tree

# #	cd /usr/src cvs -d anoncvs@anoncvs.ca.openbsd.org:/cvs -q up -rOPENBSD_3_4 -Pd

or you can use cvsup:

# #	set PKGSITE ftp.openbsd.org/pub/openbsd/3.4/packages/i386 pkg_add -v $PKGSITE/cvsup-16.1g-no_x11.tgz

Section B -- rebuild the default kernel from stable

#
#
#
#

cd /usr/src/sys/arch/i386/conf
/usr/sbin/config GENERIC
cd /usr/src/sys/arch/i386/compile/GENERIC
make clean && make depend && make

To reboot with the newly compiled kernel:

#
#
#
#

cd /usr/src/sys/arch/i386/compile/GENERIC
cp /bsd /bsd.old
cp bsd /bsd
reboot

Section C -- Rebuilding the binaries

#
#
#

cd /usr/src
rm -r /usr/obj/*
make obj && make build

Section D -- Install/Run MergeMaster

Yes, make this from ports, there are dependencies you'll need later for other things.

#
#
#
#

cd /usr/ports/sysutils/mergemaster
make install clean
cd /
mergemaster

Make sure that you don't mangle your password db. If you do, you have 2 choices: 1. Boot single user mode and change the root password or 2. Restart from step 0.

Section E -- Make new devices

#
#
#

cd /dev
cp /usr/src/etc/etc.'machine'/MAKEDEV ./
./MAKEDEV all

Section F -- Fixup the file heirarchy

#
#
#
#

cd/usr/src/etc/mtree
install -c -o root -g wheel -m 600 special /etc/mtree
install -c -o root -g wheel -m 444 4.4BSD.dist /etc/mtree
mtree -qdef /etc/mtree/4.4BSD.dist -p / -u

Section G -- Clean up the cruft from the source tree

#
#
#
#
#

cd /usr/src
find . -type l -name obj | xargs rm
make -k cleandir
rm -rf /usr/obj/*
make obj

Section H -- Add new users and groups and setup for the next boot

It's time to create the working users and groups

#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#

groupadd -g 200 nofiles
useradd -g nofiles -u 201 -d /var/qmail qmaild
useradd -g nofiles -u 202 -d /var/qmail qmaill
useradd -g nofiles -u 203 -d /var/qmail qmailp
useradd -g nofiles -u 204 -d /var/qmail/alias alias
groupadd -g 205 qmail
useradd -g qmail -u 206 -d /var/qmail qmailq
useradd -g qmail -u 207 -d /var/qmail qmailr
useradd -g qmail -u 208 -d /var/qmail qmails
mkdir /home/vpopmail
groupadd -g 210 vchkpw
useradd -g vchkpw -u 211 -d /home/vpopmail -s /sbin/nologin vpopmail
mkdir -p /var/log/qmail
cd /var/log/qmail
mkdir qmail-send qmail-smtpd qmail-pop3d
chown -R qmaill:qmail /var/log/qmail
chmod -R 750 /var/log/qmail
mkdir -p /var/qmail/supervise
cd /var/qmail/supervise
mkdir -p qmail-smtpd/log qmail-send/log qmail-pop3d/log
chmod +t qmail-smtpd qmail-send qmail-pop3d

The pflogd(8) daemon now runs in privilege separated mode, and requires a new user and group _pflogd. Add the group by running

#	groupadd -g 74 _pflogd

as root, and add the user entry using vipw(8):

# vipw
_pflogd:*:74:74::0:0:pflogd privsep:/var/empty:/sbin/nologin

If you plan on running without SSL, run:

# #	echo "sendmail_flags=NO" >> /etc/rc.conf.local echo "httpd_flags=\"-u\"" >> /etc/rc.conf.local

If you plan on running an SSL-enabled website, run:

# #	echo "sendmail_flags=NO" >> /etc/rc.conf.local echo "httpd_flags=\"-u -DSSL\"" >> /etc/rc.conf.local

Section I -- Reboot the machine

halt

reboot

Whichever suits your needs (I've seen machines that refuse to reboot without issueing halt first)

Section J -- Change some partition permissions

Open your /etc/fstab to make sure of the permissions on /home, /var, and /var/www directories

