26/1-2004: Added information about make.conf (In chapter 6).
10/12-2003: Added some alias and virtual aliases information.
4/12-2003: Official release.
10/11-2003: Began the writing of this document.
I wrote this document because, the only available documentation on the subject, is targeted for linux, and following it, did not give me a working mailserver! You may think of this as a HOWTO port, from linux to FreeBSD.
You can get FreeBSD on their public ftp.
More info on how to
install FreeBSD can be found in the FreeBSD
Handbook.
Once the installation menu pops up, select Standard
Press ok
In the diskmanager: Use the entire disk (Press a)
Continue (Press q)
Select standard in the Boot Manager menu.
Press ok
In the disklabel editor: Use autodefaults (Press a)
d will do this), select the Top line of the
screen (saying Disk: ....) and press c for create. Choose the size
of the /var partiotion (You can eitther specify the size in bytes og prepend and
M indicating that the size is in megabytes). Choose the mountpoint for this
label.
Create like this:
1) /var must be 200M * number of users
2) /tmp
must be the same size as before or smaller, but the least 256M
3) /usr should
fill out the rest of the disk (just use the sugested number of bytes), but at
least 1.5GigaBytes (Othervise you'll have a problm compiling everything later
on)
Press q to quit the editor
Select a minimal installation (Mark with space, then select ok)
Choose medium to install from the list
Answer yes to the question of 'point of no return'!
Wait....
Press ok
Answer no to the use of the maschi9ne as a network gateway
Answer no to use inetd
Answer no th euse the machine as a anonymous ftp
Answer no use the machine as a NFS server, and client
Select the medium security profile.
press ok
Answer no to customize your console settings
set the timezone
enable linux executables compatatbility
wait....
Answer no to ps/2 or serial mouse (If you have one, you will not need it)
No browsing the the collection of thousand to run applications (We'll be using ports)
Do not add any innitial accounts (The system will be accountless)
Make the root password
Dont't visit the menu of general options
Back in the main menu ; select Configure
Select Distributions
Mark Ports (with space) and the select ok
Wait....
Select Exit and Exit Install...
Reboot
root login. This
is done by changing the line #PermitRootLogin no into
PermitRootLogin yes.sshd. Then run through these tasks, to ready the system for install:
Now add the ip address and hostname to the
192.168.0.10 mymailserver mymailserver.mydomain.com
where 192.168.0.10 is the ip address of the server, mymailserver is the hostname and mydomain.com is the domain of the mailserver.
Install cvsup
cd /usr/ports/net/cvsup-without-gui make install clean
Get the
Finally, download this supfile to the the
/usr/local/bin/cvsup /root/upgrade.sup
This will upgrade all the ports to the latest cvs versions (and
thereby correcting a problem with pam-mysql).
Now we are readdy
to begin installing the software.
Install portupgrade
cd /usr/ports/sysutils/portupgrade make install clean
After finished install, run
/usr/local/sbin/portupgrade -Cvac
portupgrade is not the path, try
logging out and in again.
To upgrade the installed software to the latest versions.
For maintainance
you run these to last steps once in a while, to get the latest security patches
installed.
cvsup and
portupgrade at this early stage, in order to recompile as little as
possible. If run later, more software will have to be upgraded.
