Page 4 - My FreeBSD weblog

This will be a long one! Its been a bit since i checked in to share my pain with any crazy people following this. I'm a superstar in my own mind! i have a working mail server using qmail + vpopmail + courier-imap + qmailadmin + squirrelmail + sqwebmail (optional web interface). I can host multiple domains to a single server, check my mail from eudora, outlook express using pop3, imap or webmail using squirrelmail or sqwebmail wither with http:// or https:// aka SSL. I installed apache13-modssl. <br><br>I discovered vpopmail from a search that came up on google.com searching for something i was working on. Something about Qmail Toaster, <br>the cool thing about the toaster is it was done by a guy from northern MI. I'm also from Michigan, for all those wonder, its the state that looks like a hand with all the Great Lakes around it. Anyway, he ran an ISP before selling and going to work with Interland.com. For those who have been around since aspfree was started, we hosted there for the first 2 months! Check out the qmail toaster at <a href="http://matt.simerson.net/computing/mail/" target="_blank">matt.simerson.net/computing/mail/</a><br><br>There is really nothing to working with open source but absolutely understanding how to configure the various applications. i'm no where near even at newbie status with this but i can start to make out what is happening in the compile and make status. that is scary and for one, i couldn't get courier-imap to work. when i tried to bind the machines IP address to the courier-imap i got an error can't bind to address, already in use. From what i can tell, i put --without-IPV6 and recompiled the /usr/port/mail/courier-imap and when i did a netstat -an it would bind to the machine's IP on TCP port 143. the bind error i was getting. <a href="http://Vpopmail http://www.inter7.com/vpopmail/ " target="_blank">Vpopmail http://www.inter7.com/vpopmail/ </a> is a daemon that works with Qmail SMTP and courier-imap to provide virtual domains mail servers on a single machine. I currently have 3 domains on a single server using vpopmail. Courier-IMAP is the most crucial piece because it does the authenticate when using squirrelmail <a href="http://www.squirrelmail" target="_blank">www.squirrelmail</a><br><br>The interface that plugs in and lets anyone login via a webmail is Qmailadmin <a href="http://www.inter7.com/qmailadmin.html" target="_blank">www.inter7.com/qmailadmin.html</a>. The only comand that needs to be run is ~vpopmail/bin/vadddomain mail.domain.com, this will prompt for a userid for postmaster. To ad the short domain type in ~vpopmail/bin/valiasdomain newdomain.com mail.olddomain.com and this will allow to send to user@mail.domain.com or the short-name domain user@domain.com. I only discovered that after i struggled for a few hours trying to delete everything i had tried and starting from scratch. The darnest thing is i tried putting both mail.domain.com and domain.com in my rcpthosts and locals qmail located in /var/qmail/control files but after i deleted all this, command mkdir mail.domain.com and then ~vpopmail/bin/vdeldomain mail.domain.com it would allow me to readd the domains.<br><br>i was able to readd the domains and get it working. The next few goals are to get smtp-auth, spamassassin and qmail-scanner working. The smtp-auth is a must so i can host, send and recieve mail yet don't be an open relay server. I even have plans to use Fetchmail to import all my mail, this will filter all the crap i get from spam and centralize my mail from all my email addresses to a single sign-on! What turned out to be setting up a backup mail server turned into setting up a complete mail server using open source. I currently use IMAIL on windows 2000 for my primary mail server and will continue. But this OSS build is rock solid and easy to configure once you get all the little flags while running ./configure. Another HUGE over come getting courier-imap and vpopmail to work together is /authvchkpw module was to compile this into the make /make install build. the other things i did was not to compile into the courier-imap build was authpam, authcustom, authuserdb modules. the IPV6 was the other big thing that was preventing me from authenticating using a full mail client. it would authenticate but wouldn't finish and report a login failed error. the main problem was the IPV4 and IPV6 contention. I also discovered 4 list-serv's that are fairly busy with traffic to monitor.