1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
|
.. link:
.. description: is an ongoing mail server and webmail frontend project, documented to be set up on a FreeBSD jail and instanced on elektropost.org.
.. tags: project
.. date: 2014/02/01 19:10:08
.. title: elektropost
.. subtitle: a FreeBSD jail based mail server project.
.. slug: ../arts/software/elektropost
.. prio: 750
.. contents::
:depth: 1
:class: ezjail-toc
----
Overview
========
`Here is a raw sketch </epost.pdf>`_ of how the elektropost setup works.
Send feedback to `erdgeist <mailto:erdgeist@erdgeist.org>`_.
----
Install qmail
=============
* ``make patch`` in /usr/ports/mail/qmail-tls, choose SMTP_AUTH_PATCH, BIG_TODO_PATCH, BIG_CONCURRENCY_PATCH, DISCBOUNCES_PATCH and SPF_PATCH, keep RCDLINK
* apply patch http://erdgeist.org/arts/software/Code/elektropost/validrcptto.cdb.patch.new to qmail-tls/work/qmail-1.03
* apply patch http://erdgeist.org/arts/software/Code/elektropost/qmail-smtpd.c.privacy.patch to qmail-tls/work/qmail-1.03
* ``make install`` in /usr/ports/mail/qmail-tls
* add "QMAIL_SLAVEPORT=tls" in /etc/make.conf
----
Configure qmail
===============
* In /var/qmail/control check/edit all files
* create a servercert.pem. On elektropost this one is used for lighty and dovecot as well, YMMV
* install http://erdgeist.org/arts/software/Code/elektropost/tcp.smtp to /etc/tcp.smtp and alter it accordingly to your needs, ie fix/insert to "cat /etc/tcp.smtp | tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp"
* for this you will need to ``make install`` in /usr/ports/sysutils/ucspi-tcp
* select SSL, leave MAN checked
* ``sysrc qmailsmtpd_enable="YES"``
* ``sysrc qmailsend_enable="YES"``
* ``echo 'qmailsmtpd_checkpassword="/usr/local/vpopmail/bin/vchkpw"' >> /etc/rc.conf``
----
Install vpopmail
================
* ``make install`` in /usr/ports/mail/vpopmail
* Use default options for ucspi-tcp
* ``chown vpopmail:vchkpw /usr/local/vpopmail``
* ``chmod u+s ~vpopmail/bin/vchkpw``
* ``pw user mod vpopmail -s /bin/sh``
----
Configure vpopmail
==================
* ``echo elektropost.org > /usr/local/vpopmail/etc/defaultdomain``
----
Install dovecot
===============
* ``make install`` in /usr/ports/mail/dovecot
* choose option LUA, keep the rest (maybe disable IPV6)
* ``echo 'dovecot_enable="YES"' >> /etc/rc.conf``
----
Configure dovecot
=================
* ``cp /usr/local/etc/dovecot/dovecot-example.conf /usr/local/etc/dovecot/dovecot.conf``
* Change: protocols = imap imaps pop3s
* Change: listen = and ssl_listen = to match your ip addresses
* Change: ssl_cert_file = /var/qmail/control/servercert.pem
* Change: ssl_key_file = /var/qmail/control/servercert.pem
* Change: mail_location = maildir:%h/Maildir
* Change: first_valid_uid = 1
* Change: first_valid_gid = 1
* Change: max_mail_processes = 1024
* Change: auth_username_format = %Ln@%Ld
* Change::
passdb {
driver = lua
args = file=/usr/local/etc/dovecot/auth.lua blocking=yes # default is yes
}
userdb {
driver = lua
args = file=/usr/local/etc/dovecot/auth.lua blocking=yes # default is yes
}
Install the file http://erdgeist.org/arts/software/Code/elektropost/auth.lua in ``/usr/local/etc/dovecot/``,
.. code-block::
function auth_password_verify(req, pass)
local handle = io.popen("/usr/local/vpopmail/bin/vuserinfo -p "..req.user)
local result = handle:read("*a")
handle:close()
local epass = result:match "^%s*(.-)%s*$"
