elektropost – a FreeBSD jail based mail server project.

Overview

Here is a raw sketch of how the elektropost setup works.

Send feedback to erdgeist.

Install qmail

• make patch in /usr/ports/mail/qmail-tls, choose SMTP_AUTH_PATCH, BIG_TODO_PATCH, BIG_CONCURRENCY_PATCH, DISCBOUNCES_PATCH and SPF_PATCH, keep RCDLINK

• apply patch http://erdgeist.org/arts/software/Code/elektropost/validrcptto.cdb.patch.new to qmail-tls/work/qmail-1.03

• apply patch http://erdgeist.org/arts/software/Code/elektropost/qmail-smtpd.c.privacy.patch to qmail-tls/work/qmail-1.03

• make install in /usr/ports/mail/qmail-tls

• add "QMAIL_SLAVEPORT=tls" in /etc/make.conf

Configure qmail

• In /var/qmail/control check/edit all files

• create a servercert.pem. On elektropost this one is used for lighty and dovecot as well, YMMV

• install http://erdgeist.org/arts/software/Code/elektropost/tcp.smtp to /etc/tcp.smtp and alter it accordingly to your needs, ie fix/insert to "cat /etc/tcp.smtp | tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp"

  • for this you will need to make install in /usr/ports/sysutils/ucspi-tcp

  • select SSL, leave MAN checked

• sysrc qmailsmtpd_enable="YES"

• sysrc qmailsend_enable="YES"

• echo 'qmailsmtpd_checkpassword="/usr/local/vpopmail/bin/vchkpw"' >> /etc/rc.conf

Install vpopmail

• make install in /usr/ports/mail/vpopmail

• Use default options for ucspi-tcp

• chown vpopmail:vchkpw /usr/local/vpopmail

• chmod u+s ~vpopmail/bin/vchkpw

• pw user mod vpopmail -s /bin/sh

Configure vpopmail

• echo elektropost.org > /usr/local/vpopmail/etc/defaultdomain

Install dovecot

• make install in /usr/ports/mail/dovecot

• choose option LUA, keep the rest (maybe disable IPV6)

• echo 'dovecot_enable="YES"' >> /etc/rc.conf

Configure dovecot

• cp /usr/local/etc/dovecot/dovecot-example.conf /usr/local/etc/dovecot/dovecot.conf

• Change: protocols = imap imaps pop3s

• Change: listen = and ssl_listen = to match your ip addresses

• Change: ssl_cert_file = /var/qmail/control/servercert.pem

• Change: ssl_key_file = /var/qmail/control/servercert.pem

• Change: mail_location = maildir:%h/Maildir

• Change: first_valid_uid = 1

• Change: first_valid_gid = 1

• Change: max_mail_processes = 1024

• Change: auth_username_format = %Ln@%Ld

• Change:

  passdb {
      driver = lua
      args = file=/usr/local/etc/dovecot/auth.lua blocking=yes # default is yes
  }
  userdb {
      driver = lua
      args = file=/usr/local/etc/dovecot/auth.lua blocking=yes # default is yes
      }

Install the file http://erdgeist.org/arts/software/Code/elektropost/auth.lua in /usr/local/etc/dovecot/,

function auth_password_verify(req, pass)
 local handle = io.popen("/usr/local/vpopmail/bin/vuserinfo -p "..req.user)
 local result = handle:read("*a")
 handle:close()

 local epass = result:match "^%s*(.-)%s*$"
 if req:password_verify("{MD5-CRYPT}"..epass,pass) > 0 then
   return dovecot.auth.PASSDB_RESULT_OK, {}
 end
 return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, {}
end

function auth_userdb_lookup(req)
 local handle = io.popen("/usr/local/vpopmail/bin/vuserinfo -d "..req.user)
 local result = handle:read("*a")
 handle:close()

 if result:find("no such user") ~= nil then
  return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
 end
 return dovecot.auth.USERDB_RESULT_OK, "uid=vpopmail gid=vchkpw home="..result:match "^%s*(.-)%s*$"
end

Install lighty

• make install in /usr/ports/www/lighttpd

• echo 'lighttpd_enable="YES"' >> /etc/rc.conf

Configure lighty

• cp /usr/local/etc/lighttpd.conf.sample /usr/local/etc/lighttpd.conf

• Change: "mod_fastcgi",

• Change: server.document-root = "/usr/local/www/squirrelmail/"

• Change: server.port = 443

• Change:

  cgi.assign                 = ( ".pl"  => "/usr/bin/perl",
                                 ".cgi" => "/usr/bin/perl",
                                 "/cgi-bin/qmailadmin" => "",
                                 "/ezmlm-cgi" => "" )

• Change: ssl.engine = "enable"

• Change: ssl.pemfile = "/var/qmail/control/servercert.pem"

• To inform users to use https, put a document to /usr/local/www/data/index.html and add:

  #compatibility
  $SERVER["socket"] == "<insert your ip address>:80" {
     ssl.engine                  = "disable"
     server.name                 = "<your fqdn>"
     server.document-root        = "/usr/local/www/data"
  }

Install squirrelmail

• make install in /usr/ports/mail/squirrelmail

• Use default options for php5

• Follow the instructions squirrelmail port prints out

Install qmailadmin / ezmlm-idx

• make install WITH_SPAM_DETECTION=TRUE SPAM_COMMAND="| /usr/local/bin/spamc -f | /usr/local/bin/maildrop" CGIBINDIR=www/squirrelmail/cgi-bin CGIBINSUBDIR= WEBDATADIR=www/squirrelmail WEBDATASUBDIR=qmailadmin in /usr/ports/mail/qmailadmin

• Use default options for ezmlm-idx

Install qmailadmin plugin for squirrelmail

• make install in /usr/ports/mail/squirrelmail-qmailadmin_login-plugin

Install maildrop

• make install in /usr/ports/mail/maildrop

Install the maildrop spam sort magic

• install http://erdgeist.org/arts/software/Code/elektropost/maildroprc to /usr/local/etc/maildroprc

Install spamassassin

• make install in /usr/ports/mail/p5-Mail-SpamAssassin, keep SPAMC, SSL, uncheck all others

• echo '-d 192.168.0.2' > /usr/local/etc/mail/spamassassin/spamc.conf

Install the Valid RCPTTO checking stuff

• install http://erdgeist.org/arts/software/Code/elektropost/mkvalidrcptto to /usr/local/vpopmail/bin/mkvalidrcptto

• chmod +x /usr/local/vpopmail/bin/mkvalidrcptto

• cpan install CDB_File to help perl understand cdb files

• make install in /usr/ports/databases/cdb/

• Add a script to your crontab (e.g. /usr/local/vpopmail/etc/tidymail.sh) that contains:

  /usr/local/vpopmail/bin/mkvalidrcptto | /usr/local/bin/cdbmake-12 /var/qmail/control/validrcptto.cdb /tmp/validrcptto.tmp

Install the auto trash-pruning script

• Add a script to your crontab (e.g. /usr/local/bin/prune-trash.sh) that contains:

  find -E /usr/local/vpopmail/domains/ -type f -iregex "^.*/maildir/.*\.(junk|trash|spam)(\.[^/]+)?/(new|cur|tmp)/.*$" -mmin +86400 -delete