Installing qmail and courier-imap on FreeBSD

Last updated: 2016-12-09T20:56:11-0500

uname -a
FreeBSD neet.inri.net 11.0-RELEASE-p1 FreeBSD 11.0-RELEASE-p1 #0 r306420:
Thu Sep 29 01:43:23 UTC 2016
root@releng2.nyi.freebs d.org:/usr/obj/usr/src/sys/GENERIC  amd64

NOTE: neet.inri.net is the name of my machine. If you use any of these files you will need to change any appearance of neet.inri.net to match your own system.

Update the ports tree

portsnap fetch extract update

daemontools

pkg install daemontools
mkdir /var/service

qmail

cd /usr/ports/mail/qmail
make config # http://sciops.net/paste/1454531555.31ad9296
ed Makefile
795p
a
    @${REINPLACE_CMD} -e "s/define AUTHCRAM/undef AUTHCRAM/g" ${WRKSRC}/*.c
.
w
q
make install clean
cd /var/qmail
wget http://freebsd.stanleylieber.com/qmail/rc
chmod 755 /var/qmail/rc
mkdir /var/log/qmail
cd /var/qmail/control
echo 20 >concurrencyincoming
chmod 644 concurrencyincoming
echo ./Maildir/ >defaultdelivery
echo neet.inri.net >defaultdomain
echo neet.inri.net >locals
echo neet.inri.net >me
echo inri.net >plusdomain
echo neet.inri.net >rcpthosts
openssl req -newkey rsa:1024 -x509 -nodes -days 3650 -out servercert.pem -keyout servercert.pem # answer questions to match your site
chown root:qnofiles servercert.pem
chmod 640 servercert.pem
cp servercert.pem clientcert.pem
chown root:qmail clientcert.pem
chmod 640 clientcert.pem
cd /var/qmail/bin
wget http://freebsd.stanleylieber.com/qmail/qmailctl
chmod 700 qmailctl
ln -s /var/qmail/bin/qmailctl /usr/local/bin/
mkdir -p /var/qmail/supervise/qmail-send/log
mkdir -p /var/qmail/supervise/qmail-smtpd/log
mkdir -p /var/qmail/supervise/qmail-smtpd-ssl/log
cd /var/qmail/supervise/qmail-send
wget http://freebsd.stanleylieber.com/qmail/supervise/qmail-send-run
mv qmail-send-run run
cd /var/qmail/supervise/qmail-send-log
wget http://freebsd.stanleylieber.com/qmail/supervise/qmail-send-log-run
mv qmail-send-log-run run
cd /var/qmail/supervise/qmail-smtpd
wget http://freebsd.stanleylieber.com/qmail/supervise/qmail-smtpd-run
mv qmail-smtpd-run run
cd /var/qmail/supervise/qmail-smtpd/log
wget http://freebsd.stanleylieber.com/qmail/supervise/qmail-smtpd-log-run
mv qmail-smtpd-log-run run
cd /var/qmail/supervise/qmail-smtpd-ssl
wget http://freebsd.stanleylieber.com/qmail/supervise/qmail-smtpd-ssl-run
mv qmail-smtpd-ssl-run run
cd /var/qmail/supervise/qmail-smtpd-ssl/log
wget http://freebsd.stanleylieber.com/qmail/supervise/qmail-smtpd-ssl-log-run
mv qmail-smtpd-ssl-log-run run
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd-ssl/run
chmod 755 /var/qmail/supervise/qmail-smtpd-ssl/log/run
mkdir -p /var/log/qmail/smtpd
chown qmaill /var/log/qmail /var/log/qmail/smtpd
mkdir -p /var/log/qmail/smtpd-ssl
chown qmaill /var/log/qmail /var/log/qmail/smtpd-ssl
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-smtpd-ssl /var/service
/etc/rc.d/sendmail stop
mv /usr/lib/sendmail /usr/lib/sendmail.old                  # ignore errors
mv /usr/sbin/sendmail /usr/sbin/sendmail.old                # ignore errors
chmod 0 /usr/lib/sendmail.old /usr/sbin/sendmail.old        # ignore errors
ln -s /var/qmail/bin/sendmail /usr/lib
ln -s /var/qmail/bin/sendmail /usr/sbin
echo sl > /var/qmail/alias/.qmail-root
echo sl > /var/qmail/alias/.qmail-postmaster
ln -s .qmail-postmaster /var/qmail/alias/.qmail-mailer-daemon
ln -s .qmail-postmaster /var/qmail/alias/.qmail-abuse
chmod 644 /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-postmaster
echo doublebounce >/var/qmail/control/doublebounceto
echo '#' >/var/qmail/alias/.qmail-doublebounce  # silently discard double bounces
echo '#' >/var/qmail/alias/.qmail-default   # silently discard all messages to non-existent accounts

