Reference:
http://www.purplehat.org/?page_id=4
All credits go to the author at Purplehat.org
Page 1 – Maia-Mailguard Install
Maia-Mailguard is by far the best open source spam/virus configuration utility I have ever used. It allows users to adjust their own settings for spam and viruses leaving the Mail Admin a little breathing room which makes it a great piece of software. You can read more about it at http://www.maiamailguard.com/.
This tutorial installs version 1.0.2a_4.
Add ClamAV build options to /etc/make.conf file:
This builds ClamAV to allow our “vscan” user (coming later) access to it.
#echo 'CLAMAVUSER=vscan' >> /etc/make.conf
#echo 'CLAMAVGROUP=vscan' >> /etc/make.conf
Install Maia-Mailguard via ports:
#cd /usr/ports/security/maia
#make all install clean
(Be sure the “APACHE“, “WEBHOST“, “MYSQL“, “DOVECOT“, “POSTFIX“, “PFA“, “FUZZYOCR“, “CLAMAV“, “SPAMASSASSIN” and “BDB” options are selected and feel free to select any additional options you may want.)
Perl Options:
Defaults are fine.
p5-Template-Toolkit Options:
Defaults are fine.
Apache Options:
Defaults are fine.
m4 Options:
Defaults are fine.
libiconv Options:
Defaults are fine.
apr-ipv6-devrandom-gdbm-db42 Options:
Defaults are fine.
python26 Options:
Defaults are fine.
php5 Options:
Be sure “APACHE” is selected.
cclient Options:
Defaults are fine.
php5-mbstring Options:
Defaults are fine.
php5-mysql Options:
Defaults are fine.
php5-mysqli Options:
Defaults are fine.
sqlite3 Options:
Defaults are fine.
tcl Options:
Defaults are fine.
php5-sqlite Options:
Defaults are fine.
pear-Net_SMTP Options:
Be sure “PEAR_AUTH_SASL” is selected.
pear-Auth Options:
Be sure “PEAR_LOG” and “PEAR_DB” are selected.
pear-Log Options:
Be sure “PEAR_DB” is selected.
dovecot Options:
Be sure “SSL“, “BDB” and “MYSQL” are selected.
postfix Options:
Be sure “DOVECOT“, “TLS“, “BDB“, “MYSQL” and “VDA” are selected.
(During install)
Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y
postfixadmin Options:
Be sure “MYSQLI” is selected.
png Options:
Defaults are fine.
jasper Options:
Defaults are fine.
p5-Mail-SpamAssassin Options:
Be sure “MYSQL” and “SPF_QUERY” are selected.
p5-Net-DNS Options:
Defaults are fine.
p5-libwww Options:
Defaults are fine.
p5-IO-Socket-SSL Options:
Defaults are fine.
gnupg Options:
Defaults are fine.
pth Options:
Defaults are fine.
curl Options:
Defaults are fine.
ca_root_nss Options:
Defaults are fine.
clamav Options:
Defaults are fine.
php5-gd Options:
Defaults are fine.
p7zip Options:
Defaults are fine.
Page 2 – MySQL Setup
MySQL is a database application that is very fast and very reliable. You can read more about it by visiting http://www.mysql.com/.
This tutorial uses version 5.1.51_1.
Add mysqld to system startup:
#echo 'mysql_enable="YES"' >> /etc/rc.conf
Start MySQL:
#/usr/local/etc/rc.d/mysql-server start
Secure MySQL root user account and delete nameless user(s):
#mysql -u root mysql >UPDATE user SET Password=PASSWORD('mysql_root_password') WHERE User='root'; >DELETE FROM user WHERE User=''; >FLUSH PRIVILEGES; >quit;
Create and populate Maia-Mailguard database:
#mysql -u root -p mysql (Enter MySQL root password) >CREATE DATABASE maia; >GRANT ALL PRIVILEGES ON maia.* TO vscan@localhost IDENTIFIED BY 'vscan_user_password'; >FLUSH PRIVILEGES; >quit #cd /usr/local/share/doc/maia #mysql -u root -p maia < maia-mysql.sql
Copy my.cnf for MySQL:
#cp /usr/local/share/mysql/my-medium.cnf /var/db/mysql/my.cnf #chmod 640 /var/db/mysql/my.cnf
Edit /var/db/mysql/my.cnf file:
This is to allow MySQL to process files up to 10 Megabytes in size and
also keep the INNODB files from getting too large.
Find and edit the RED TEXT.
... [mysqld] port = 3306 socket = /tmp/mysql.sock skip-locking key_buffer = 16M max_allowed_packet = 10M table_cache = 64 sort_buffer_size = 512K ... # Uncomment the following if you are using InnoDB tables innodb_data_home_dir = /var/db/mysql/ innodb_data_file_path = ibdata1:10M:autoextend innodb_log_group_home_dir = /var/db/mysql/ # You can set .._buffer_pool_size up to 50 - 80 % # of RAM but beware of setting memory usage too high innodb_buffer_pool_size = 16M innodb_additional_mem_pool_size = 2M # Set .._log_file_size to 25 % of buffer pool size innodb_log_file_size = 5M innodb_log_buffer_size = 8M innodb_flush_log_at_trx_commit = 1 innodb_lock_wait_timeout = 50 ...
Restart MySQL for new changes:
#/usr/local/etc/rc.d/mysql-server restart
Page 3 – Dovecot Setup
Dovecot is a very fast, very reliable, and easily configured POP3/IMAP server application. You can read more about it by visiting their website at http://www.dovecot.org/.
This tutorial uses version 1.2.14.