<br><br><a href="mailto:courier-users@lists.sourceforge.net (courier-imap)" target="_blank">courier-users@lists.sourceforge.net (courier-imap)</a>, or <a href="mailto:vchkpw@inter7.com (Vpopmail)" target="_blank">vchkpw@inter7.com (Vpopmail)</a> or <a href="mailto:sqwebmail-subscribe@inter7.com" target="_blank">sqwebmail-subscribe@inter7.com</a> are a few lists i'm monitored. I'm used to high-volume lists to monitor problems and learn from them. Its a great way to learn, make sure you build a rule to filter the stuff to a separate folder. I never had much luck with the lists on the http://freebsd.org site. Honestly though between <a href="http://groups.google.com" target="_blank">groups.google.com</a> and IRC. IRC is more complaining and therapy working through configuration issues. I'm going to try putting the ROTOR project and running some console .NET applications. We'll see. Enough babbling on and once I have a process of redoing another server, I'll try to publish the steps i ran into and share back!<p> </p><p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

make all install WITH_VCHKPW=YES WITH_ISPELL=YES clean to install /usr/ports/mail/sqwebmail after the install is done, move the /usr/local/www/data-dist.default/sqwebmail/images to data-dist directory so the images come up.<p> </p><p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

i'm gave up trying to screw with my production backup mail server to also server mail so i brought up another server to take all the lessons i've learned and with a fresh start. for those who need a reminder, the reason i originally started my "SMS Project" (Steve's Mail Server project). was to have a backup mail server. this has been a very reliable and useful solution for both purposes of learning BSD and a non-microsoft windows OS. My personality of being a geek and obsessive to learn new things has me moving forward with a full mail solution. the thing that pisses me off i can't figure out how to not be an open relay. here is the check list i installed my new server hopefuly things work!<br><br>1 - install OS 4.7 <br>2 - install kde<br>3 - install /usr/ports/net/cvsup<br>4 - install /usr/ports/net/cvsupit updates all ports<br>5 - install /usr/ports/mail/qmail<br>6 - install /usr/ports/sysutils/daemontools<br>7 - install /usr/ports/mail/vpopmail<br> add to the makefile /usr/ports/mail/vpopmail<br> --enable-romain-users=y <br> uncomment WITH_MYSQL=YES<br> uncomment VCHKPW_GID=89<br> uncomment VPOPMAIL_UID=89<br>8 - install /usr/ports/mail/courier-imap<br> add to the makefile /usr/ports/mail/courier-imap<br> uncomment USE_CRAM=YES<br> uncomment USE_VPOPMAIL=YES<br> uncomment WITH_MYSQL=YES<br> add to configure_args<br> *put below --libexecdir={LIBEXECDIR} <br> add --without-IPV6 <br> add --with-authvchkpw<br> add --without-authcustom<br> add --without-authuserdb<br><br><br>9.- install /usr/ports/www/apache13-modssl<br><br>You will have to run /usr/local/share/courier-imap/mkimapdcert to create<br>a self-signed certificate if you want to use imapd-ssl.<br>And you will have to copy and edit the *.dist files to *<br>in /usr/local/etc/courier-imap.<br><br>===> Compressing manual pages for courier-imap-1.6.1_1<br>===> Registering installation for courier-imap-1.6.1_1<br>===> SECURITY REPORT:<br> This port has installed the following files which may act as network<br> servers and may therefore pose a remote security risk to the system.<br>/usr/local/bin/couriertls<br>/usr/local/libexec/courier-imap/authlib/authdaemond.plain<br>/usr/local/libexec/courier-imap/couriertcpd<br><br> This port has installed the following startup scripts which may cause<br> these network services to be started at boot time.<br>/usr/local/etc/rc.d/courier-imap-imapd.sh.sample<br>/usr/local/etc/rc.d/courier-imap-pop3d.sh.sample<br><br> If there are vulnerabilities in these programs there may be a security<br> risk to the system. FreeBSD makes no guarantee about the security of<br> ports included in the Ports Collection. Please type 'make deinstall'<br> to deinstall the port if this is a concern.