Secure email servers from scratch with FreeBSD 6 (Part 2)

Secure email servers from scratch with FreeBSD 6 (Part 2)


In the last article we parted ways after configuring a base FreeBSD system, enabling it with upgrades via cvsup and portsupgrade, and securing it with a simple ipfw2 firewall. The previous article created a solid foundation which this article will build on, covering the configuration of Postfix, amavisd-new, ClamAV, SpamAssassin, MySQL and finally SquirrelMail for web mail. The final setup will have all the bells and whistles of a high end-mail setup: web-mail, anti-virus filtering, spam filtering, and hosting unlimited domains with virtual domains and users stored in MySQL.

Postfix is released under the IBM Public License, and not the GNU Public License

Postfix

The first and most important component is Postfix, a well known mail transfer agent developed by Wietse Venema at IBM and initially known as the “IBM Secure Mailer”. Venema, is a respected software engineer who also developed the popular security tool “S.A.T.A.N” (Security Administrator Tool for Analyzing Networks). Postfix is released under the IBM Public License, and not the GNU Public License; the “IPL” has been approved as an open source license by both the Free Software Foundation (“FSF”) and the Open Source Initiative(“OSI”); however, it has been declared incompatible with the GPL. Initially Postfix was created in reaction to a long list of security vulnerabilities in Sendmail, the then dominant “MTA”. The direct result of the “security first” mind, Postfix has a well earned reputation for being easy to setup, fast and secure.

Postfix has two central configuration files:

  • main.cf: which configures the “properties” of the mail server such as where user and domain information is stored, or which domains to accept mail for.
  • master.cf: which configures the “behavior” of the Postfix daemon, such as configuring interfaces to non Postfix programs, and other configuration settings for the Postfix daemon itself.

FreeBSD places the configuration files of packages installed from ports under /usr/local/etc; so normally you’ll find the Postfix configuration files under /usr/local/etc/postfix. First of all, you should install Postfix from the ports tree, in the same way that MySQL was installed in the first article.

Installing Postfix using ports

 
cd /usr/ports/mail/postfix

make install && make clean

You will then be presented with a dialog box: select TLS and MYSQL.

Postfix configuration dialogPostfix configuration dialog

Note that when MySQL functionality is selected, the default action is to install the MySQL 4.1 client library. If you plan on running a newer version of MySQL, such as 5.0, simply cancel the Postfix installation, install the MySQL client library of your choice, and then re-run the installation.

Example:

 
cd /usr/ports/databases/mysql50-client
make install && make clean

During the installation of the client libraries you may be prompted for options to the gettext package. It’s not necessary to select any of the options, but feel free to do so if you wish.

After Postfix is built, you will be prompted asking if you want to activate it in the mailer.conf file: say “yes”:

 
[Prompt] Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y

Configuring Postfix—main.cf

Now that Postfix is installed, it’s time to dive into the most important of the two configuration files, main.cf. In this one file there are essentially two sets of directives: one for the domains the server will be hosting, which being with the virtual prefix; and one for the mail server itself, with lines that begin with my as in myhostname. I’ll be giving in line commentary, so read the configuration file closely.

 

# These virtual_* directives configure the domains, users, 
# and aliases this Postfix instance will handle.
# Use proxy: for performance
virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailboxes_maps.cf

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
  $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
  $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
  $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
  $virtual_mailbox_limit_maps

# Where to store the mail
virtual_mailbox_base = /usr/local/virtual

# Ownership of the mail directory
virtual_uid_maps = static:125
virtual_gid_maps = static:125


smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous

# Secure SMTP-AUTH 
smtpd_use_tls = yes
smtpd_tls_enforce_tls = yes

# Uncomment the following line if you only want auth to happen over tsl
# smtpd_tls_auth_only = yes

# This setups the ssl certificates which I'll configure a little later
smtpd_tls_cert_file = /usr/local/etc/postfix/smtpd.crt
smtpd_tls_key_file = /usr/local/etc/postfix/smtpd.key

# Mostly for MS outlook clients
broken_sasl_auth_clients = yes

# Built in restrictions
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_unauth_pipelining,
  reject_invalid_hostname,
  reject_rbl_client opm.blitzed.org,
  reject_rbl_client list.dsbl.org,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client sbl-xbl.spamhaus.org


# Enables virtual hosting
virtual_transport = virtual

# Filter with amavis-new which uses clam-av for
content_filter=smtp-amavis:[127.0.0.1]:10024

Now, look at the configuration for the actual host itself:

# Configure your hostname, and domain names here!
myhostname = myhost.mydomain.mytld
mydomain = mydomain.mytld
myorigin = $mydomain

# Which network interfaces to listen on
inet_interfaces = all

# This allows delivery for mail to root@[host] for system messages
mydestination = myhost, myhost.mydomain.mytld
unknown_local_recipient_reject_code = 550

# For other systems on network?
mynetworks_style = host

# This is what people will see if they telnet to port 25 on your mail server
# it might be worth placing a warning message, for legal reasons. Systems with 
# banners outlining acceptable use, and the legal actions that will be taken 
# have a slightly stronger case in court.

smtpd_banner = mysqlever.mydomain.mytld ESMTP (Insert witty message here)

The framework for the rest of the article is in place. Even though the system is un-usable in the sense the no users can login to send or receive mail, Postfix is itself configured enough to send and receive mail. The next step I’m going go take will be putting the finishing touches on the master.cf file. The default file may look something like that listed below, but you’ll only need to edit a tiny bit of it, and as such I’ll only show the relevent lines.