Edit /etc/rc.conf so Dovecot starts at boot:
#echo 'dovecot_enable="YES"' >> /etc/rc.conf
Copy Dovecot configuration files:
#cp /usr/local/share/examples/dovecot/dovecot.conf /usr/local/etc/dovecot.conf #cp /usr/local/share/examples/dovecot/dovecot-sql.conf /usr/local/etc/dovecot-sql.conf
Create SSL/TLS certificate for secure connections:
#mkdir -p /etc/ssl/dovecot #cd /etc/ssl/dovecot #openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 365
Edit /usr/local/etc/dovecot.conf file:
Find and edit the red text.
protocols = imap imaps pop3 pop3s ssl_cert_file = /etc/ssl/dovecot/cert.pem ssl_key_file = /etc/ssl/dovecot/key.pem login_greeting = ISP Mail Server Ready. mail_location = maildir:/usr/local/virtual/%d/%n first_valid_uid = 125 last_valid_uid = 125 first_valid_gid = 125 last_valid_gid = 125 protocol imap { mail_plugins = quota imap_quota } protocol pop3 { mail_plugins = quota } protocol lda { postmaster_address = postmaster@domain.tld } auth default { # passdb pam { # } passdb sql { args = /usr/local/etc/dovecot-sql.conf } # userdb passwd { # } userdb sql { args = /usr/local/etc/dovecot-sql.conf } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } }
Edit /usr/local/etc/dovecot-sql.conf file:
You can either copy this file or edit your own file to match.
driver = mysql connect = host=localhost dbname=postfix user=postfix password=postfix_mysql_password default_pass_scheme = MD5 password_query = SELECT password FROM mailbox WHERE username = '%u' user_query = SELECT maildir, 125 AS uid, 125 AS gid, CONCAT('maildir:storage=', FLOOR( quota / 1024 ) ) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
IMPORTANT NOTE:
Be sure that ALL the previous changes remain on a sinlge line. Also, the user_query line contains a bit in the query to allow Dovecot to return quota usage. If you don’t want or don’t need quota usage returned, you can just remove that bit from the query…
Page 4 – Postfix Setup
Postfix is by far an MTA favorite amongst anyone who has every been a mail server administrator. It’s ease of use and stability is second to none. You can read more about it by visiting their website at http://www.postfix.org/.
This tutorial uses version 2.7.1,1.
Shut down Sendmail:
#/etc/rc.d/sendmail forcestop
NOTE:
If the above command doesn’t not shut down Sendmail, you’ll have to manually kill the PIDs. You can either find the PIDs and kill them (2) individually or you can run the following command:
#sh #for i in `ps auxwww|grep sendmail|awk '{print $2}'`;do kill $i;done && exit
Edit /etc/rc.conf to disable Sendmail and start Postfix at boot:
Add these lines to the bottom of the file:
sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" postfix_enable="YES"
Create and edit /etc/periodic.conf file:
Add these lines to the file:
daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO"
Create and secure the SMTP SSL certificate:
#mkdir -p /etc/ssl/postfix #cd /etc/ssl/postfix #openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650 #chmod 640 /etc/ssl/postfix/smtpd.pem #chgrp -R postfix /etc/ssl/postfix
Edit /usr/local/etc/postfix/main.cf file:
Find and edit the RED TEXT.
... # SOFT BOUNCE # # The soft_bounce parameter provides a limited safety net for # testing. When soft_bounce is enabled, mail will remain queued that # would otherwise bounce. This parameter disables locally-generated # bounces, and prevents the SMTP server from rejecting mail permanently # (by changing 5xx replies into 4xx replies). However, soft_bounce # is no cure for address rewriting mistakes or mail routing mistakes. # soft_bounce = no # SASL CONFIG # broken_sasl_auth_clients = yes smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth # TLS CONFIG # smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # MySQL Configuration # virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:125 virtual_mailbox_base = /usr/local/virtual virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 125 virtual_transport = virtual virtual_uid_maps = static:125 # Additional for quota support # virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps virtual_mailbox_limit_override = yes virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later. virtual_overquota_bounce = yes ... myhostname = host.domain.tld ... mydomain = domain.tld ... mydestination = localhost.$mydomain, localhost ... relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf ...
Edit /usr/local/etc/postfix/master.cf file:
Find and edit the RED TEXT.
... smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject ...
Create and edit /usr/local/etc/postfix/mysql_virtual_alias_maps.cf file:
user = postfix password = postfix_sql_password hosts = localhost dbname = postfix query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
Create and edit /usr/local/etc/postfix/mysql_virtual_domains_maps.cf file:
user = postfix password = postfix_sql_password hosts = localhost dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1'
Create and edit /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf file:
user = postfix password = postfix_sql_password hosts = localhost dbname = postfix query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
Create and edit /usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf file:
user = postfix password = postfix_sql_password hosts = localhost dbname = postfix query = SELECT quota FROM mailbox WHERE username='%s'
Create and edit /usr/local/etc/postfix/mysql_relay_domains_maps.cf file:
user = postfix password = postfix_sql_password hosts = localhost dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'
Secure Postfix’s MySQL files:
#chmod 640 /usr/local/etc/postfix/mysql_*
#chgrp postfix /usr/local/etc/postfix/mysql_*
Create the transport file and update the transport map database:
#touch /usr/local/etc/postfix/transport
#postmap /usr/local/etc/postfix/transport
Edit /etc/aliases file:
Change "root" to an email address you want system messages to be mailed to:
root: you@your-domain.tld
Create aliases.db file:
#/usr/bin/newaliases
Create our virtual mail directories:
#mkdir /usr/local/virtual
#chown -R postfix:postfix /usr/local/virtual
#chmod -R 700 /usr/local/virtual
Page 5 – Apache Setup
Apache is a very robust, nice, and easily configurable web server application. I’ve been using it for many years and its always been kind to me. You can read more about Apache by visiting https://www.apache.org/.
This tutorial uses version 2.2.16_2.
Edit /usr/local/etc/apache22/httpd.conf file:
Find and edit the RED TEXT.
... ServerAdmin webmaster@domain.tld ... ServerName www.domain.tld:80 ... # Various default settings Include etc/apache22/extra/httpd-default.conf # Secure (SSL/TLS) connections Include etc/apache22/extra/httpd-ssl.conf ...
Create SSL certificate for Apache:
#mkdir -p /etc/ssl/apache
#cd /etc/ssl/apache
#openssl genrsa -des3 -out server.key 1024
#openssl req -new -key server.key -out server.csr
#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Remove SSL passphrase:
(This is entirely optional. I just had a lot of requests for this)
#cd /etc/ssl/apache
#cp server.key server.key.orig
#openssl rsa -in server.key.orig -out server.key
Protect our Apache key files:
#chmod 400 /etc/ssl/apache/*
Edit /usr/local/etc/apache22/extra/httpd-default.conf file:
Find and edit the RED TEXT.
... ServerTokens Prod ... ServerSignature Off ... HostnameLookups Off ...