<br><br> For more information, and contact details about the security<br> status of this software, see the following webpage:<br>http://www.inter7.com/courierimap/<br><br>10 -install /usr/ports/www/mod_php4<br>************************************************** ***************************<br>Make sure the mime.types are connected to the php module properly and<br>index.php is part of your DirectoryIndex.<br><br>The following should be in your Apache configuration file:<br>[...]<br>DirectoryIndex index.php index.html<br>[...]<br>AddType application/x-httpd-php .php<br>AddType application/x-httpd-php-source .phps<br>[...]<br>************************************************** ***************************<br><br>11 -install /usr/ports/mail/squirrelmail<br> Under General settings<br> change ServerName<br> <br> under server settings<br> 1 - Domain : mx.bgeek.com<br> 2 - IMAP Server : mx.bgeek.com<br> 10: Server : courier<br><br> make symbolic link<br> ln -s /usr/local/squirrelmail /usr/local/www/data-dist/mail<br>12 -install /usr/ports/mail/sqwebmail<br> move /usr/local/www/data-dist.default/sqwebmail/images to data-dist<br><br>You must now create the following cron job that runs at<br>regular intervals:<br><br>su -c "/usr/local/share/sqwebmail/cleancache.pl" bin<br><br>-----------------------------------------------------------<br>(note - your su command may use slightly different arguments)<br><br><br>----------------------------------------------------------------------------<br>You must now set up the following command to run at system boot:<br><br>/usr/local/libexec/sqwebmail/authlib/authdaemond start<br>----------------------------------------------------------------------------<br>===> Generating temporary packing list<br>===> Compressing manual pages for sqwebmail-3.3.7<br>===> Registering installation for sqwebmail-3.3.7<br>===> SECURITY REPORT:<br> This port has installed the following binaries which execute with<br> increased privileges.<br>/usr/local/libexec/sqwebmail/authlib/authdaemon.passwd<br>/usr/local/www/cgi-bin.default/sqwebmail/sqwebmail<br><br> This port has installed the following files which may act as network<br> servers and may therefore pose a remote security risk to the system.<br>/usr/local/libexec/sqwebmail/authlib/authdaemond.plain<br>/usr/local/libexec/sqwebmail/sqwebmail/pcpd<br><br> If there are vulnerabilities in these programs there may be a security<br> risk to the system. FreeBSD makes no guarantee about the security of<br> ports included in the Ports Collection. Please type 'make deinstall'<br> to deinstall the port if this is a concern.<br><br> For more information, and contact details about the security<br> status of this software, see the following webpage:<br>http://inter7.com/sqwebmail/<br><br>13 - INSTALL /usr/ports/mail/qmailadmin<br>14 - install proftpd<br>===> Installing for proftpd-1.2.6<br>###<br>Make sure you have the following lines in your PAM configuration file<br>so that ProFTPd's PAM module can authenticate users correctly.<br><br>ftpd auth required pam_unix.so try_first_pass<br>ftpd account required pam_unix.so try_first_pass<br>ftpd session required pam_permit.so<br>###<br>===> Generating temporary packing list<br>===> Compressing manual pages for proftpd-1.2.6<br>===> Registering installation for proftpd-1.2.6<br>===> SECURITY REPORT:<br> This port has installed the following files which may act as network<br> servers and may therefore pose a remote security risk to the system.<br>/usr/local/libexec/proftpd<br><br> This port has installed the following startup scripts which may cause<br> these network services to be started at boot time.