# vi /etc/fstab
/dev/wd0e /home ffs rw,nodev 1 2
/dev/wd1e /var ffs rw,nodev 1 2
/dev/wd1f /var/www ffs rw,nodev 1 2

Make sure that you REMOVE the setuid bit on these partitions

Section K -- Setup your code repository and get the source

#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#

mkdir -p /usr/local/src
cd /usr/local/src
wget http://cr.yp.to/software/qmail-1.03.tar.gz
wget http://www.ckdhr.com/ckd/qmail-103.patch
wget http://www.qmail.org/qmailqueue-patch
wget http://www.jms1.net/qmail/auth-jms1.4a.patch
wget http://www.jms1.net/qmail/base64.c
wget http://www.jms1.net/qmail/base64.h
wget http://moni.csi.hu/pub/glibc-2.3.1/qmail-1.03.errno.patch
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
wget http://www.untroubled.org/bglibs/bglibs-1.011.tar.gz
wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
wget http://cr.yp.to/software/qmailanalog-0.70.tar.gz
wget http://linux.dalouis.com/download/source/ezmlm-0.53-idx-0.41.tar.gz
wget http://www.untroubled.org/qmail-autoresponder/qmail-autoresponder-0.96.1.tar.gz
wget http://www.untroubled.org/bglibs/bglibs-1.011.tar.gz
wget http://www.inter7.com/vpopmail/vpopmail-5.2.2.tar.gz
wget http://www.inter7.com/vqadmin/vqadmin-2.3.2.tar.gz
wget http://umn.dl.sourceforge.net/sourceforge/courier/courier-imap-2.2.1.tar.bz2
wget http://umn.dl.sourceforge.net/sourceforge/courier/maildrop-1.6.3.tar.bz2
wget http://www.inter7.com/qmailadmin/qmailadmin-1.0.6.tar.gz
wget http://umn.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.2.tar.gz
wget http://activeintra.net/openbsd/ports/security/clamav.tgz
wget http://www.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz
wget http://twtelecom.dl.sourceforge.net/sourceforge/qmail-scanner/qmail-scanner-1.20.tgz
wget http://twtelecom.dl.sourceforge.net/sourceforge/tnef/tnef-1.2.3.1.tar.gz

Installation

Section A -- Install wget, bzip2, zip, and php4

#
#
#
#
#
#
#
#
#

cd /usr/ports/net/wget
make install clean
cd /usr/ports/archivers/bzip2
make install clean
cd /usr/ports/archivers/zip
make install clean
cd /usr/ports/www/php4
cd core
env SUBPACKAGE='-pear' make install

These next two entries are optional:

# #	cd ../extensions env FLAVOR="no_x11" make install

Take a break, this takes *forever*!

Section B -- Start with qmail

#
#
#
#
#
#
#
#
#
#
#
#
#

cd /usr/local/src
tar zxf qmail-1.03.tar.gz
cd qmail-1.03
patch < ../qmail-103.patch
patch < ../qmailqueue-patch
cp ../base64* ./
patch < ../auth-jms1.4a.patch
patch < ../qmail-1.03.errno.patch
vi conf-split (change to 200)
vi conf-spawn (change to 255)
make man
make setup check
./config-fast your-fqdn-hostname (ex: mail.example.org)

Section C -- ucspi-tcp

#
#
#
#
#

cd /usr/local/src
tar zxf ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
make
make setup check

Section D -- daemontools

#
#
#
#
#
#
#

cd /usr/local/src
mkdir -p /package
chmod 1755 /package
cd /package
tar zxf /usr/local/src/daemontools-0.76.tar.gz
cd admin/daemontools-0.76
package/install

You'll be prompted to reboot. It's a real good idea.

Section E -- QmailAnalog

#
#
#
#
#

cd /usr/local/src
tar zxf qmailanalog-0.70.tar.gz
cd qmailanalog-0.70
make
make setup check

Now we need to edit some configuration settings:

# vi /var/qmail/qmailstats

#!/bin/sh
# Qmailanalog invocation script
PATH=/usr/local/qmailanalog/bin:/var/qmail/bin:/bin:/usr/bin
QMAILSTATS="/tmp/q.$$"
umask 077
cat /var/log/qmail/qmail-send/* /var/log/qmail/qmail-pop3d/* \
/var/log/qmail/qmail-smtpd/* | matchup > $QMAILSTATS 5>/dev/null

DATE=`date +'%D'`

(echo "To: server_admin@mydomain.com"
echo "From: postmaster@mydomain.com"
echo "Subject: Nightly Qmail Stats Report for $DATE"
echo ""
zoverall < $QMAILSTATS
zfailures < $QMAILSTATS
zdeferrals < $QMAILSTATS) | qmail-inject

rm -f $QMAILSTATS

Change mydomain.com to your domain.name

# crontab -e

01 0 * * * /var/qmail/qmailstats

Section F -- ezmlm

#
#
#
#
#

cd /usr/local/src
tar zxf ezmlm-0.53-idx-0.41.tar.gz
cd ezmlm-0.53-idx-0.41
make
make setup