cd /usr/ports/databases/mysql40-server make install clean
cd /usr/ports/mail/postfix make install clean
_____________________________________________________________________________ | Postfix configuration options | | | | Please select desired options: | | _________________________________________________________________________ | | | [ ] NOPCRE DISABLE Perl Compatible Regular Expressions | | | | [ ] SASL Cyrus SASLv1 (Simple Authentication and Security Layer) | | | | [X] SASL2 Cyrus SASLv2 (Simple Authentication and Security Layer) | | | | [ ] SASLKRB If your SASL requires Kerberos select this option | | | | [X] TLS SSL and TLS | | | | [ ] IPv6 IPv6 support | | | | [ ] IPv6TLS IPv6 support with SSL and TLS | | | | [ ] DB3 Berkeley DB3 (required if SASL also built with DB3) | | | | [ ] DB40 Berkeley DB4.0 (required if SASL also built with DB4.0) | | | | [X] DB41 Berkeley DB4.1 (required if SASL also built with DB4.1) | | | | [X] MySQL MySQL map lookups | | | | [ ] PgSQL PostgreSQL v7.3 map lookups | | | | [ ] PgSQL72 PostgreSQL v7.2 map lookups | | | | [ ] OpenLDAP12 OpenLDAP 1.2 map lookups | | | | [ ] OpenLDAP20 OpenLDAP 2.0 map lookups | | | | [ ] OpenLDAP21 OpenLDAP 2.1 map lookups | | | | [ ] Test SMTP/LMTP test server and generator | | | \_________________________________________________________________________/ | |-----------------------------------------------------------------------------| | [ OK ] Cancel | \_____________________________________________________________________________/
Answer y to the question about adding group mail and user
postfix
Answer n to activating postfix in
cd /usr/ports/mail/cyrus-imapd2 make install clean WITH_BDB_VER=41
cd /usr/ports/security/cyrus-sasl2-saslauthd make install clean WITH_BDB_VER=41
cd /usr/ports/security/pam-mysql make install clean
Now Copy/move/symlink /usr/local/share/doc/pam_mysql for info on how to set up.
This
can be done by the following command:
ln -s /usr/local/lib/pam_mysql.so /usr/lib/pam_mysql.so
Add the following line to
auth sufficient pam_mysql.so user=postfix passwd=postfix host=localhost db=mysql table=user usercolumn=user passwdcolumn=password crypt=1 account required pam_mysql.so user=postfix passwd=postfix host=localhost db=mysql table=user usercolumn=user passwdcolumn=password crypt=1
When done, copy the pam_mysql for
these services too.
imap and add the following lines to
imap auth sufficient pam_mysql.so user=postfix passwd=postfix host=localhost db=mysql table=user usercolumn=user passwdcolumn=password crypt=1 imap account required pam_mysql.so user=postfix passwd=postfix host=localhost db=mysql table=user usercolumn=user passwdcolumn=password crypt=1
To avoid a tedeous error message in your log file everytime a mail arrives, you must execute the following command (maybe sometime in the future I will find a nicer way to stop this, but for now, this will do):
cd /usr/local/lib/sasl2 ls -l libotp.* rm libotp.*
Now set the password for the root MySQL user. This is done with:
/usr/local/etc/rc.d/mysql-server.sh start
/usr/local/bin/mysqladmin -u root password '*********'
Because you are using MySQL to authenticate users, you need to restrict network access to Port 3306.
I suggest to just bind MySQL only to the loopback interface 127.0.0.1. This makes sure nobody can connect to your MySQL Daemon via the network.
Edit
Original line:
/usr/local/bin/mysqld_safe --user=mysql --datadir=${DB_DIR} --pid-file=${PIDFILE} > /dev/null &
Changed line:
/usr/local/bin/mysqld_safe --user=mysql --bind-address=127.0.0.1 --datadir=${DB_DIR} --pid-file=${PIDFILE} > /dev/null &
Restart your MySQL-Daemon by issuing
/usr/local/etc/rc.d/mysql-server.sh stop;
/usr/local/etc/rc.d/mysql-server.sh start
To ensure the configuration change was successful issue: netstat -an |
grep LISTEN. The Output should be looking similar to this:
tcp4 0 0 127.0.0.1.3306 *.* LISTEN tcp4 0 0 *.587 *.* LISTEN tcp4 0 0 *.25 *.* LISTEN tcp4 0 0 *.22 *.* LISTEN tcp6 0 0 *.22 *.* LISTEN
The startup script can be called manually with the following
parameters:Usage: /usr/local/etc/rc.d/mysql-server.sh { start | stop
}
cd sql-bench ; perl
run-all-testsTo activate the Cyrus-IMAPd at system boot time, add the following line to
cyrus_imapd_enable="YES"
If you like to use sieve (a mail filtering language), you must change an
entry in
sieve 2000/tcp
You have to change some parameters in