<br>/usr/local/etc/rc.d/proftpd.sh.sample<br><br>An update to this process of install<br><br>Some items that were missed or not understood going through the process of setting up qmail. There was a need to setup <br>a process in /usr/local/etc/rc.d/qmail.sh using the ./Maildir format. The example in the /var/qmail/boot/maildir was copied in the qmail.sh file<br>i issues a command /usr/local/etc/rc.d/qmail.sh start and was able to send mail. From following the process on is assuming you have installed qmail from the /usr/ports/mail/qmail This is the excerpt I ran from http://www.lifewithqmail.org below. One more item i needed to run was /var/qmail/configure/config-fast and i also ran /var/qmail/configure/install. Appears to be the same thing but heck! I was able to send mail however it queued. Once i put the above /usr/local/etc/rc.d/qmail.sh start. the mail sent. Also, using vpopmail should put domains in the appropriate files. <br><br>The complete install process http://www.lifewithqmail.org<br><br>*******************************************<br>*******************************************<br>script is available via http://www.lifewithqmail.org/qmailctl-script-dt70.<br><br>Create the script using your editor or by downloading it with your web browser (recommended).<br><br>Make the qmailctl script executable and link it to a directory in your path:<br><br> chmod 755 /var/qmail/bin/qmailctl<br> ln -s /var/qmail/bin/qmailctl /usr/bin<br><br>2.8.2.2. The supervise scripts<br>Now create the supervise directories for the qmail services:<br><br> mkdir -p /var/qmail/supervise/qmail-send/log<br> mkdir -p /var/qmail/supervise/qmail-smtpd/log<br><br>Create the /var/qmail/supervise/qmail-send/run file:<br><br>#!/bin/sh<br>exec /var/qmail/rc<br><br>Create the /var/qmail/supervise/qmail-send/log/run file:<br><br>#!/bin/sh<br>exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail<br><br>Create the /var/qmail/supervise/qmail-smtpd/run file:<br><br>#!/bin/sh<br>QMAILDUID=`id -u qmaild`<br>NOFILESGID=`id -g qmaild`<br>MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`<br>LOCAL=`head -1 /var/qmail/control/me`<br>if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then<br> echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in<br> echo /var/qmail/supervise/qmail-smtpd/run<br> exit 1<br>fi<br>if [ ! -f /var/qmail/control/rcpthosts ]; then<br> echo "No /var/qmail/control/rcpthosts!"<br> echo "Refusing to start SMTP listener because it'll create an open relay"<br> exit 1<br>fi<br>exec /usr/local/bin/softlimit -m 2000000 <br> /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" <br> -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd 2>&1<br><br><br><br>--------------------------------------------------------------------------------<br>Note: concurrencyincoming isn't a standard qmail control file. It's a feature of the above script. Also, that's -1 (dash one) on the LOCAL line and -l (dash ell) on the tcpserver line. <br>--------------------------------------------------------------------------------<br><br><br><br><br>--------------------------------------------------------------------------------<br>Note: Under Solaris, the normal id program won't work right in this script. Instead of id, use /usr/xpg4/bin/id, e.g.:<br><br> QMAILDUID=`/usr/xpg4/bin/id -u qmaild`<br> NOFILESGID=`/usr/xpg4/bin/id -g qmaild`<br><br><br><br>--------------------------------------------------------------------------------<br><br><br><br><br>--------------------------------------------------------------------------------<br>Note: The memory limit specified in the softlimit command may need to be raised depending upon your operating system and hardware platform. If attempts to connect to port 25 fail or remote systems are unable to send you mail, try raising it to 3000000 or 4000000. <br>--------------------------------------------------------------------------------<br><br><br>Create the concurrencyincoming control file:<br><br> echo 20 > /var/qmail/control/concurrencyincoming<br> chmod 644 /var/qmail/control/concurrencyincoming<br><br>Create the /var/qmail/supervise/qmail-smtpd/log/run file:<br><br>#!/bin/sh<br>exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd<br><br>Make the run files executable:<br><br> chmod 755 /var/qmail/supervise/qmail-send/run<br> chmod 755 /var/qmail/supervise/qmail-send/log/run<br> chmod 755 /var/qmail/supervise/qmail-smtpd/run<br> chmod 755 /var/qmail/supervise/qmail-smtpd/log/run<br><br>Then set up the log directories:<br><br> mkdir -p /var/log/qmail/smtpd<br> chown qmaill /var/log/qmail /var/log/qmail/smtpd<br><br>Finally, link the supervise directories into /service:<br><br> ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service<br><br>The /service directory is created when daemontools is installed.