Section G -- bglibs

#
#
#
#
#

cd /usr/local/src
tar zxf bglibs-1.011.tar.gz
cd bglibs-1.011
make
./installer

Section H -- Qmail-AutoResponder

#
#
#
#
#
#

cd /usr/local/src
tar zxf qmail-autoresponder-0.96.1.tar.gz
cd qmail-autoresponder-0.96.1
make qmail-autoresponder (do not do just make, it will fail!!)
cp ./qmail-autoresponder /usr/local/bin
chmod 755 /usr/local/bin/qmail-autoresponder

Section I -- Vpopmail

#
#
#
#
#
#

cd /usr/local/src
tar zxf vpopmail/vpopmail-5.2.2.tar.gz
cd vpopmail-5.2.2
./configure --enable-logging=p
make
make install strip

Section J -- Vqadmin

This is a nice cgi program for virtual domains in vpopmail.

#
#
#
#
#
#

cd /usr/local/src
tar zxf vqadmin-2.3.2.tar.gz
cd vqadmin-2.3.2
./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/htdocs
make
make install-strip

Now we need to configure apache to work with vqadmin. Add the following:

# vi /var/www/conf/httpd.conf

<Directory "/var/www/cgi-bin/vqadmin">
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow
</Directory>

Time to set up the admin username and password:

# cd /var/www/cgi-bin/vqadmin
# vi .htaccess

AuthUserFile /usr/local/blahblahblah/conf/vqadmin.passwd

#
#
#
#

chown .htaccess
chmod 644 .htaccess
htpasswd -bc /path/to/where/the/password/file/is/passwordfile admin
chmod 644 /path/to/where/the/password/file/is/passwordfile

Now open a browser (anything execpt lynx) and go to: http://your.server.name.here/cgi-bin/vqadmin/vqadmin.cgi and you will be prompted for a username and password which you just created above. Now create your domain. vqadmin will create the postmaster@ mailbox for you.

Section K -- MailDrop

#
#
#
#
#
#
#
#
#

cd /usr/local/src
bzip2 -d maildrop-1.6.3.tar.bz2
tar xf maildrop-1.6.3.tar
cd maildrop-1.6.3
./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root \
--enable-maildrop-gid=vchkpw --enable-maildir-quota
make
make install-strip
make install-man

Section L -- QmailAdmin

#
#
#
#
#
#
#

cd /usr/local/src
tar zxf qmailadmin-1.0.6.tar.gz
cd qmailadmin-1.06
./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/htdocs \
--enable-autoresponder-bin=/usr/local/bin/qmail-autoresponder
make
make install-strip

Configuration

Section A -- Replace sendmail binaries

Now we need to configure qmail to work with daemontools. We will use qmail-conf for this. The last line is to remove the auto start script the ports install added. Not needed if we are gonna use daemontools.

#
#
#
#
#
#
#
#
#

cd /usr/sbin
mv sendmail sendmail.dist
chmod 0 sendmail.dist
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
cd /usr/libexec/sendmail
mv sendmail sendmail.dist
chmod 0 sendmail.dist
ln -s /var/qmail/bin/sendmail /usr/libexec/sendmail/sendmail
crontab -e

Comment out the following line about the sendmail clientmqueue runner:

*/30 * * * * /usr/sbin/sendmail -L sm-msp-queue -Ac -q

Don't worry about any system generated mail because it will still get to you via qmail's version of sendmail.

Section B -- Finalize Qmail

In ALL of the following scripts, you need to change yourdomain.com to your valid domain name for these to work!

# vi qmail-pop3d/run

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec tcpserver -H -R -v -c100 0 110 qmail-popup yourdomain.com
/usr/home/vpopmail/bin/vchkpw qmail-pop3d Maildir 2>&1

# vi qmail-pop3d/log/run

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-pop3d 2>&1

# vi qmail-smtpd/run

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 2000000
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD"
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp
/var/qmail/bin/qmail-smtpd your_domain.com
/usr/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

# vi qmail-smtpd/log/run

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-smtpd 2>&1

# vi qmail-send/run

#!/bin/sh
exec /var/qmail/rc

# vi qmail-send/log/run

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-send 2>&1

# vi /var/qmail/rc

#!/bin/sh
exec env - PATH="/var/qmail/bin:$PATH"
qmail-start "`cat /var/qmail/control/defaultdelivery`"

