sl/freebsd

Installing qmail and courier-imap on FreeBSD

Last updated: 2016-12-09T20:56:11-0500

   uname -a
   FreeBSD neet.inri.net 11.0-RELEASE-p1 FreeBSD 11.0-RELEASE-p1 #0 r306420:
   Thu Sep 29 01:43:23 UTC 2016
   root@releng2.nyi.freebs d.org:/usr/obj/usr/src/sys/GENERIC  amd64

NOTE: neet.inri.net is the name of my machine. If you use any of these files you will need to change any appearance of neet.inri.net to match your own system.

Update the ports tree

   portsnap fetch extract update

daemontools

   pkg install daemontools
   mkdir /var/service

qmail

   cd /usr/ports/mail/qmail
   make config   # http://sciops.net/paste/1454531555.31ad9296
   ed Makefile
   795p
   a
          @${REINPLACE_CMD} -e "s/define AUTHCRAM/undef AUTHCRAM/g" ${WRKSRC}/*.c
   .
   w
   q
   make install clean
   cd /var/qmail
   wget http://freebsd.stanleylieber.com/qmail/rc
   chmod 755 /var/qmail/rc
   mkdir /var/log/qmail
   cd /var/qmail/control
   echo 20 >concurrencyincoming
   chmod 644 concurrencyincoming
   echo ./Maildir/ >defaultdelivery
   echo neet.inri.net >defaultdomain
   echo neet.inri.net >locals
   echo neet.inri.net >me
   echo inri.net >plusdomain
   echo neet.inri.net >rcpthosts
   openssl req -newkey rsa:1024 -x509 -nodes -days 3650 -out servercert.pem -keyout servercert.pem   # answer questions to match your site
   chown root:qnofiles servercert.pem
   chmod 640 servercert.pem
   cp servercert.pem clientcert.pem
   chown root:qmail clientcert.pem
   chmod 640 clientcert.pem
   cd /var/qmail/bin
   wget http://freebsd.stanleylieber.com/qmail/qmailctl
   chmod 700 qmailctl
   ln -s /var/qmail/bin/qmailctl /usr/local/bin/
   mkdir -p /var/qmail/supervise/qmail-send/log
   mkdir -p /var/qmail/supervise/qmail-smtpd/log
   mkdir -p /var/qmail/supervise/qmail-smtpd-ssl/log
   cd /var/qmail/supervise/qmail-send
   wget http://freebsd.stanleylieber.com/qmail/supervise/qmail-send-run
   mv qmail-send-run run
   cd /var/qmail/supervise/qmail-send-log
   wget http://freebsd.stanleylieber.com/qmail/supervise/qmail-send-log-run
   mv qmail-send-log-run run
   cd /var/qmail/supervise/qmail-smtpd
   wget http://freebsd.stanleylieber.com/qmail/supervise/qmail-smtpd-run
   mv qmail-smtpd-run run
   cd /var/qmail/supervise/qmail-smtpd/log
   wget http://freebsd.stanleylieber.com/qmail/supervise/qmail-smtpd-log-run
   mv qmail-smtpd-log-run run
   cd /var/qmail/supervise/qmail-smtpd-ssl
   wget http://freebsd.stanleylieber.com/qmail/supervise/qmail-smtpd-ssl-run
   mv qmail-smtpd-ssl-run run
   cd /var/qmail/supervise/qmail-smtpd-ssl/log
   wget http://freebsd.stanleylieber.com/qmail/supervise/qmail-smtpd-ssl-log-run
   mv qmail-smtpd-ssl-log-run run
   chmod 755 /var/qmail/supervise/qmail-send/run
   chmod 755 /var/qmail/supervise/qmail-send/log/run
   chmod 755 /var/qmail/supervise/qmail-smtpd/run
   chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
   chmod 755 /var/qmail/supervise/qmail-smtpd-ssl/run
   chmod 755 /var/qmail/supervise/qmail-smtpd-ssl/log/run
   mkdir -p /var/log/qmail/smtpd
   chown qmaill /var/log/qmail /var/log/qmail/smtpd
   mkdir -p /var/log/qmail/smtpd-ssl
   chown qmaill /var/log/qmail /var/log/qmail/smtpd-ssl
   ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-smtpd-ssl /var/service
   /etc/rc.d/sendmail stop
   mv /usr/lib/sendmail /usr/lib/sendmail.old                  # ignore errors
   mv /usr/sbin/sendmail /usr/sbin/sendmail.old                # ignore errors
   chmod 0 /usr/lib/sendmail.old /usr/sbin/sendmail.old        # ignore errors
   ln -s /var/qmail/bin/sendmail /usr/lib
   ln -s /var/qmail/bin/sendmail /usr/sbin
   echo sl > /var/qmail/alias/.qmail-root
   echo sl > /var/qmail/alias/.qmail-postmaster
   ln -s .qmail-postmaster /var/qmail/alias/.qmail-mailer-daemon
   ln -s .qmail-postmaster /var/qmail/alias/.qmail-abuse
   chmod 644 /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-postmaster
   echo doublebounce >/var/qmail/control/doublebounceto
   echo '#' >/var/qmail/alias/.qmail-doublebounce   # silently discard double bounces
   echo '#' >/var/qmail/alias/.qmail-default # silently discard all messages to non-existent accounts

