elektropost – a FreeBSD jail based mail server project.


Overview

Here is a raw sketch of how the elektropost setup works.

Send feedback to erdgeist.


Install qmail


Configure qmail

  • In /var/qmail/control check/edit all files

  • create a servercert.pem. On elektropost this one is used for lighty and dovecot as well, YMMV

  • install http://erdgeist.org/arts/software/Code/elektropost/tcp.smtp to /etc/tcp.smtp and alter it accordingly to your needs, ie fix/insert to "cat /etc/tcp.smtp | tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp"

    • for this you will need to make install in /usr/ports/sysutils/ucspi-tcp

    • select SSL, leave MAN checked

  • sysrc qmailsmtpd_enable="YES"

  • sysrc qmailsend_enable="YES"

  • echo 'qmailsmtpd_checkpassword="/usr/local/vpopmail/bin/vchkpw"' >> /etc/rc.conf


Install vpopmail

  • make install in /usr/ports/mail/vpopmail

  • Use default options for ucspi-tcp

  • chown vpopmail:vchkpw /usr/local/vpopmail

  • chmod u+s ~vpopmail/bin/vchkpw

  • pw user mod vpopmail -s /bin/sh


Configure vpopmail

  • echo elektropost.org > /usr/local/vpopmail/etc/defaultdomain


Install dovecot

  • make install in /usr/ports/mail/dovecot

  • choose option LUA, keep the rest (maybe disable IPV6)

  • echo 'dovecot_enable="YES"' >> /etc/rc.conf


Configure dovecot

  • cp /usr/local/etc/dovecot/dovecot-example.conf /usr/local/etc/dovecot/dovecot.conf

  • Change: protocols = imap imaps pop3s

  • Change: listen = and ssl_listen = to match your ip addresses

  • Change: ssl_cert_file = /var/qmail/control/servercert.pem

  • Change: ssl_key_file = /var/qmail/control/servercert.pem

  • Change: mail_location = maildir:%h/Maildir

  • Change: first_valid_uid = 1

  • Change: first_valid_gid = 1

  • Change: max_mail_processes = 1024

  • Change: auth_username_format = %Ln@%Ld

  • Change:

    passdb {
        driver = lua
        args = file=/usr/local/etc/dovecot/auth.lua blocking=yes # default is yes
    }
    userdb {
        driver = lua
        args = file=/usr/local/etc/dovecot/auth.lua blocking=yes # default is yes
        }

Install the file http://erdgeist.org/arts/software/Code/elektropost/auth.lua in /usr/local/etc/dovecot/,

function auth_password_verify(req, pass)
 local handle = io.popen("/usr/local/vpopmail/bin/vuserinfo -p "..req.user)
 local result = handle:read("*a")
 handle:close()

 local epass = result:match "^%s*(.-)%s*$"
 if req:password_verify("{MD5-CRYPT}"..epass,pass) > 0 then
   return dovecot.auth.PASSDB_RESULT_OK, {}
 end
 return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, {}
end

function auth_userdb_lookup(req)
 local handle = io.popen("/usr/local/vpopmail/bin/vuserinfo -d "..req.user)
 local result = handle:read("*a")
 handle:close()

 if result:find("no such user") ~= nil then
  return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
 end
 return dovecot.auth.USERDB_RESULT_OK, "uid=vpopmail gid=vchkpw home="..result:match "^%s*(.-)%s*$"
end

Install lighty

  • make install in /usr/ports/www/lighttpd

  • echo 'lighttpd_enable="YES"' >> /etc/rc.conf


Configure lighty

  • cp /usr/local/etc/lighttpd.conf.sample /usr/local/etc/lighttpd.conf

  • Change: "mod_fastcgi",

  • Change: server.document-root = "/usr/local/www/squirrelmail/"

  • Change: server.port = 443

  • Change:

    cgi.assign                 = ( ".pl"  => "/usr/bin/perl",
                                   ".cgi" => "/usr/bin/perl",
                                   "/cgi-bin/qmailadmin" => "",
                                   "/ezmlm-cgi" => "" )
  • Change: ssl.engine = "enable"

  • Change: ssl.pemfile = "/var/qmail/control/servercert.pem"

  • To inform users to use https, put a document to /usr/local/www/data/index.html and add:

    #compatibility
    $SERVER["socket"] == "<insert your ip address>:80" {
       ssl.engine                  = "disable"
       server.name                 = "<your fqdn>"
       server.document-root        = "/usr/local/www/data"
    }

Install squirrelmail

  • make install in /usr/ports/mail/squirrelmail

  • Use default options for php5

  • Follow the instructions squirrelmail port prints out


Install qmailadmin / ezmlm-idx

  • make install WITH_SPAM_DETECTION=TRUE SPAM_COMMAND="| /usr/local/bin/spamc -f | /usr/local/bin/maildrop" CGIBINDIR=www/squirrelmail/cgi-bin CGIBINSUBDIR= WEBDATADIR=www/squirrelmail WEBDATASUBDIR=qmailadmin in /usr/ports/mail/qmailadmin

  • Use default options for ezmlm-idx


Install qmailadmin plugin for squirrelmail

  • make install in /usr/ports/mail/squirrelmail-qmailadmin_login-plugin


Install maildrop

  • make install in /usr/ports/mail/maildrop


Install the maildrop spam sort magic


Install spamassassin

  • make install in /usr/ports/mail/p5-Mail-SpamAssassin, keep SPAMC, SSL, uncheck all others

  • echo '-d 192.168.0.2' > /usr/local/etc/mail/spamassassin/spamc.conf


Install the Valid RCPTTO checking stuff

  • install http://erdgeist.org/arts/software/Code/elektropost/mkvalidrcptto to /usr/local/vpopmail/bin/mkvalidrcptto

  • chmod +x /usr/local/vpopmail/bin/mkvalidrcptto

  • cpan install CDB_File to help perl understand cdb files

  • make install in /usr/ports/databases/cdb/

  • Add a script to your crontab (e.g. /usr/local/vpopmail/etc/tidymail.sh) that contains:

    /usr/local/vpopmail/bin/mkvalidrcptto | /usr/local/bin/cdbmake-12 /var/qmail/control/validrcptto.cdb /tmp/validrcptto.tmp

Install the auto trash-pruning script

  • Add a script to your crontab (e.g. /usr/local/bin/prune-trash.sh) that contains:

    find -E /usr/local/vpopmail/domains/ -type f -iregex "^.*/maildir/.*\.(junk|trash|spam)(\.[^/]+)?/(new|cur|tmp)/.*$" -mmin +86400 -delete