ucspi

pkg install ucspi-tcp
pkg install ucspi-ssl
echo '127.:allow,RELAYCLIENT=""' >>/etc/tcp.smtp
qmailctl cdb

courier-authlib

pkg install courier-authlib
ed /usr/local/etc/authlib/authdaemonrc  # authmodulelist="authuserdb"
pkg install courier-authlib-userdb
cd /var/qmail/bin
wget http://freebsd.stanleylieber.com/qmail/updatepass.sh
chmod 700 updatepass.sh
ln -s /var/qmail/bin/updatepass.sh /usr/local/bin

courier-imap

pkg install courier-imap
cd /usr/local/etc/courier-imap
cp imapd.cnf.dist imapd.cnf
ed imapd.cnf    # edit to match your site
ed imapd    # MAXPERIP=40
cd /usr/local/share/courier-imap
./mkdhparams
./mkimapdcert

courierpasswd

Used for auth by qmail-smtpd and qmail-smtpd-ssl run scripts.

pkg install courierpasswd
chgrp courier /usr/local/sbin/courierpasswd
chmod g+s /usr/local/sbin/courierpasswd

Add an SMTP/IMAP user

User accounts are managed separately from user accounts on the host operating system. Both instances of authentication will rely upon the same mechanism: courierpasswd backed by courier-authlib.

# as $USER
maildirmake $HOME/Maildir
>$HOME/.neet-imap-password
chmod 600 $HOME/.neet-imap-password
echo password >$HOME/.neet-imap-password
# as root
username=username userdb $username set home=/home/$username mail=/home/$username/Maildir uid=`id -u $username` gid=`id -g $username`

# update SMTP/IMAP user password db based on the contents of $HOME/.neet-imap-password
/usr/local/bin/updatepass.sh    # read this, suitable to run from cron

# create new IMAP folder called newfolder
# as $USER
maildirmake -f newfolder /home/$USER/Maildir

SpamAssassin

pkg install maildrop spamassassin
sa-update
crontab -e
,p
a
1 7 * * * /usr/local/bin/sa-update
.
w
q
# do this as root to enable SpamAssassin for all users by default
#echo '| /usr/local/bin/spamc | maildir ./Maildir/' >/var/qmail/control/defaultdelivery
# OR do this as user to enable SpamAssassin for only that user
cd
wget http://freebsd.stanleylieber.com/qmail/dot.mailfilter && mv dot.mailfilter .mailfilter # edit to suit
chmod 600 .mailfilter
echo '| /usr/local/bin/spamc | maildrop' >.qmail

pf spamd

Not to be confused with SpamAssassin spamd.

NOTE: gmail does not play well with grelisting; so, trying blacklist only.

pkg install spamd
cp /usr/local/etc/spamd/spamd.conf.sample /usr/local/etc/spamd/spamd.conf
ed /usr/local/etc/spamd/spamd.conf  # read and edit
echo 'fdescfs   /dev/fd     fdescfs rw  0   0' >>/etc/fstab
mount fdescfs
crontab -e
,p
a
1 8 * * * /usr/local/sbin/spamd-setup -b
.
w
q
ed /etc/syslog.conf
,p
a
!spamd
daemon.err;daemon.warn;daemon.info      /var/log/spamd
.
w
q
touch /var/log/spamd
kill -HUP `cat /var/run/syslog.pid`

Misc. system chores

cd /etc
wget http://freebsd.stanleylieber.com/etc/pf.conf.neet && mv pf.conf.neet pf.conf
chmod 600 /etc/pf.conf  # read and edit
wget http://freebsd.stanleylieber.com/etc/rc.conf.neet && mv rc.conf.neet rc.conf   # read and edit
reboot  # needed for all changes above to take effect!

Upgrade

qmailctl stop
service courier-imap-imapd-ssl stop
service courier-authdaemond stop
pkg upgrade # if needed
portsnap fetch update   # if needed
cd /usr/ports/mail/qmail
make config # make sure settings are the same
make clean
sed -n 796p Makefile    # make sure AUTHCRAM is still being removed
make deinstall
make reinstall clean
chgrp courier /usr/local/sbin/courierpasswd
chmod g+s /usr/local/sbin/courierpasswd
service courier-authdaemond start
service courier-imap-imapd-ssl start
qmailctl start
qmailctl stat   # make sure qmail really started
# now, send some test messages to and from the system