Edit /usr/local/etc/apache22/extra/httpd-ssl.conf file:
... ServerName www.domain.tld:443 ... ServerAdmin webmaster@domain.tld ... SSLCertificateFile "/etc/ssl/apache/server.crt" ... SSLCertificateKeyFile "/etc/ssl/apache/server.key" ...
Install Apache startup script and start it:
#echo 'apache22_enable="YES"' >> /etc/rc.conf
#/usr/local/etc/rc.d/apache22 start
Test:
Visiting either “http://domain.tld/” or “http://YOUR_IP/” should now bring up your machine’s default Apache web page (Something along the lines of “It Works!“. Then, visit either “https://domain.tld/” or “https://YOUR_IP/” to test the SSL/TLS. If you see both pages, you’re ready to rock. If not, browse to the top of this Apache Install page and try again. Also, be sure to check your logs to find out if there are any errors. The logs will be located in “/var/log/httpd-*” by default. Seriously, I cannot stress checking logs enough…
Page 6 – PHP Setup
PHP is a very powerful language used mostly for web applications. Hence the reason we are installing it. Each application that is accessible via the web in this tutorial depends on PHP to work properly. You can check out more on PHP by visiting their web site at http://www.php.net/.
This tutorial uses version 5.2.6.
Prepare /usr/local/etc/php.ini file:
#cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
#chmod 644 /usr/local/etc/php.ini
Edit /usr/local/etc/php.ini file:
Find and edit the RED TEXT.
... ;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories ; ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" include_path = "." ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" ...
Edit /usr/local/etc/apache22/httpd.conf file:
Find and edit the RED TEXT.
... <IfModule dir_module> DirectoryIndex index.html index.php index.php5 </IfModule> ... ... <IfModule mime_module> TypesConfig etc/apache22/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps </IfModule>
Restart Apache:
#apachectl restart
Page 7 – Postfixadmin Setup
PostfixAdmin is a great application to edit your e-mail domains and users. It has plenty of options and makes things very easy. You can check it out by visiting their website at http://sourceforge.net/projects/postfixadmin/.
This tutorial uses version 2.3.2.
Create PostfixAdmin database:
Execute adjusting the RED TEXT.
#mysql -u root -p (Enter MySQL root password) >CREATE DATABASE postfix; >CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'postfix_sql_password'; >GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost'; >FLUSH PRIVILEGES; >QUIT;
Secure PostfixAdmin files:
#cd /usr/local/www/postfixadmin
#find . -type f -exec chmod 640 {} \;
#find . -type d -exec chmod 750 {} \;
Edit /usr/local/www/postfixadmin/config.inc.php file:
Find and edit the RED TEXT.
$CONF['configured'] = true; $CONF['postfix_admin_url'] = 'https://www.domain.tld/postfixadmin/'; $CONF['database_type'] = 'mysqli'; $CONF['database_host'] = 'localhost'; $CONF['database_user'] = 'postfix'; $CONF['database_password'] = 'postfix_sql_password'; $CONF['database_name'] = 'postfix'; $CONF['database_prefix'] = ''; $CONF['admin_email'] = 'postmaster@domain.tld'; $CONF['default_aliases'] = array ( 'abuse' => 'abuse@domain.tld', 'hostmaster' => 'hostmaster@domain.tld', 'postmaster' => 'postmaster@domain.tld', 'webmaster' => 'webmaster@domain.tld' ); $CONF['domain_path'] = 'YES'; $CONF['domain_in_mailbox'] = 'NO'; $CONF['aliases'] = '50'; $CONF['mailboxes'] = '50'; $CONF['maxquota'] = '1024'; $CONF['quota'] = 'YES'; $CONF['quota_multiplier'] = '1048576'; $CONF['vacation'] = 'YES'; $CONF['vacation_domain'] = 'autoreply.domain.tld'; $CONF['user_footer_link'] = 'http://www.domain.tld/'; $CONF['footer_text'] = 'Return to domain.tld'; $CONF['welcome_text'] = <<<EOM Hello, Welcome to your new email account! For questions or comments regarding your mail account, please feel free to send an email to support@domain.tld. Likewise, any other inqueries regarding ISP NAME or their affiliates can be sent to the same address. Also, don't forget to check your mail settings via Maia- Mailguard located at https://www.domain.tld/maia-mailguard/. Simply log into your account using your email address and password. That's it! From Maia-Mailguard, you can adjust your spam, virus, malware, whitelists, blacklists, etc... This will put you in full control of your email so you never miss anything important. Thank you for using ISP NAME and enjoy your new email account! Regards, ISP NAME Staff support@domain.tld EOM; ?> $CONF['emailcheck_resolve_domain']='NO';
Create Vacation user and group accounts:
#pw groupadd vacation #pw useradd vacation -c Virtual\ Vacation -d /nonexistent -g vacation -s /sbin/nologin
Create, populate and secure vacation directory:
#mkdir /var/spool/vacation #cp /usr/local/www/postfixadmin/VIRTUAL_VACATION/vacation.pl /var/spool/vacation/ #chown -R vacation:vacation /var/spool/vacation/ #chmod 700 /var/spool/vacation/ #chmod 750 /var/spool/vacation/vacation.pl #touch /var/log/vacation.log /var/log/vacation-debug.log #chown vacation:vacation /var/log/vacation*
Edit /var/spool/vacation/vacation.pl script:
Find and edit the RED TEXT.
our $db_type = 'mysql'; our $db_host = 'localhost'; our $db_user = 'postfix'; our $db_pass = 'postfix_sql_password'; our $db_name = 'postfix'; our $vacation_domain = 'autoreply.domain.tld'; our $logfile = "/var/log/vacation.log"; # specify a file name here for example: vacation.log our $log_level = 0; our $log_to_file = 1; ...
Edit /usr/local/etc/postfix/master.cf for vacation filter:
Add this to the bottom of the file.
vacation unix - n n - - pipe flags=DRhu user=vacation argv=/var/spool/vacation/vacation.pl
Edit /usr/local/etc/postfix/main.cf for vacation transport:
Find and edit the RED TEXT.
... # TRANSPORT MAP # # See the discussion in the ADDRESS_REWRITING_README document. transport_maps = hash:/usr/local/etc/postfix/transport vacation_destination_recipient_limit = 1 ...