# vi /var/qmail/bin/qmailctl

#!/bin/sh
PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`

case "$1" in
start)
echo "Starting qmail..."
echo ""
if svok /service/qmail-send ; then
svc -u /service/qmail-send /service/qmail-send/log
echo "Starting qmail-send"
else
echo "qmail-send supervise not running"
fi
if svok /service/qmail-smtpd ; then
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
echo "Starting qmail-smtpd"
else
echo "qmail-smtpd supervise not running"
fi
if svok /service/qmail-pop3d ; then
svc -u /service/qmail-pop3d /service/qmail-pop3d/log
echo "Starting qmail-pop3d"
else
echo "qmail-pop3d supervise not running"
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo "Stopping qmail..."
echo ""
echo " qmail-smtpd"
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo " qmail-send"
svc -d /service/qmail-send /service/qmail-send/log
echo " qmail-pop3d"
svc -d /service/qmail-pop3d /service/qmail-pop3d/log
if [ -f /var/lock/subsys/qmail ]; then
rm /var/lock/subsys/qmail
fi
;;
stat)
svstat /service/qmail-send
svstat /service/qmail-send/log
svstat /service/qmail-smtpd
svstat /service/qmail-smtpd/log
svstat /service/qmail-pop3d
svstat /service/qmail-pop3d/log
qmail-qstat
;;
doqueue|alrm|flush)
echo "Flushing timeout table and sending ALRM signal to qmail-send."
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /service/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /service/qmail-send
echo "Pausing qmail-smtpd"
svc -p /service/qmail-smtpd
echo "Pausing qmail-pop3d"
svc -p /service/qmail-smtpd
;;
cont)
echo "Continuing qmail-send"
svc -c /service/qmail-send
echo "Continuing qmail-smtpd"
svc -c /service/qmail-smtpd
echo "Continuing qmail-pop3d"
svc -c /service/qmail-pop3d
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /service/qmail-send /service/qmail-send/log
echo "* Sending qmail-pop3d SIGTERM and restarting."
svc -t /service/qmail-pop3d /service/qmail-pop3d/log
echo "* Restarting qmail-smtpd."
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat <<HELP
stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|hup|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac

exit 0

Now that the necessary startup files are created, we need to make sure the right permissions are set:

#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#

chmod 755 /var/qmail/rc
chmod 755 /var/qmail/rc /var/qmail/bin/qmailctl
chmod 751 /var/qmail/supervise/qmail-pop3d/run
chmod 751 /var/qmail/supervise/qmail-pop3d/log/run
chmod 751 /var/qmail/supervise/qmail-smtpd/run
chmod 751 /var/qmail/supervise/qmail-smtpd/log/run
chmod 751 /var/qmail/supervise/qmail-send/run
chmod 751 /var/qmail/supervise/qmail-send/log/run
echo ./Maildir > /var/qmail/control/defaultdelivery
echo 255 > /var/qmail/control/concurrencyremote
chmod 644 /var/qmail/control/concurrencyremote
echo 30 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming
ln -s /var/qmail/bin/qmailctl /usr/bin
ln -s /var/qmail/supervise/qmail-send /service
ln -s /var/qmail/supervise/qmail-smtpd /service
ln -s /var/qmail/supervise/qmail-pop3d /service
qmailctl stop
echo '127.:allow,RELAYCLIENT=""' > /etc/tcp.smtp
qmailctl cdb
echo 'postmaster@yourdomain.org' > /var/qmail/alias/.qmail-root
echo 'postmaster@yourdomain.org' > /var/qmail/alias/.qmail-postmaster
echo 'postmaster@yourdomain.org' > /var/qmail/alias/.qmail-mailer-daemon
echo 'postmaster@yourdomain.org' > /var/qmail/alias/.qmail-anonymous
qmailctl stop
qmailctl start

Section C -- Install Courier-IMAP & IMAP-SSL

#
#
#
#
#
#
#
#
#
#
#

cd /usr/local/src
bzip -d courier-imap-2.2.1.tar.bz2
tar xf courier-imap-2.2.1.tar
cd courier-imap-2.2.1
./configure --with-authvchkpw --without-authldap --disable-root-check
make
make install-strip
cd /usr/lib/courier-imap/etc
cp imapd.dist imapd
cp imapd-ssl.dist imapd-ssl
cp authdaemonrc.dist authdaemonrc

Make sure you see IMAPDSSLSTART=YES in imapd-ssl. Then run:

#
#
#

/usr/lib/courier-imap/libexec/imapd.rc start
/usr/lib/courier-imap/sbin/mkimapdcert
/usr/lib/courier-imap/libexec/imapd-ssl.rc start

Section D -- Install and Configure Squirrelmail

Squirrelmail was NOT my first choice here. Yes, it's pretty, and easy to setup, and feature-replete, but it's just too 'candy' like for my taste really. If anyone has knowledge of how to get Horde and Imp working with this kind of setup, drop me a note, would you? Thanks!