<br><br><br><br>--------------------------------------------------------------------------------<br>Note: The qmail system will start automatically shortly after these links are created. If you don't want it running yet, do:<br><br> qmailctl stop<br><br><br><br>--------------------------------------------------------------------------------<br><br><br>2.8.2.3. SMTP Access Control<br>Allow the local host to inject mail via SMTP:<br><br> echo '127.:allow,RELAYCLIENT=""' >>/etc/tcp.smtp<br> qmailctl cdb<br><br>2.9. Test the Installation<br>qmail should now be running. First run qmailctl stat to verify that the services are up and running:<br><br> # qmailctl stat<br> /service/qmail-send: up (pid 30303) 187 seconds<br> /service/qmail-send/log: up (pid 30304) 187 seconds<br> /service/qmail-smtpd: up (pid 30305) 187 seconds<br> /service/qmail-smtpd/log: up (pid 30308) 187 seconds<br> messages in queue: 0<br> messages in queue but not yet preprocessed: 0<br><br>I also needed to run /var/qmail/configure/install and I ran /var/qmail/configure/config or config-fast. I also ran this <br><br><br>[root@mx /usr/local/vpopmail/bin]# /usr/local/vpopmail/bin/vaddaliasdomain<br>vaddaliasdomain: usage: [options] new_domain old_domain<br>options: -v (print version number)<br>[root@mx /usr/local/vpopmail/bin]# ~vpopmail/bin/vaddaliasdomain bigdogsbowling.com mail.bigdogsbowling.com<br>[root@mx /usr/local/vpopmail/bin]#<p> </p><p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p><p><i>Last Edited : 2/28/2003 1:12:24 AM GMT</i></p>

still couldn't email until this command was run<br>/usr/local/bin/tcpserver -v -x /etc/tcp.smtp.cdb -u 82 -g 65534 0 smtp /var/qmail/bin/qmail-smtpd &<p> </p><p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

well well, another weekend of beating my head against the FreeBSD wall! Reminder to all my goal for this milestone is to get a mail server where i can use<br>webmail or full-mail client to a server that can host multiple domains on a single server w/o being an open relay and be able to use SSL. Ok coming from the windows planet there<br>is a simple solution called windows 2000 and IMAIL BUT its not FREE! its drop dead simple to setup but at $800 for OS license and $750 for IMAIL for 250 users<br>. Ok so now intro i'm using the following items<br><br>FreeBSD 4.7<br>qmail 1.03 for SMTP and POP3<br>apache 1.3.27 + mod-ssl + mod-php4<br>vpopmail<br>qmailadmin<br>courier-imap<br>ucsip-tcp ( i think) has tcpserver<br>daemontools -<br>squirrelmail and/or sqwebmail for webmail interface<br>qmail-smtp-auth-0.31 patch<br><br>For a week i had a working solution where if i defined in the /etc/tcp.smtp.cdb file (its a file that allows clients to relay through your server) so i could send mail<br>from a webmail or full-client but i had to define all the networks in this file. This is ok but there are options in VPOPMAIL to dynamically or as i say automagically<br>work so i can be on any network w/o being an open relay. There is an authmodule called vchkpw that handles authentication for both POP3 and IMAP. During this <br>week of having a working solution. I could send mail using the web interface but that is ok but not what i wanted. if i'm doing to this exercise i'm going to <br>do it right and understand it. I'm not going to waste 2 1/2 months of learning this. Well there were some DNS issues and were mis-configuration causing issues<br>like i've said in past Blog notes is you have to absolutely have to understand the configuration. After i got over this dns mis-configuration, i know the <br>authmodules weren't working as designed between VPOPMAIL vchkpw, qmail pop3d and qmail-smtp when starting the processes. this configuration would be <br>good for an ISP because anyone wanting to limit the routing of services based on network or an internal company absolutely knowing the networks they support.