Add proper lines to /usr/local/etc/postfix/transport file:
#echo 'autoreply.domain.tld vacation:' >> /usr/local/etc/postfix/transport
Create our transport map database for Postfix:
#postmap /usr/local/etc/postfix/transport
Create and edit /usr/local/etc/apache22/Includes/postfixadmin.conf file:
Alias /postfixadmin/ "/usr/local/www/postfixadmin/" <Directory "/usr/local/www/postfixadmin/"> Options Indexes AllowOverride AuthConfig Order allow,deny Allow from all </Directory>
Reload Apache configuration:
#apachectl configtest
#apachectl graceful
Run all startup scripts:
#/usr/local/etc/rc.d/mysql-server start (Should already be running?)
#/usr/local/etc/rc.d/dovecot start
#/usr/local/etc/rc.d/postfix start
Note:
Check your /var/log/maillog and /var/log/messages to make sure there are no errors.
Post Note:
If you are receiving errors in your logs about $mydestination, be sure that _ANY_ ‘virtual’ domain you are hosting is _NOT_ listed in your /etc/hosts file. Apparently this causes a problem being as Postfix cannot determine if the domain is virtual or not. (Thanks Valentin)
Test and setup PFA admin:
Visit https://www.domain.tld/postfixadmin/setup.php and create a password hash. Copy the password hash into your /usr/local/www/postfixadmin/config.inc.php file on the $setup_password line. Reload the https://www.domain.tld/postfixadmin/setup.php page and create a Super Admin Account using the password which created your password hash to submit the information. The username MUST be an email address (But does not need to actually exist) and the password for the Super Admin account DOES NOT need to be the same password which generated your password hash.
Add a domain and user to Postfix:
Visit “http://domain.tld/postfixadmin/”
Enter the admin username and password you created during the PostfixAdmin setup. Click “Domain List” then “New Domain“and fill in the requested fields. Next, click “Virtual List” followed by “Add Mailbox“and again, fill in the requested fields.
Telnet to localhost on port 25:
#telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.domain.tld.
Escape character is ‘^]’.
220 test.domain.tld ESMTP Postfix
EHLO test.com
250-test.domain.tld
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS
quit
quit
Telnet to localhost on port 465:
#telnet localhost 465
Trying 127.0.0.1…
Connected to host.domain.tld.
Escape character is ‘^]’.
quit
quit
Note:
You won’t see anything besides the above on port 465 as it requires SSL and you’re not using it right now. So, if the connection is successful, you should be fine. You can test this later with a mail client using an SSL connection for SMTP.
Telnet to localhost on port 110:
#telnet localhost 110
Connected to host.domain.tld.
Escape character is ‘^]’.
+OK ISP Mail Server Ready.
user user@domain.tld (Use the account you created via the web interface)
+OK
pass password (Use password you just created for above user)
+OK Logged in.
list
+OK 1 messages:
1 844
.
quit
+OK Logging out
Connection closed by foreign host.
Check your /var/log/maillog for errors. If there are none, congratulations. You now have a complete Postfix+Virtual-Users/Domains installation.
Page 8 – SpamAssassin Setup
SpamAssassin is a great tool for detecting spam. Although it may be a bit ‘bloated’ and resource hungry, I still like to use it. Whether or not you want to use it is up to you. I’ve heard of others trading this step out for spamd but I haven’t gotten around to integrating it properly. So, SpamAssassin it is! You can read more about SpamAssassin by visiting their web site at http://spamassassin.apache.org/.
This tutorial uses version 3.3.1_2.
Create user “vscan”:
#pw groupadd vscan
#pw useradd -n vscan -c Amavisd\ User -d /var/amavisd -g vscan -m
#passwd vscan
(Enter password twice)
Create and edit /usr/local/etc/mail/spamassassin/local.cf file:
use_bayes 1
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn DBI:mysql:maia
bayes_sql_username vscan
bayes_sql_password vscan_password
auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList
user_awl_dsn DBI:mysql:maia
user_awl_sql_username vscan
user_awl_sql_password vscan_password
bayes_auto_expire 0# Change 192.168.1.* to your actual internal/external address(es).
internal_networks 192.168.1.0/24
trusted_networks 192.168.1/24
Configure RAZOR for reporting:
#su - vscan #razor-admin -discover #razor-admin -create #razor-admin -register -l -user=username@domain.tld -pass=some_password #exit
NOTE:
The above user should be an actual email address you check. The password can be any password you’d like. It’s only needed by razor2 to identify and report and spam.
NOTE:
The above user should be an actual email address you check. The password can be any password you’d like. It’s only needed by razor2 to identify and report and spam.
Page 9 – FuzzyOCR Setup
FuzzyOCR is a tool that detects spam inside of images. This tool works wonderfully and I would highly recommend using it. You can find out more by visiting the FuzzyOCR web site at http://fuzzyocr.own-hero.net/.
This tutorial uses version 3.6.0_3.
Copy FuzzyOcr files to SpamAssassin configuration directory:
# cp /usr/local/share/examples/FuzzyOcr/FuzzyOcr.* /usr/local/etc/mail/spamassassin
Page 10 – Clam Anti-Virus Setup
Clam Anti-Virus is a free virus scanning utility that works like a charm. Thus far I haven’t had any issues with it. You can also install many other AV scanners that Maia-Mailguard can use. You are not limited to one. You can read more about ClamAV by visiting the web site at http://www.clamav.net/.
This tutorial uses version 0.96.3_2.
Enable ClamAV at boot time:
#echo 'clamav_freshclam_enable="YES"' >> /etc/rc.conf
#echo 'clamav_clamd_enable="YES"' >> /etc/rc.conf
Start FreshClam as well as the ClamAV daemon:
#/usr/local/etc/rc.d/clamav-clamd start
#/usr/local/etc/rc.d/clamav-freshclam start
Page 11 – PEAR Setup
PEAR stands for “PHP Extension and Application Repository” which describes it perfectly. It comes in very handy when dealing with web applications. You can read more about PEAR at http://pear.php.net/.
This tutorial uses version 1.9.1.
Edit /usr/local/etc/php.ini file:
Find and edit the RED TEXT
... ;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories ; ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" include_path = ".:/usr/local/share/pear" ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" ...