postmaster: postmaster configdirectory: /var/imap partition-default: /data/mail admins: cyrus allowanonymouslogin: no allowplaintext: yes sasl_mech_list: PLAIN autocreatequota: 0 reject8bit: no timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost sasl_pwcheck_method: saslauthd sievedir: /var/imap/sieve sendmail: /usr/sbin/sendmail sieve_maxscriptsize: 32 sieve_maxscripts: 5
There must be created different directories. Additionally you should change some attributes of the filesystem
cd /var mkdir imap chown cyrus:mail imap chmod 750 imap
mkdir /data cd /data mkdir mail chown cyrus:mail mail chmod 750 mail
cd /var/imap mkdir sieve chown cyrus:mail sieve chmod 750 sieve
The rest of the directories can be created by the tool mkimap
(the partition-default directory among others)
su cyrus /usr/local/cyrus/bin/mkimap exit
If you want to enable Cyrus' TLS/SSL facilities, you have to create a certificate first. This requires an OpenSSL installation
cd /var/imap openssl req -new -nodes -out req.pem -keyout key.pem openssl rsa -in key.pem -out new.key.pem openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 999 chmod 600 ca-cert cat ca-cert >> server.pem chown cyrus:mail server.pem chmod 600 server.pem
Now add the following lines to
tls_ca_file: /var/imap/server.pem tls_cert_file: /var/imap/server.pem tls_key_file: /var/imap/server.pem
Create the file
daily_clean_hoststat_enable = "NO" daily_status_mail_rejects_enable = "NO" daily_status_include_submnit_mailq = "NO" daily_submit_queryrun = "NO"
Add the following line to
sendmail_enable="NONE"
Then, to make postfix starte with the other services, make the symbolic link:
cd /usr/local/etc/rc.d ln -s /usr/local/sbin/postfix postfix.sh
Make sure, that the postfix user is a member of the
mail group (look for a line like mail:*:6:postfix in
Also make sure, that the
mail
group.
Postfix needs two major config files:
You need to change just one line: old: new: What affect that changes? A look to the cyrus man-pages The -e option is no longer used! Here you need to change some more things like hostname, relaying,
alias-lookups etc. First change hostname and domainname: mydestination Here you have to put all domainnames that are local (corresponding to
sendmail's The following works for me: Relayhost Here you define where to deliver outgoing mails. If you do not provide any
host. mails are delivered directly to the destination smtp host. Usually your
relayhosts are your providers smtp-server. Mailtransport Here you define how the mails accepted for local delivery should be handled.
In your situation mails should be delivered by the cyrus delivery-program. At the end of file you need to add: SMTP Authentication with SASL and PAM Put the following in your You also need to create the file Create the following files: Run the following command, to create Create a mysql user/database for postfix: Create the tables needed: Finish off by reloading the mysql server: The optional transport table specifies a mapping from domain hierarchies to
message delivery transports and/or relay hosts. The mapping is used by the
trivial-rewrite(8) daemon. Example: This table is used for 2 things: Example: This final table is used to map aliases at one domain to aliases at another
domain. Example: Explanation of the above Repeat the above for every user you want to add to the server. If you want to use aliases (ie. map several mail addresses to one address)
follow the following procedure for each alias It is also possible to map addresses from one domain to another: In both examples mails send to You should update the server software once and again (weekly the
least). This HOWTO is free to use for anybody. I do not take any
responsibility in damages obtained or dataloss by following this HOWTO. I would like to thank my girlfriend, Tine, for supporting my tedeous self
during the writing (and testing) of this document. I would like to thank Simon Kongshøj for the design and converting routines
used to create this document. 3.4.1
# Cyrus 2.1.5 (Amos Gouaux)
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -r ${sender} -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
cyrus unix - n n - - pipe
user=cyrus argv=/usr/local/cyrus/bin/deliver -r ${sender} -m ${extension} ${user}
man deliver clears that issue:
3.4.2
myhostname = foo.bar.org
mydomain = bar.org
mydestination = foo.bar.org, example.com, furchbar-grausam.ch,