<br>BUT this isn't what i want, its good to know all these different options. <br><br>Another thing found out is i had to patch Qmail-1.03 to include an smtp-auth patch code to qmail-1.03. You have to download these files, patch the raw source and recompile the app. this is ok for an experienced person but recompiling an <br>app was an adventure and my first few attempts didn't produced any meaningful results. Man i actually was about ready to throw the stupid BSD box<br>into the snow knowing i'm did way more than i would have ever imagined but like any greedy person, i want more! as i type this summary i still have <br>desires to integrate Black lists, White List supports, spamassassin, qmail-scanner. this will help me filter all that junk mail i get. I'm going to savor this<br>victory cause i'm actually going to use this server for awhile for mail.bgeek.com so if you've read this note and not fell a sleep this far, shoot me an email<br>to steve@bgeek.com and state you feel my pain. <br><br>Since not having any formal classes in unix, i have no basis for learning this except for trial and error.<br>something as simple as symbolic links, command line junkie stuff, this is fun though! One of the other potential configuration problems was i didn't <br>have permissions working correctly on the vchkpw. I'll post up the configuration files, later. One more thing i found out was in the /var/qmail/rc file <br>to use /defaultdirectory instead of using Maildir under the /var/qmail/boot/maildir configuration sample. it was causing the qmail-send to try to restart over<br>and over filling up my /var/log/maillog logs. + it was causing issues in POP3 not working correctly to restart. most poeple would just shake their head and<br>wonder why a person would spend so many hours just trying differnet stuff to get something to work that probably won't be used besides just saying i can<br>do it. more of my wishes is to get the mysql and/or LDAP directory. Some more options to mess with this is to do clustering and redundant systems<br>but that is my enterprise admin' wishes well i'm off and i loaded Red Hat 8.0 which is a lot easier to install but i almost feel Red Hat is like windows system<br>i had 57 meg of updates. i was about ready to chuck FreeBSD but i won't now. More to come!<p> </p><p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

Now that I have squirrelmail working for a web portal to check mail out, this uses PHP. SQWebmail is courier's web interface to check mail. You have to do once extra step in order to use this. Squirrelmail is slick is because it just sits on top of the whatever IMAP server your using. SQWebmail uses a compiled cgi exec which tends to be faster for the end user but also takes more resources on the server. a trade-off i guess but they are both free to use. I created a /usr/local/etc/rc.d/courier-webmail.sh and put these commands in there below<br><br><br>#!/bin/sh<br><br>exec /usr/local/libexec/sqwebmail/authlib/authdaemond start<br><br>and changed permissions so it would execute.<br><br>-----------------------------------------------------------<br>You must now create the following cron job that runs at<br>regular intervals:<br><br>su -c "/usr/local/share/sqwebmail/cleancache.pl" bin<br><br>-----------------------------------------------------------<br>(note - your su command may use slightly different arguments)<br><br><br>----------------------------------------------------------------------------<br>You must now set up the following command to run at system boot:<br><br>/usr/local/libexec/sqwebmail/authlib/authdaemond start<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

good instructions to install qmail-scanner.<br><br>http://www.orchardlabs.com/library/freebsd/qmail-scanner<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

To upgrade PERL to get the qmail-scanner to work on FreeBSD 4.7<br><br> so to review what i did, enable the thing in the /etc/defaults/make.confi<br>jh3 compile PERL<br>badboy cvsup the ports<br>badboy make install perl 5.8<br>badboy use.perl port<br>jh3 no i needed also to do the /etc/defaults/make.conf<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