Install PEAR’s HTML Purifier (Currently no port for it…)
#pear channel-discover htmlpurifier.org
#pear install hp/HTMLPurifier
Page 12 – SquirrelMail Install
Okay. Here’s the last of it! Follow the below instructions to get Maia-Mailguard working with all the other software and then you can start playing.
Edit /usr/local/etc/maia.conf file:
Find and edit the RED TEXT
…
# Your Maia database user’s login name
$username = “vscan“;# Your Maia database user’s password
$password = “vscan_password“;# The directory where Maia’s Perl scripts can be found.
$script_dir = “/var/amavisd/maia/scripts“;
…
# The directory where SpamAssassin’s local.cf file can be found.
$local_cf_dir = “/usr/local/etc/mail/spamassassin“; # default: let the script find it
…
# The directory where SpamAssassin’s core rules can be found.
$system_rules_dir = “/usr/local/share/spamassassin“; # default: let the script find it
…
# The directory where your amavis user’s user_prefs file can be found.
$user_rules_dir = “/var/amavisd/.spamassassin“; # default: let the script find it
…
# Location of your encryption key file, or undef to disable
#$key_file = “/var/amavisd/maia.key”;
…
# Base URL to Maia’s PHP scripts
$base_url = “https://www.domain.tld/maia/“;
Run configtest.pl executable:
#/var/amavisd/maia/scripts/configtest.pl
Note:
The configtest.pl script will complain about not having Mail::SPL::Query but it is safe to ignore as SpamAssassin is built with Mail::SPF which includes Query as well
Allow ‘vscan’ access to Maia’s files:
#cd /usr/local/etc
#chgrp vscan maia.conf amavisd.conf
Load SpamAssassin rules:
#su – vscan
#/var/amavisd/maia/scripts/load-sa-rules.pl --debug
#exit
Edit /usr/local/www/maia/config.php file:
Find and edit the RED TEXT.
…
$maia_sql_dsn = “mysql://vscan:vscan_password@unix(/tmp/mysql.sock)/maia“;
…
$address_rewriting_type = 4;
…
$auth_method = “sql“;
…
// Database connection string to use for authentication.
$auth_sql_dsn = “mysql://postfix:postfix_sql_password@unix(/tmp/mysql.sock)/postfix“;
…
// Name of the table that contains the user’s authentication info
$auth_sql_table = “mailbox“;
…
// Name of the column that contains the user’s name
$auth_sql_username_column = “username“;
…
// Name of the column that contains the user’s password
$auth_sql_password_column = “password“;
…
// Name of the column that contains the user’s e-mail address
$auth_sql_email_column = “username“;
…
// Password encryption type:
$auth_sql_password_type = “crypt“;
…
Create and edit /usr/local/etc/apache22/Includes/maia.conf file:
Alias /maia/ "/usr/local/www/maia/" <Directory "/usr/local/www/maia/"> AllowOverride None Options None Order allow,deny Allow from all </Directory>
Reload Apache:
#apachectl graceful
Test:
Visit “https://domain.tld/maia/admin/configtest.php“.
Edit /usr/local/etc/amavisd.conf file:
Find and edit the RED TEXT.
... $max_servers = 2; # number of pre-forked children (2..15 is common) ... $mydomain = 'domain.tld'; ... #$key_file = "$MYHOME/maia.key"; ... $DO_SYSLOG = 1; ... @lookup_sql_dsn = ( ['DBI:mysql:maia:localhost', 'vscan', 'vscan_password'] ); ... $unrar = ['rar', 'unrar']; ... $myhostname = 'host.domain.tld'; ... $X_HEADER_LINE = "Maia Mailguard"; ... ### http://www.clamav.net/ ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ...
Set Maia-Mailguard to start at boot and start it now:
#echo 'maia_enable="YES"' >> /etc/rc.conf
#/usr/local/etc/rc.d/maia start
Test:
Visit “https://domain.tld/maia/“. You should be greeted with a login screen. If so, great! Let’s log in and acquire admin privileges…
Instead of “https://domain.tld/maia/login.php” (The default), visit “https://domain.tld/maia/login.php?super=register” and log in with any currently existing virtual user (Most likely the user you added with Postfixadmin earlier). Be sure to use a full email address to log into Maia-Mailguard. IE: username@domain.tld. That user will now have admin privs via Maia (So, be careful which user you choose).
Now, that you’re logged into Maia-Mailguard as an administrator, click the “Admin” link at the top of the page (Key-shaped icon). From the “Administration Menu” click “System Configuration“. Each mail server will want different settings for their setup. However, there are some things you should be aware of:
1. Make sure that *ANY* file name (With the exception of the logo image)
listed for any option is listed with it’s *FULL PATH*.2. The “Mail size limit” setting should not be higher than what you set
your MySQL’s max_allowed_packet to (10M in my example) in /var/db/mysql/my.cnf. Remember that this setting is in bytes. So, 10*1024*1024 would give you 1048576 (10M).
IMPORTANT:
For each domain you create using Postfixadmin or any other way you may create it, Maia needs to know about it in order to create users. This might seem like a redundant issue, but it really makes a difference and here’s why… When Maia recieves mail for a user that doesn’t exist, it uses the default domain’s (@.) settings. This is fine. However, if it considers that mail to be spam when it is not, the user cannot retrieve that message later being as the default settings don’t house mail for a non-existant user. So, be sure to add any domain you add via PostfixAdmin to Maia-Mailguard as well.
Edit /usr/local/etc/postfix/main.cf file:
Find and edit the RED TEXT.
…
# Maia-Mailguard
#
content_filter=smtp-amavis:[127.0.0.1]:10024# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
…
Edit /usr/local/etc/postfix/master.cf file:
Add RED TEXT to bottom of file.
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=2400 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
Reload Postfix:
#postfix reload
Edit the “vscan” user’s cron jobs:
#crontab -u vscan -e
Copy and paste into user vscan’s crontab.