ucspi

   pkg install ucspi-tcp
   pkg install ucspi-ssl
   echo '127.:allow,RELAYCLIENT=""' >>/etc/tcp.smtp
   qmailctl cdb

courier-authlib

   pkg install courier-authlib
   ed /usr/local/etc/authlib/authdaemonrc    # authmodulelist="authuserdb"
   pkg install courier-authlib-userdb
   cd /var/qmail/bin
   wget http://freebsd.stanleylieber.com/qmail/updatepass.sh
   chmod 700 updatepass.sh
   ln -s /var/qmail/bin/updatepass.sh /usr/local/bin

courier-imap

   pkg install courier-imap
   cd /usr/local/etc/courier-imap
   cp imapd.cnf.dist imapd.cnf
   ed imapd.cnf  # edit to match your site
   ed imapd      # MAXPERIP=40
   cd /usr/local/share/courier-imap
   ./mkdhparams
   ./mkimapdcert

courierpasswd

Used for auth by qmail-smtpd and qmail-smtpd-ssl run scripts.

   pkg install courierpasswd
   chgrp courier /usr/local/sbin/courierpasswd
   chmod g+s /usr/local/sbin/courierpasswd

Add an SMTP/IMAP user

User accounts are managed separately from user accounts on the host operating system. Both instances of authentication will rely upon the same mechanism: courierpasswd backed by courier-authlib.

   # as $USER
   maildirmake $HOME/Maildir
   >$HOME/.neet-imap-password
   chmod 600 $HOME/.neet-imap-password
   echo password >$HOME/.neet-imap-password
   # as root
   username=username userdb $username set home=/home/$username mail=/home/$username/Maildir uid=`id -u $username` gid=`id -g $username`

   # update SMTP/IMAP user password db based on the contents of $HOME/.neet-imap-password
   /usr/local/bin/updatepass.sh       # read this, suitable to run from cron

   # create new IMAP folder called newfolder
   # as $USER
   maildirmake -f newfolder /home/$USER/Maildir

SpamAssassin

   pkg install maildrop spamassassin
   sa-update
   crontab -e
   ,p
   a
   1 7 * * * /usr/local/bin/sa-update
   .
   w
   q
   # do this as root to enable SpamAssassin for all users by default
   #echo '| /usr/local/bin/spamc | maildir ./Maildir/' >/var/qmail/control/defaultdelivery
   # OR do this as user to enable SpamAssassin for only that user
   cd
   wget http://freebsd.stanleylieber.com/qmail/dot.mailfilter && mv dot.mailfilter .mailfilter       # edit to suit
   chmod 600 .mailfilter
   echo '| /usr/local/bin/spamc | maildrop' >.qmail

pf spamd

Not to be confused with SpamAssassin spamd.

NOTE: gmail does not play well with grelisting; so, trying blacklist only.

   pkg install spamd
   cp /usr/local/etc/spamd/spamd.conf.sample /usr/local/etc/spamd/spamd.conf
   ed /usr/local/etc/spamd/spamd.conf # read and edit
   echo 'fdescfs        /dev/fd       fdescfs rw    0      0' >>/etc/fstab
   mount fdescfs
   crontab -e
   ,p
   a
   1 8 * * * /usr/local/sbin/spamd-setup -b
   .
   w
   q
   ed /etc/syslog.conf
   ,p
   a
   !spamd
   daemon.err;daemon.warn;daemon.info      /var/log/spamd
   .
   w
   q
   touch /var/log/spamd
   kill -HUP `cat /var/run/syslog.pid`

Misc. system chores

   cd /etc
   wget http://freebsd.stanleylieber.com/etc/pf.conf.neet && mv pf.conf.neet pf.conf
   chmod 600 /etc/pf.conf      # read and edit
   wget http://freebsd.stanleylieber.com/etc/rc.conf.neet && mv rc.conf.neet rc.conf   # read and edit
   reboot # needed for all changes above to take effect!

Upgrade

   qmailctl stop
   service courier-imap-imapd-ssl stop
   service courier-authdaemond stop
   pkg upgrade   # if needed
   portsnap fetch update       # if needed
   cd /usr/ports/mail/qmail
   make config   # make sure settings are the same
   make clean
   sed -n 796p Makefile # make sure AUTHCRAM is still being removed
   make deinstall
   make reinstall clean
   chgrp courier /usr/local/sbin/courierpasswd
   chmod g+s /usr/local/sbin/courierpasswd
   service courier-authdaemond start
   service courier-imap-imapd-ssl start
   qmailctl start
   qmailctl stat # make sure qmail really started
   # now, send some test messages to and from the system