./configure --admin scs --domain mail.bgeek.com --notify admin --local-domains mail.bgeek.com,bgeek.com,mx.bgeek.com --log-details yes,syslog --add-dscr-hdrs yes --scanners non --debug yes --unzip yes --install the magic configuration to get qmail-scanner to work.<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

install <br>ucsip-tcp from ports<br>daemontools from ports<br>maildrop from ports<br><br>install patches in following order<br><br>Qmail queue<br>http://qmail.mirrors.auchnet.org/qmailqueue-patch<br>patch -p0 < /home/scs/downloads/qmail-1.03/qmailqueue.patch<br><br><br>smtp-auth<br>http://members.elysium.pl/brush/qmail-smtpd-auth/<br>patch -d /home/scs/downloads/qmail-1.03 < auth.patch<br><br>follow the www.lifewithqmail.org DRP to install<br>install daemontools<br><br>copy /etc/tcp.stmp, <br>copy /var/qmail/supervise/qmail-smtpd/run file<br>copy /var/qmail/supervise/qmail-pop3d/run file<br>reload cdb<br><br>install vpopmail<br>enable-roaming-users=y<br>enable mysql support<br><br>install courier-imap<br>enable vpopmail<br>enable mysql<br>disable IPV6<br>with-authvchkpw<br><br>configure <br>/usr/local/etc/courier-imap<br> imapd - added ip to bind too<br> authdaemonrc - make sure authvchkpw first<br> imapd-ssl bind IP address<br> cp all the .dist files in path<br> in /usr/local/etc/rc.d/ rename courier-imap-imapd.sh.sample<br><br>install squirrelmail<br> configure to use courier<br> configure server mx.bgeek.com, mx.bgeek.com<br><br>Install Sqwebmail<br> Edit Makefile<br> add support for vchkpw<br> add support for ispell <br> add sqwebmail.sh to /usr/local/etc/rc.d/sqwebmail.sh<br> chmod 755 on sqwebmail.sh<br>Install apache13-modssl<br>Install /usr/ports/www/phpbb<br>install qmail-scanner DRP<br> <br> <br> <br> <br> <br>Installing qmail-scanner<br>Get qmail-scanner from http://prdownloads.sourceforge.net/qmail-scanner/qmail-scanner-1.01.tgz <br>Install Maildrop 1.3.4 from the ports collection. <br>su - <br>cd /usr/ports/mail/maildrop <br>make install <br>Install Berkeley DB 3.x from the ports collection. <br>cd /usr/ports/databases/db3 <br>make install <br>Install Perl 5 from the ports collection. <br>cd /usr/ports/lang/perl5 <br>make install <br>Install tnef-1.1 from the ports collection. <br>cd /usr/ports/converters/tnef <br>make install <br>Install unzip from the ports collection. <br>cd /usr/ports/archivers/unzip <br>make install <br>Recompile qmail with QMAILQUEUE patch <br>cd /usr/ports/mail/qmail <br>make install WITH_QMAILQUEUE_PATCH=yes <br>exit <br>Download Perl module Time::HiRes from http://www.cpan.org/authors/id/D/DE/DEWEG/Time-HiRes-01.20.tar.gz <br>Install the Perl Module. See instructions here. <br>tar xzvf Time-HiRes-01.20.tar.gz <br>cd Time-HiRes-01.20 <br>perl Makefile.PL <br>make <br>make test <br>su - <br>cd <source_dir>/Time-HiRes-01.20 <br>make install <br>exit <br>Download Perl module DB_File from http://www.cpan.org/authors/id/P/PM/PMQS/DB_File-1.801.tar.gz <br>Install the Perl Module. See instructions here. <br>tar xzvf DB_File-1.801.tar.gz <br>cd DB_File-1.801 <br>perl Makefile.PL <br>make <br>make test <br>cd <source_dir>/DB_File-1.801 <br>make install <br>exit <br>Install qmail-scanner <br>cd <source_dir> <br>tar xvzf qmail-scanner-1.01.tgz <br>cd qmail-scanner-1.01 <br>./configure --admin gwong --domain orchardlabs.com <br>verify that this ran correctly <br>su - <br>./configure --admin gwong --domain orchardlabs.com --install <br>chown root /usr/bin/suidperl <br>chmod 4711 /usr/bin/suidperl <br>Test by running: /var/qmail/bin/qmail-scanner-queue.pl -g <br>There should be no errors <br>exit <br>Test by running: ./contrib/test_installation.sh <br>This will send three emails when you run it with the -doit option <br>su - <br>modify /usr/local/etc/rc.d/qmail.sh and add the next two lines to the beginning of the file (after #!