#Load new rules and store into Maia database. 30 4 * * * /var/amavisd/maia/scripts/load-sa-rules.pl > /dev/null #Train Spam Assassin. 0 * * * * /var/amavisd/maia/scripts/process-quarantine.pl --learn --report > /dev/null #Take a snapshot of the stats at the start of every hour. 0 * * * * /var/amavisd/maia/scripts/stats-snapshot.pl > /dev/null #Purge mail that has not been confirmed. 0 23 * * * /var/amavisd/maia/scripts/expire-quarantine-cache.pl > /dev/null #Send quarantine reminders. 0 15 * * * /var/amavisd/maia/scripts/send-quarantine-reminders.pl > /dev/null #Send quarantine digests. 0 15 * * * /var/amavisd/maia/scripts/send-quarantine-digests.pl > /dev/null #Force bayesian auto-expiry during off-peak hours. 25 2 * * * /usr/local/bin/sa-learn --sync --force-expire > /dev/null
Page 13 – Mailman Install
Mailman is a very nice and very well supported Mailing List application. So, if you’d like to host mailing lists, this would be my recommended software. You can read more about it by visiting http://www.gnu.org/software/mailman/index.html.
This tutorial installs version 2.1.10.
Install Mailman via ports:
#cd /usr/ports/mail/mailman
#make all install clean
(Be sure the “POSTFIX” option is selected from the menu)
Enable mailman to start at boot:
#echo 'mailman_enable="YES"' >> /etc/rc.conf
Get Postfix-To-Mailman script
#cd /usr/local/mailman
#fetch http://www.gurulabs.com/downloads/postfix-to-mailman-2.1.py
#mv postfix-to-mailman-2.1.py postfix-to-mailman.py
#chmod 750 postfix-to-mailman.py
#chown mailman:mailman postfix-to-mailman.py
Edit /usr/local/mailman/postfix-to-mailman.py file:
Find and edit the RED TEXT.
#! /usr/local/bin/python
…
# Configuration variables – Change these for your site if necessary.
MailmanHome = “/usr/local/mailman“; # Mailman home directory.
MailmanOwner = “postmaster@domain.tld“; # Postmaster and abuse mail recipient.
…
Edit /usr/local/etc/postfix/main.cf file:
Find and edit the RED TEXT.
... relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf lists.domain.tld ... # TRANSPORT MAP # # See the discussion in the ADDRESS_REWRITING_README document. transport_maps = hash:/usr/local/etc/postfix/transport vacation_destination_recipient_limit = 1 mailman_destination_recipient_limit = 1 ...
Add transport for list to /usr/local/etc/postfix/transport file:
#echo 'lists.domain.tld mailman:' >> /usr/local/etc/postfix/transport
Edit /usr/local/etc/postfix/master.cf file:
Add RED TEXT to end of file.
mailman unix - n n - - pipe flags=FR user=mailman:mailman argv=/usr/local/mailman/postfix-to-mailman.py ${nexthop} ${user}
Create Postfix transport database:
#postmap /usr/local/etc/postfix/transport
Reload Postfix:
#postfix reload
Edit /usr/local/etc/apache22/extra/httpd-vhosts.conf file:
Add RED TEXT directly under “NameVirtualHost *:80″ line.
NameVirtualHost *:80 # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for all requests that do not # match a ServerName or ServerAlias in anyblock. # # Default domain on this server # <Virtualhost *:80> ServerAdmin webmaster@domain.tld DocumentRoot "/usr/local/www/apache22/data" ServerName www.domain.tld ServerAlias domain.tld www.domain.tld <Directory "/usr/local/www/apache22/data"> AllowOverride None Options None Order allow,deny Allow from all </Directory> ErrorLog /var/log/httpd-error.log CustomLog /var/log/httpd-access.log combined </Virtualhost> # Mailman mailing list domain. # <Virtualhost *:80> ServerAdmin webmaster@domain.tld DocumentRoot "/usr/local/mailman" ServerName lists.domain.tld ServerAlias lists.domain.tld ScriptAlias /cgi-bin/ "/usr/local/mailman/cgi-bin/" ScriptAlias /mailman/ "/usr/local/mailman/cgi-bin/" Alias /pipermail "/usr/local/mailman/archives/public" Alias /icons "/usr/local/mailman/icons" <Directory "/usr/local/mailman"> AllowOverride All Options FollowSymlinks Order allow,deny Allow from all </Directory> ErrorLog /var/log/httpd-error.log CustomLog /var/log/httpd-access.log combined </Virtualhost>
NOTE:
Notice the addition of the default HTTP directory. The reason for this is due to the fact that once virtual hosting is enabled, the default directory used by Apache is the first VirtualHost listed in the httpd-vhosts.conf file. So, make sure that what ever site you plan on using as the default site for that machine comes first in the list of virtual hosts in the httpd-vhosts.conf file.
After adding the above VirtualHost directive, you can delete or comment out the remaining lines in the httpd-vhosts.conf file being as they’re just the default examples and pretty much useless.
Edit /usr/local/etc/apache22/httpd.conf to include vhosts:
Find and edit the RED TEXT.
…
# Virtual hosts
Include etc/apache22/extra/httpd-vhosts.conf
…
Reload Apache configuration:
#apachectl graceful
Test:
Visit “http://lists.domain.tld/mailman/listinfo” and you should see the mailing list information page. If not, restart with the MailMan install. Otherwise, you’ll notice that the ‘Powered by FreeBSD’ logo is missing. “OH NO!”. This, of course, can NOT continue… So, let’s go a head and copy our FBSD logo into proper directory…
Copy FBSD logo so Mailman sees it:
#cd /usr/local/mailman/icons
#cp /usr/local/www/icons/powerlogo.gif ./
Yep! Beastie!
Set site password:
#cd /usr/local/mailman
#bin/mmsitepass
New site password: mailman_password
Again to confirm password: mailman_password
Create Mailman list:
#bin/newlist
Enter the name of the list: mailman
Enter the email of the person running the list: you@domain.tld
Initial mailman password: list_passwordYou’ll then see instructions to add aliases for the mailing list. We need not worry about that because everything is virtual. So, proceeding… Hit enter to notify mailman owner… ENTER
Add list to Mailman configuration file:
# echo "add_virtualhost('lists.domain.tld','lists.domain.tld')" >> /usr/local/mailman/Mailman/mm_cfg.py
Start Mailman:
#/usr/local/etc/rc.d/mailman start
Test:
Visit “http://lists.domain.tld/ again. Once the page loads, click the
“the list admin overview page” link. Then, click the “create a new
mailing list” link.Fill in the blanks:
Name of list: test
Initial list owner address: you@domain.tld
Enter list passwords…
List creator’s (authentication) password: site_passwordClick “Create List” button.