whatever.domain.tld, mysql:/etc/postfix/mysql-mydestination.cf
mydestination = $myhostname, localhost.$mydomain, $mydomain,
localhost, mail.$mydomain, www.$mydomain, ftp.$mydomain
relayhost = relay01.foobar.net relay02.foobar.net relay03.foobar.net
mailbox_transport = cyrus
virtual_mailbox_base = /data/mail
virtual_maps = mysql:/usr/local/etc/postfix/remote_aliases.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/aliases.cf
transport_maps = mysql:/usr/local/etc/postfix/transport.cf
virtual_uid_maps = mysql:/usr/local/etc/postfix/vuids.cf
virtual_gid_maps = mysql:/usr/local/etc/postfix/vgids.cf
local_recipient_maps = unix:passwd.byname, $alias_maps, $virtual_mailbox_maps
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = example.com
broken_sasl_auth_clients = yes
pwcheck_method: saslauthd
4 Configure/create the database entries
4.1 Config files
4.1.1
user = postfix
password = postfix
dbname = mail
table = transport
select_field = transport
where_field = domain
hosts = localhost
4.1.2
user = postfix
password = postfix
dbname = mail
table = aliases
select_field = vuid
where_field = alias
hosts = localhost
4.1.3
user = postfix
password = postfix
dbname = mail
table = aliases
select_field = vgid
where_field = alias
hosts = localhost
4.1.4
user = postfix
password = postfix
dbname = mail
table = aliases
select_field = maildir
where_field = alias
hosts = localhost
4.1.5
user = postfix
password = postfix
dbname = mail
table = remote_aliases
select_field = rcpt
where_field = alias
hosts = localhost
postmap /etc/aliases
4.2 MySQL Setup
gaia:~# mysql -p -u root
mysql> use mysql;
mysql> insert into user (Host, User, Password) values('localhost','postfix', password('postfix'));
mysql> insert into db (Host, Db, User, Select_priv) values('localhost','mail','postfix','Y');
mysql> create database mail;
mysql> use mail;
mysql> create table transport (domain varchar(255) PRIMARY KEY, transport char(8));
mysql> create table aliases (vuid int(6), vgid int(6), alias varchar(255) PRIMARY KEY, maildir varchar(255));
mysql> create table remote_aliases (alias varchar(255) PRIMARY KEY, rcpt varchar(255));
gaia:~# mysqladmin -p reload
4.3 Table explanation
4.3.1 The
transport table (from the man page)mysql> select * from transport;
+-----------+-----------+
| domain | transport |
+-----------+-----------+
| gostil.dk | virtual: |
+-----------+-----------+
4.3.2 The
aliases table
Map aliases to mailboxes /
maildirs.
Map uid/gids to mailboxes.mysql> select * from aliases;
+------+------+---------------+------------------------+
| vuid | vgid | alias | maildir |
+------+------+---------------+------------------------+
| 1002 | 1002 | dvp@gostil.dk | gostil.dk/dvp/Maildir/ |
+------+------+---------------+------------------------+
4.3.3 The
remote_aliases tablemysql> select * from remote_aliases;
+----------------+----------------+
| alias | rcpt |
+----------------+----------------+
| test@gostil.dk | daniel@rtfm.dk |
+----------------+----------------+
5 Adding the users
# mysql -p
mysql> use mail;
mysql> insert into aliases values([vuid], [vgid], "[account]", "[path]");
mysql> quit
# cyradm -u cyrus localhost
localhost> cm user.[username]
localhost> quit
# saslpasswd2 [username]
[bracketed]
parts:[vuid] is the virtual user id (an
integer).[vgid] is the virtual group id (an
integer).[account] is the accountname, eg.
"dummy@testdomain.com".[path] is the path of the
virtual mailbox, eg. "user/dummy".[username] is
the username, eg. dummy # mysql -p
mysql> use mail;
mysql> insert into remote_aliases values("virtual@mydoamin.com", "actual@mydomain.com");
# mysql -p
mysql> use mail;
mysql> insert into remote_aliases values("virtual@somedomain.com", "actual@mydomain.com");
virtual@mydomain.com or
virtual@somedomain.com will be forwarded to
actual@mydomain.com. 6 Maintainance
To do this, follow the steps of chapter 1, on how to run
cvsup and portupgrade.
And since we were using one during the
installation of Cyrus, (WITH_BDB_VER=41) we will have to tell make
to use it again.
This is done by adding the system variables we want in air,
when running make to the file
This
should make the file look something like this: # -- use.perl generated deltas -- #
# Created: Wed Dec 3 22:14:49 2003
# Setting to use base perl from ports:
PERL_VER=5.6.1
PERL_VERSION=5.6.1
PERL_ARCH=mach
NOPERL=yo
NO_PERL=yo
NO_PERL_WRAPPER=yo
WITH_BDB_VER=41
7 Copyright Message
8 Miscellaneous and Acknowledgements