.. link: .. description: is an ongoing mail server and webmail frontend project, documented to be set up on a FreeBSD jail and instanced on elektropost.org. .. tags: project .. date: 2014/02/01 19:10:08 .. title: elektropost .. subtitle: a FreeBSD jail based mail server project. .. slug: ../arts/software/elektropost .. prio: 750 .. contents:: :depth: 1 :class: ezjail-toc ---- Overview ======== `Here is a raw sketch `_ of how the elektropost setup works. Send feedback to `erdgeist `_. ---- Install qmail ============= * ``make patch`` in /usr/ports/mail/qmail-tls, choose SMTP_AUTH_PATCH, BIG_TODO_PATCH, BIG_CONCURRENCY_PATCH, DISCBOUNCES_PATCH and SPF_PATCH, keep RCDLINK * apply patch http://erdgeist.org/arts/software/Code/elektropost/validrcptto.cdb.patch.new to qmail-tls/work/qmail-1.03 * apply patch http://erdgeist.org/arts/software/Code/elektropost/qmail-smtpd.c.privacy.patch to qmail-tls/work/qmail-1.03 * ``make install`` in /usr/ports/mail/qmail-tls * add "QMAIL_SLAVEPORT=tls" in /etc/make.conf ---- Configure qmail =============== * In /var/qmail/control check/edit all files * create a servercert.pem. On elektropost this one is used for lighty and dovecot as well, YMMV * install http://erdgeist.org/arts/software/Code/elektropost/tcp.smtp to /etc/tcp.smtp and alter it accordingly to your needs, ie fix/insert to "cat /etc/tcp.smtp | tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp" * for this you will need to ``make install`` in /usr/ports/sysutils/ucspi-tcp * select SSL, leave MAN checked * ``sysrc qmailsmtpd_enable="YES"`` * ``sysrc qmailsend_enable="YES"`` * ``echo 'qmailsmtpd_checkpassword="/usr/local/vpopmail/bin/vchkpw"' >> /etc/rc.conf`` ---- Install vpopmail ================ * ``make install`` in /usr/ports/mail/vpopmail * Use default options for ucspi-tcp * ``chown vpopmail:vchkpw /usr/local/vpopmail`` * ``chmod u+s ~vpopmail/bin/vchkpw`` * ``pw user mod vpopmail -s /bin/sh`` ---- Configure vpopmail ================== * ``echo elektropost.org > /usr/local/vpopmail/etc/defaultdomain`` ---- Install dovecot =============== * ``make install`` in /usr/ports/mail/dovecot * choose option LUA, keep the rest (maybe disable IPV6) * ``echo 'dovecot_enable="YES"' >> /etc/rc.conf`` ---- Configure dovecot ================= * ``cp /usr/local/etc/dovecot/dovecot-example.conf /usr/local/etc/dovecot/dovecot.conf`` * Change: protocols = imap imaps pop3s * Change: listen = and ssl_listen = to match your ip addresses * Change: ssl_cert_file = /var/qmail/control/servercert.pem * Change: ssl_key_file = /var/qmail/control/servercert.pem * Change: mail_location = maildir:%h/Maildir * Change: first_valid_uid = 1 * Change: first_valid_gid = 1 * Change: max_mail_processes = 1024 * Change: auth_username_format = %Ln@%Ld * Change:: passdb { driver = lua args = file=/usr/local/etc/dovecot/auth.lua blocking=yes # default is yes } userdb { driver = lua args = file=/usr/local/etc/dovecot/auth.lua blocking=yes # default is yes } Install the file http://erdgeist.org/arts/software/Code/elektropost/auth.lua in ``/usr/local/etc/dovecot/``, .. code-block:: function auth_password_verify(req, pass) local handle = io.popen("/usr/local/vpopmail/bin/vuserinfo -p "..req.user) local result = handle:read("*a") handle:close() local epass = result:match "^%s*(.-)%s*$" if req:password_verify("{MD5-CRYPT}"..epass,pass) > 0 then return dovecot.auth.PASSDB_RESULT_OK, {} end return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, {} end function auth_userdb_lookup(req) local handle = io.popen("/usr/local/vpopmail/bin/vuserinfo -d "..req.user) local result = handle:read("*a") handle:close() if result:find("no such user") ~= nil then return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user" end return dovecot.auth.USERDB_RESULT_OK, "uid=vpopmail gid=vchkpw home="..result:match "^%s*(.-)%s*$" end ---- Install lighty ============== * ``make install`` in /usr/ports/www/lighttpd * ``echo 'lighttpd_enable="YES"' >> /etc/rc.conf`` ---- Configure lighty ================ * ``cp /usr/local/etc/lighttpd.conf.sample /usr/local/etc/lighttpd.conf`` * Change: "mod_fastcgi", * Change: server.document-root = "/usr/local/www/squirrelmail/" * Change: server.port = 443 * Change:: cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl", "/cgi-bin/qmailadmin" => "", "/ezmlm-cgi" => "" ) * Change: ssl.engine = "enable" * Change: ssl.pemfile = "/var/qmail/control/servercert.pem" * To inform users to use https, put a document to /usr/local/www/data/index.html and add:: #compatibility $SERVER["socket"] == ":80" { ssl.engine = "disable" server.name = "" server.document-root = "/usr/local/www/data" } ---- Install squirrelmail ==================== * ``make install`` in /usr/ports/mail/squirrelmail * Use default options for php5 * Follow the instructions squirrelmail port prints out ---- Install qmailadmin / ezmlm-idx ============================== * ``make install WITH_SPAM_DETECTION=TRUE SPAM_COMMAND="| /usr/local/bin/spamc -f | /usr/local/bin/maildrop" CGIBINDIR=www/squirrelmail/cgi-bin CGIBINSUBDIR= WEBDATADIR=www/squirrelmail WEBDATASUBDIR=qmailadmin in /usr/ports/mail/qmailadmin`` * Use default options for ezmlm-idx ---- Install qmailadmin plugin for squirrelmail ========================================== * ``make install`` in /usr/ports/mail/squirrelmail-qmailadmin_login-plugin ---- Install maildrop ================ * ``make install`` in /usr/ports/mail/maildrop ---- Install the maildrop spam sort magic ==================================== * install http://erdgeist.org/arts/software/Code/elektropost/maildroprc to /usr/local/etc/maildroprc ---- Install spamassassin ==================== * ``make install`` in /usr/ports/mail/p5-Mail-SpamAssassin, keep SPAMC, SSL, uncheck all others * ``echo '-d 192.168.0.2' > /usr/local/etc/mail/spamassassin/spamc.conf`` ---- Install the Valid RCPTTO checking stuff ======================================= * install http://erdgeist.org/arts/software/Code/elektropost/mkvalidrcptto to /usr/local/vpopmail/bin/mkvalidrcptto * ``chmod +x /usr/local/vpopmail/bin/mkvalidrcptto`` * ``cpan install CDB_File`` to help perl understand cdb files * ``make install`` in /usr/ports/databases/cdb/ * Add a script to your crontab (e.g. /usr/local/vpopmail/etc/tidymail.sh) that contains:: /usr/local/vpopmail/bin/mkvalidrcptto | /usr/local/bin/cdbmake-12 /var/qmail/control/validrcptto.cdb /tmp/validrcptto.tmp ---- Install the auto trash-pruning script ===================================== * Add a script to your crontab (e.g. /usr/local/bin/prune-trash.sh) that contains:: find -E /usr/local/vpopmail/domains/ -type f -iregex "^.*/maildir/.*\.(junk|trash|spam)(\.[^/]+)?/(new|cur|tmp)/.*$" -mmin +86400 -delete