IMPORTANT!
Something that has been lingering in the back of mind for a long time and was just recently brought to my attention by my buddy Zbigniew (Thanks!) is the fact that Mailman handling virtual mailing lists will accept *ANY* mail addressed to lists.domain.tld (Or any other list you host). This will produce a surreal amount of backscatter if there were ever a dictionary spam attack on your mailing list. So, in order to fix this we must create a separate map of legitimate mailing list addresses for each mailing list you create. Yes, I know this can be a royal pain in the rear, but I haven’t figured out a good automated process for this yet. So, let’s do this now, shall we?
Find all available mailing list addresses:
#cd /usr/local/mailman
#bin/genaliases
Create and edit /usr/local/etc/postfix/relay_recipients file:
Add every address Postfix should accept mail for for Mailman along with the domains (Using the output from the previous command). Also, follow each address with an “OK”. In other words, if you had a mailing list called ‘users@lists.domain.tld’, your file would look something like this (by default):
users@lists.domain.tld OK users-admin@lists.domain.tld OK users-bounces@lists.domain.tld OK users-confirm@lists.domain.tld OK users-join@lists.domain.tld OK users-leave@lists.domain.tld OK users-owner@lists.domain.tld OK users-request@lists.domain.tld OK users-subscribe@lists.domain.tld OK users-unsubscribe@lists.domain.tld OK
Create map for Postfix:
#postmap /usr/local/etc/postfix/relay_recipients
Note:
You MUST do the above for every mailing list you create in Mailman. Otherwise, Postfix will reject the e-mail. Of course, all addresses can be added to the same file. Also, don’t forget to re-run the ‘postmap’ command and reload Postfix after each edit of the ‘relay_recipients’ file.
Edit /usr/local/etc/postfix/main.cf file:
This will tell Postfix to accept mail for virtual users as well as our mailing list addresses.
... relay_recipient_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf, hash:/usr/local/etc/postfix/relay_recipients ...
Reload Postfix’s configuration:
#postfix reload
Subscribe to the test mailing list:
Visit “http://lists.domain.tld/mailman/listinfo
Click the name of the new list you’ve created (You might have to reload/refresh the page if nothing shows up). Fill in the blanks in the section labeled “Subscribing to listname” and submit.
Check your email and confirm your subscription.
Send an email to “listname@lists.domain.tld“.
If everything goes correctly, the mail should be submitted without a problem. Again, check the /var/log/maillog for any errors that may occur.
If there are no errors, visit “http://lists.domain.tld/pipermail/listname” to view your submitted mails.
Note:
Also, don’t forget to add a “mailman@domain.tld” alias to point to a legit user on your mail server. Otherwise, you’ll see errors in your maillog.
Adding more lists to MailMan
Add a new list to Mailman:
#cd /usr/local/mailman
#bin/newlist -u lists.domain2.tld -e lists.domain2.tld listname
Add new list to Mailman configuration file:
#echo "add_virtualhost('lists.domain2.tld','lists.domain2.tld')" >> /usr/local/mailman/Mailman/mm_cfg.py
Edit /usr/local/etc/postfix/main.cf file:
Find and edit the RED TEXT.
... relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf lists.domain.tld lists.domain2.tld ...
Add transport to Postfix:
#echo 'lists.domain2.tld mailman:' >> /usr/local/etc/postfix/transport
Rebuild Postfix’s transport database:
#postmap /usr/local/etc/postfix/transport
Reload Postfix for changes:
#postfix reload
Edit /usr/local/etc/apache22/extra/httpd-vhosts.conf file:
<VirtualHost *:80> ServerAdmin webmaster@domain2.tld DocumentRoot "/usr/local/mailman" ServerName lists.domain2.tld ServerAlias lists.domain2.tld ScriptAlias /cgi-bin/ "/usr/local/mailman/cgi-bin/" ScriptAlias /mailman/ "/usr/local/mailman/cgi-bin/" Alias /pipermail "/usr/local/mailman/archives/public" Alias /icons "/usr/local/mailman/icons" <Directory /usr/local/mailman> AllowOverride All Options FollowSymlinks Order allow,deny Allow from all </Directory> ErrorLog /var/log/httpd-error.log CustomLog /var/log/httpd-access.log combined </VirtualHost>
Reload Apache configuration:
#apachectl graceful
That’s about it. Now, just visit “http://lists.domain2.tld/mailman/listinfo“. Edit, subscribe, etc… and you’re all set.
Page 14 – Mailgraph Install
Mailgraph is a nice little statistics CGI script for your mail server. You can read more about it by visiting http://mailgraph.schweikert.ch/.
This tutorial installs version 1.14_2.
Install RRDTool:
#cd /usr/ports/databases/rrdtool
#make all install clean (Menu defaults are fine)
Patch and install Mailgraph:
(Many thanks to DrkShdw for this patch and many other helpful things…)
#cd /usr/ports/mail/mailgraph #make extract #fetch http://www.purplehat.org/downloads/postfix_guide/mailgraph-1.14-postfix.diff #patch -p0 < mailgraph-1.14-postfix.diff #make all install clean
Add Mailgraph to system startup:
#echo 'mailgraph_enable="YES"' >> /etc/rc.conf
Start Mailgraph application:
#/usr/local/etc/rc.d/mailgraph start
NOTE:
If you are using a different Apache layout than this tutorial/guide has set up and you aren’t able to access the mailgraph.cgi script via http://www.domain.tld/cgi-bin/mailgraph.cgi, you can fix this easily by copying the mailgraph.cgi script to your preffered cgi-bin by issuing a command similar to the following:
#cp /usr/local/www/cgi-bin/mailgraph.cgi /path/to/your/cgi-bin/mailgraph.cgiChanging the /path/to/your/cgi-bin/, of course.
You’ll also need to copy the ‘mailgraph’ directory located in /usr/local/www/data to your base directory in order to use the mailgraph CSS information. This is also very simple to do. Just issue something like so:
#cp -Rp /usr/local/www/data/mailgraph/ /path/to/your/data/mailgraph/Again, changing the /path/to/your/data/.