if req:password_verify("{MD5-CRYPT}"..epass,pass) > 0 then
return dovecot.auth.PASSDB_RESULT_OK, {}
end
return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, {}
end
function auth_userdb_lookup(req)
local handle = io.popen("/usr/local/vpopmail/bin/vuserinfo -d "..req.user)
local result = handle:read("*a")
handle:close()
if result:find("no such user") ~= nil then
return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
end
return dovecot.auth.USERDB_RESULT_OK, "uid=vpopmail gid=vchkpw home="..result:match "^%s*(.-)%s*$"
end
----
Install lighty
==============
* ``make install`` in /usr/ports/www/lighttpd
* ``echo 'lighttpd_enable="YES"' >> /etc/rc.conf``
----
Configure lighty
================
* ``cp /usr/local/etc/lighttpd.conf.sample /usr/local/etc/lighttpd.conf``
* Change: "mod_fastcgi",
* Change: server.document-root = "/usr/local/www/squirrelmail/"
* Change: server.port = 443
* Change::
cgi.assign = ( ".pl" => "/usr/bin/perl",
".cgi" => "/usr/bin/perl",
"/cgi-bin/qmailadmin" => "",
"/ezmlm-cgi" => "" )
* Change: ssl.engine = "enable"
* Change: ssl.pemfile = "/var/qmail/control/servercert.pem"
* To inform users to use https, put a document to /usr/local/www/data/index.html and add::
#compatibility
$SERVER["socket"] == "<insert your ip address>:80" {
ssl.engine = "disable"
server.name = "<your fqdn>"
server.document-root = "/usr/local/www/data"
}
----
Install squirrelmail
====================
* ``make install`` in /usr/ports/mail/squirrelmail
* Use default options for php5
* Follow the instructions squirrelmail port prints out
----
Install qmailadmin / ezmlm-idx
==============================
* ``make install WITH_SPAM_DETECTION=TRUE SPAM_COMMAND="| /usr/local/bin/spamc -f | /usr/local/bin/maildrop" CGIBINDIR=www/squirrelmail/cgi-bin CGIBINSUBDIR= WEBDATADIR=www/squirrelmail WEBDATASUBDIR=qmailadmin in /usr/ports/mail/qmailadmin``
* Use default options for ezmlm-idx
----
Install qmailadmin plugin for squirrelmail
==========================================
* ``make install`` in /usr/ports/mail/squirrelmail-qmailadmin_login-plugin
----
Install maildrop
================
* ``make install`` in /usr/ports/mail/maildrop
----
Install the maildrop spam sort magic
====================================
* install http://erdgeist.org/arts/software/Code/elektropost/maildroprc to /usr/local/etc/maildroprc
----
Install spamassassin
====================
* ``make install`` in /usr/ports/mail/p5-Mail-SpamAssassin, keep SPAMC, SSL, uncheck all others
* ``echo '-d 192.168.0.2' > /usr/local/etc/mail/spamassassin/spamc.conf``
----
Install the Valid RCPTTO checking stuff
=======================================
* install http://erdgeist.org/arts/software/Code/elektropost/mkvalidrcptto to /usr/local/vpopmail/bin/mkvalidrcptto
* ``chmod +x /usr/local/vpopmail/bin/mkvalidrcptto``
* ``cpan install CDB_File`` to help perl understand cdb files
* ``make install`` in /usr/ports/databases/cdb/
* Add a script to your crontab (e.g. /usr/local/vpopmail/etc/tidymail.sh) that contains::
/usr/local/vpopmail/bin/mkvalidrcptto | /usr/local/bin/cdbmake-12 /var/qmail/control/validrcptto.cdb /tmp/validrcptto.tmp
----
Install the auto trash-pruning script
=====================================
* Add a script to your crontab (e.g. /usr/local/bin/prune-trash.sh) that contains::
find -E /usr/local/vpopmail/domains/ -type f -iregex "^.*/maildir/.*\.(junk|trash|spam)(\.[^/]+)?/(new|cur|tmp)/.*$" -mmin +86400 -delete
|