#
#
#
#
#
#
#
#

cd /var/www/htdocs
tar zxf /usr/local/src/squirrelmail-1.4.2.tar.gz
mv squirrelmail-1.4.2 webmail
cd webmail
mkdir /var/sqattach
chown -R www:www /var/sqattach
cd config
./conf.pl

Now we need to configure the server settings of Squirrelmail.

General:

Domain : your.domain.name
Invert Time : false
Sendmail or SMTP : SMTP

IMAP Settings

IMAP Server : localhost
IMAP Port : 143
Authentication type : login
Secure IMAP (TLS) : false
Server software : other
Delimiter : detect

SMTP Settings

SMTP Server : localhost
SMTP Port : 25
POP before SMTP : false
SMTP Authentication : login
Secure SMTP (TLS) : false

General Settings

Attachment Directory : /var/sqattach

Go test it. use the url http://www.yourdomain.here/webmail and login
login: postmaster@your.domainname
password: the password you chose when you created the domain

Section E -- ClamAV

#
#
#
#
#
#
#
#

cd /usr/ports/security
tar zxf /usr/local/src/clamav.tgz
cd clamav
make install clean
cp /usr/local/share/examples/clamav/clamav.conf /etc/clamav.conf
vi /etc/clamav.conf - edit to your liking
mv /usr/local/bin/clamdscan /usr/local/bin/clamdscan.dist
cp /usr/local/bin/clamscan /usr/local/bin/clamdscan

Create a crontab to keep the virus definitions up-to-date:

# crontab -e
0 8 * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log --daemon-notify

Section F -- SpamAssassin

In order for SA to work correctly, you need the following perl modules installed:

Time::HiRes
Net::DNS
Digest::SHA1
Digest::HMAC
HTML::Parser

#
#
#
#
#
#
#
#
#
#
#
#
#

cd /usr/local/src
tar zxf Mail-SpamAssassin-2.63.tar.gz
cd Mail-SpamAssassin-2.6.3
perl Makefile.pl
make
make install
cd /var/qmail
mkdir .spamassassin
cd .spamassassin
echo 'required_hits 5.0' > user_prefs
chown -R qmailq:qmail /var/qmail/.spamassassin
lynx /usr/ports/mail/p5-Mail-SpamAssassin/file/p5-Mail-SpamAssassin-mini-howto.html
vi /etc/mail/spamassassin/local.cf and edit to taste

Section G -- TNEF

#
#
#
#
#
#
#

cd /usr/local/src
tar zxvf tnef-1.2.3.1.tar.gz
cd tnef-1.2.3.1
./configure
make
make check
make install

Section H -- Qmail-Scanner

#
#
#
#
#
#

cd /usr/local/src
tar zxf qmail-scanner-1.20.tgz
cd qmail-scanner-1.2.0
./configure --admin postmaster --domain your.domain.here --notify admin \
--local-domains your.domain.here --install
setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -g

You should see a line like 'perlscanner:total of 9 entries.'

The following line should be placed directly under #!/bin/sh

# vi /var/qmail/supervise/qmail-smtpd/run

QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE

You also need to modify the 'softlimit' line to read 10000000.

We need to have qmail-scanner run a few tests and you will be emailed with the results.

# #	cd /usr/local/src/qmail-scanner-1.20/contrib ./test_intallation.sh -doit

Section I -- Configure /etc/rc.local to start all the newly installed services

Remove the following line from rc.local

csh -cf '/command/svscanboot &'

Now add the following lines to rc.local for all services to start upon system boot:

### DaemonTools for starting Qmail
if [ -x /command/svscanboot ]; then
echo ' Qmail SMTP POP3';csh -cf '/command/svscanboot &' >/dev/null 2>&1
fi
### courier-imap
echo ' Courier-IMAP';
/usr/lib/courier-imap/libexec/imapd.rc start

### courier-imap ssl
echo ' Courier-IMAP SSL';
/usr/lib/courier-imap/libexec/imapd-ssl.rc start
### spamassassin
if [ -x /usr/bin/spamd ]; then
echo ' SpamAsassin';
/usr/bin/spamd -u _spamdaemon -d
fi

Congratulations, you now have a complete OpenBSD mail server. Just reboot and you are done.

#	halt or reboot

Watch the console when you reboot, you should see the following lines appear shortly before the login prompt:

Qmail SMTP POP3

Courier-IMAP

Courier-IMAP SSL

SpamAssassin

Author: dotc0m
dotc0m at twcny dot rr dot com