Page 15 – Roundcube Install
Roundcube is a great webmail application that has been coming along quite nicely. As I’d mentioned before, I prefer Squirrelmail due to plugins and more support. But, Roundcube looks very nice and beginning to ‘bloom’. So, feel free to play with it. A lot of users will prefer this over SquirrelMail. You can check out more about Roundcube by visiting http://roundcube.net/.
This tutorial installs version 0.1.1_1,1.
Install Roundcube via ports:
#cd /usr/ports/mail/roundcube
#make install clean
(Be sure “MySQL” and “SPELLCHECK” are selected from the menu.)
Create MySQL database and user for Roundcube:
#mysql -u root -p mysql >CREATE DATABASE roundcube; >GRANT ALL PRIVILEGES ON roundcube.* TO roundcube@localhost >IDENTIFIED BY 'roundcube_password'; >quit;
Populate the Roundcube database:
#cd /usr/local/www/roundcube/SQL
#mysql -u roundcube -p roundcube < mysql5.initial.sql
(Enter Roundcube’s SQL password)
Edit /usr/local/www/roundcube/config/db.inc.php file:
Find and edit the RED TEXT.
... $rcmail_config['db_dsnw'] = 'mysql://roundcube:roundcube_sql_password@unix(/tmp/mysql.sock)/roundcube'; ...
Edit /usr/local/www/roundcube/config/main.inc.php file:
Find and edit the RED TEXT.
…
$rcmail_config['default_host'] = ‘ssl://localhost:993‘;
…
$rcmail_config['default_port'] = 993;
…
$rcmail_config['useragent'] = 'RoundCube Webmail';
…
Secure Roundcube configuration files:
#chmod 600 /usr/local/www/roundcube/config/*
Edit /usr/local/etc/apache22/Includes/roundcube.conf file:
Alias /roundcube "/usr/local/www/roundcube/" <Directory "/usr/local/www/roundcube"> Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory>
Reload Apache’s configuration:
#apachectl graceful
Test:
Visit “https://www.domain.tld/roundcube/” and login to roundcube using your full email address and password. You should now be able to use Roundcube as a webmail client. If you’re having any problems, be sure to check your Roundcube logs located in “/usr/local/www/roundcube/logs“.
Page 16 – SquirrelMail Install
SquirrelMail is a very actively developed, fun, and easy to use webmail application. I prefer SquirrelMail mostly because of the broad list of plugins available for it. You can read more about it by visiting http://www.squirrelmail.org/.
This tutorial installs version 1.4.15_1.
Install SquirrelMail via ports:
#cd /usr/ports/mail/squirrelmail
#make all install clean
SquirrelMail configuration:
#cd /usr/local/www/squirrelmail
#./configure
SquirrelMail Options:
1. Choose option “2. Server Settings“.
2. Choose option “1. Domain” and change it to your domain name.
3. Choose option “A. Update IMAP Settings” then option “5. IMAP Port” and change it to “993“.
4. Choose option “7. Secure IMAP (TLS)” and change it to “true” by pressing “y“.
5. Choose option “8. Server software” then type”dovecot” followed by the “ENTER” to set it.
6. Press “s” followed by the “ENTER” key to save.
7. Press “q” followed by the “ENTER” key to quit.
Edit /usr/local/etc/apache22/Includes/squirrelmail.conf file:
Alias /squirrelmail/ "/usr/local/www/squirrelmail/" <Directory "/usr/local/www/squirrelmail"> AllowOverride None Options None Order allow,deny Allow from all </Directory>
Reload Apache configuration:
#apachectl graceful
Test:
SquirrelMail should now be installed and working. Visit “https://domain.tld/squirrelmail/src/configtest.php” to make sure all is well. If there are no errors, great! Click the “Login now” link at the bottom and proceed to log in.
Note:
If you are having trouble logging into SquirrelMail even though you know you’re using the correct login information, verify that “file_uploads” is set to “On” in your /usr/local/etc/php.ini file.
Once logged in, go a head and send an email to either yourself or someone else and make sure everything is working properly. If you or the third party recieved the email, you’re finished with the SquirrelMail install.
After you are sure everything is functioning as it should, continue on and begin installing some plugins for SquirrelMail. These plugins will make your life much easier as an adminitrator…
Install Quota Usage plugin via ports:
#cd /usr/ports/mail/squirrelmail-quota_usage-plugin
#make all install clean
#cd /usr/local/www/squirrelmail/plugins/check_quota
#cp config.sample.php config.php
Edit /usr/local/www/squirrelmail/plugins/check_quota/config.php file:
Find and edit the RED TEXT.
…
$settings['quota_type'] = 1;
…
NOTE:
If you would like the quota usage to display the amount AND percentage used (Like I do…), you can use the patch I made like so:
#cd /usr/local/www/squirrelmail/plugins/check_quota #fetch http://www.purplehat.org/downloads/postfix_guide/check_quota.diff #patch -p0<check_quota.diff #rm -rf check_quota.diff
Install Secure Login plugin via ports:
#cd /usr/ports/mail/squirrelmail-secure_login-plugin
#make all install clean
#cd /usr/local/www/squirrelmail/plugins/secure_login/
#cp config.sample.php config.php
Install Timeout plugin via ports:
#cd /usr/ports/mail/squirrelmail-timeout_user-plugin
#make all install clean
Activate the plugins:
#cd /usr/local/www/squirrelmail
#./configure
SquirrelMail Options:
1. Choose option “8. Plugins“.
2. To install a plugin, just press its number.
3. I recommend installing the following plugins: “squirrelspell“, “filters“, “calendar“, “compatibility“, “check_quota “,”secure_login“, and “timeout_user“.
4. Press “s” then “ENTER” to save and “q” to quit.
Note:
The “filters” plugin is used to filter out mail which Maia-Mailguard has modified the subject with “***SPAM*** “. If you choose to load this plugin, be sure you edit the “setup.php” file in the plugin’s directory to turn “$AllowSpamFilters = true;” to “$AllowSpamFilters = false;“. Of course, if you are going to use the spam filters, disregard this note.
SquirrelMail should now be 100% functional. Be sure to let users know to “purge” their “Trash” directory on occassion so their quota doesn’t max out. That’s bad.
If you would like to automatically purge mail directories in any way, shape or form, check out the SquirrelMail web site and dig through their stuff. They have tons of it…
No comments:
Post a Comment