/bin/sh) <br>echo -n "qmail-smtpd, " <br>QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE <br>exec /usr/local/bin/softlimit -m 5000000 /usr/local/bin/tcpserver <br> -x/usr/local/etc/tcp.smtp.cdb <br> -u82 -g81 0 smtp /var/qmail/bin/qmail-smtpd &<br><br>If you are using tcpserver, you will need to add an entry for QMAILQUEUE in the tcp.smtp file and recompile the cdb (please see Installing qmail for more information) <br>192.168.0.:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" <br>Make sure you reset your softlimit for qmail if you use softlimit <br>If you want to scan outgoing files add the following lines <br>In /etc/csh.cshrc add: <br>setenv QMAILQUEUE /var/qmail/bin/qmail-scanner-queue.pl <br>In /etc/profile add: <br>QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"; export QMAILQUEUE <br>Also it is a good idea to roll your logfiles (/var/spool/qmailscan/qmail-queue.log with a cron job (mv -f qmail-queue.log qmail-queue.log.1) <br>Also run /var/qmail/bin/qmail-scanner-queue.pl -z once daily to delete files from dropped connections <br>edit /var/spool/qmailscan/quarantine-attachments.txt to add rules (make sure entries are TAB-delimited!) <br><br>.scr 0 W32.Badtrans.B@mm<br>.pif 0 W32.Badtrans.B@mm<br>.bat 0 W32.Sircam.Worm@mm<br>.com 0 W32.Sircam.Worm@mm<br>.lnk 0 W32.Sircam.Worm@mm<br><br>run /var/qmail/bin/qmail-scanner-queue.pl -g to rebuild the database <br>exit <br>read http://qmail-scanner.sourceforge.net/ for more info. <br><br><br>Install QmailAdmin<br> move all files and folders from /usr/local/www/data-dist.default<br> to /usr/local/www/data-dist<br> make symbolic link ln -s /usr/local/squirrelmail /usr/local/www/data-dist<br><br>Install Webmin (optional)<br>install proftpd<br><br>./configure --admin scs --domain mail.bgeek.com --notify admin --local-domains mail.bgeek.com,bgeek.com,mx.bgeek.com --log-details yes,syslog --add-dscr-hdrs yes --scanners non --debug yes --unzip yes --install there was the magic configure to get qmail-scanner working.<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

http://www.allneo.com/freebsd/qmail_run.txt<br>#!/bin/sh<br><br>PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin<br>export PATH<br><br>echo -n "qmail-smtpd, "<br>QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE<br><br>QMAILUID=`id -u qmaild`<br>NOFILESGID=`id -g qmaild`<br><br>exec softlimit -m 8000000 tcpserver -S -R -H -c100 -x /usr/local/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 smtp rblsmtpd -r blackholes.mail-abuse.org qmail-smtpd mail.foobar.com /usr/local/vpopmail/bin/vchkpw /usr/bin/true splogger smtpd <br><br><br>http://www.allneo.com/freebsd/qmail_run_smtp.txt<br>#!/bin/sh<br><br>PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin<br>export PATH<br><br>echo -n "qmail-smtpd, "<br>QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE<br><br>QMAILUID=`id -u qmaild`<br>NOFILESGID=`id -g qmaild`<br><br>exec softlimit -m 8000000 tcpserver -S -R -H -c100 -x /usr/local/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 smtp rblsmt blackholes.mail-abuse.org qmail-smtpd mail.foobar.com /usr/local/vpopmail/bin/vchkpw /usr/bin/true splogger smtpd<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

http://members.elysium.pl/brush/qmail-smtpd-auth/faq.html#a3 <br><br>qmail-smtpd-auth FAQ<br><br>This section is a result of the correspondece between me and users of my patch. The most common questions will be answered here.<br><br><br>--------------------------------------------------------------------------------<br><br><br>Important notice: Before asking any questions read this FAQ and also check the Mailing list archives. Also do not ask any question in private mails to the patch developers - ask them on the mailing list so others can benefit from the answers!<br><br><br><br>Questions:<br><br>1. I have installed everything accourding to you docs, but i still get authentication errors.<br>2. I've made sure checkpassword can read shadow etc. but it still does not work.<br>3. Is this possible to use your patch with vpopmail?<br>4. Is this possible to use your patch with vmailmgr?<br>5. Is this possible to use your patch with qmail-ldap or any other qmail/checkpassword modification?<br><br><br>Answers:<br><br>1. Make sure that your checkpassword utility can read the shadow file. This is the most common problem. Either make it suid root or find another (safer) way to make it read that file.<br><br>2. Make sure that your qmail-smtpd user can actualy launch the checkpassword utility. The default permissions on /bin/checkpassword are too strict.<br><br>3. (this answer is contributed by Ismail YENIGUL:<br><br><br>Download qmail-1.03, vpopmail 5.2 and s