Configuring master.cf

The file master.cf requires very little tweaking out of the box:

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd
[...]
virtual   unix  -       n       n       -       -       virtual
[...]



smtp-amavis unix -      -       n       -       2  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n  -       n       -       -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

Postfix Virtual Maps

Postfix has the notion of “maps”, which is the mechanism used to map data from one form to another. In our case, it’s mapping the data in a MySQL database, using a simple select statement, to certain configuration parameters. The map files contain all the information needed to connect to and query the MySQL database, which contains the user information. Each file contains only one query to the database. Create the files, copy and paste the content, and double check the user name and password used to access the database, which I’ll cover setting up in the MySQL section.

Please note that this article is geared towards Postfix 2.3 or newer; however, if you plan on using the configuration presented with an earlier version, the format for mysql_maps may be different, and broken up into several lines, so make sure to double check which version you are working with.

The file mysql_virtual_alias_maps.cf looks like this:

user = mail_admin
password = mail_admin_passwd
hosts = localhost
dbname = mail
query = SELECT goto FROM alias WHERE address='%s' AND active = 1

mysql_virtual_domains_maps.cf:

user = mail_admin
password = mail_admin_passwd
dbname = mail
hosts = localhost
query = SELECT domain FROM domain WHERE domain='%s'

mysql_virtual_mailboxes_maps.cf:

user = mail_admin
password = mail_admin_passwd
dbname = mail
hosts = localhost
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1

Postfix can store user and domain information in LDAP directories, databases such as MySQL and PostgreSQL or flat files

OpenSSL & Certificates

The Postfix configuration listed above makes use of SSL certificates for secure authentication over SSL/TLS.

To create an SSL Certificate:

openssl genrsa -des3 -out smtpd.key 1024
openssl req -new -key smtpd.key -out smtpd.csr

# Remove Passphrase from private key -- make optional?
cp smtpd.key smtpd.key.bak
openssl rsa -in smtpd.key.bak -out smtpd.key

# Generate Self-Signed Certificate
openssl x509 -req -days 365 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

MySQL

Postfix is extremely flexible, and affords a wide array of options in storing user and domain information. The right choice depends mostly on what’s appropriate for the environment you plan on working in. If you only plan on hosting a single domain, with a handful of users it may make sense to avoid the overhead of maintaining a database; however, if you plan on maintaining multiple domains with hundreds or thousands of users, or simply want the flexibility of manipulating the data in an automated way, LDAP or MySQL is the way to go.

An in depth discussion of either MySQL or the way Postfix interacts with it is beyond the scope of this article. The only key concept is that of maps in Postfix, which is discussed towards the end of the Postfix section.

Installing MySQL

 
cd /usr/ports/databases/mysql50-server
make install && make clean

You should now have the MySQL database installed. You may need to run the startup script, and make sure it has been enabled in the /etc/rc.conf file.

Creating the mail databases

The SQL listing below creates the three tables used by Postfix. Simply follow the steps, create the mail database, and then copy and paste the table creation statements. After that, use the GRANT command to grant access to the mail_admin user configured in the Postfix maps described earlier.

Logon to the MySQL database, initially the MySQL root password isn’t set:

 
mysql -u root 
create database mail;
use mail;
CREATE TABLE `alias` (
  `address` varchar(255) NOT NULL default '',
  `goto` text NOT NULL,
  `domain` varchar(255) NOT NULL default '',
  `active` tinyint(1) NOT NULL default '1',
  PRIMARY KEY  (`address`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Virtual Aliases';

CREATE TABLE `domain` (
  `domain` varchar(255) NOT NULL default '',
  `description` varchar(255) NOT NULL default '',
  `aliases` int(10) NOT NULL default '0',
  `mailboxes` int(10) NOT NULL default '0',
  `maxquota` int(10) NOT NULL default '0',
  `transport` varchar(255) default NULL,
  `backupmx` tinyint(1) NOT NULL default '0',
  `active` tinyint(1) NOT NULL default '1',
  PRIMARY KEY  (`domain`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Virtual Domains';

CREATE TABLE `mailbox` (
  `username` varchar(255) NOT NULL default '',
  `password` varchar(255) NOT NULL default '',
  `name` varchar(255) NOT NULL default '',
  `maildir` varchar(255) NOT NULL default '',
  `quota` int(10) NOT NULL default '0',
  `domain` varchar(255) NOT NULL default '',
  `active` tinyint(1) NOT NULL default '1',
  PRIMARY KEY  (`username`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Virtual Mailboxes';

Grant privileges

Run the following command:

GRANT SELECT on mail.* to mail_admin identified by 'mail_admin_password';

Inserting information

An in depth introduction to SQL is beyond the scope of this article too, but here are some simple insert statements to get you started adding users, aliases, and domains

Inserting a user:

 
insert into mailbox (username, password, name, maildir) values ('my_user_name', 'my_password', 'my_name', 'my_mail_directory'); 

Adding a new alias, for an existing user:

insert into alias (address, goto) values ('myaddress@mydomain.com', 'myalias@mydomain.com');

Adding a new virtual hosted domain:

insert into domain (domain, description) values ('mydomain', 'my_domain_is_so_cool');

Amavisd-new acts as a proxy, accepting the mail from Postfix, and filtering it through ClamAV and SpamAssassin

Amavisd-new & SpamAssassin

Amavisd-new is a high performance interface between Postfix and other mail components. Postfix, as well as most other MTAs can only reliably connect to one other content checker such as an anti-virus or spam package, so in order to use both spam and virus filtering we configure Postix to filter content through amavisd-new, which then filters the email through SpamAssassin and ClamAV.

SpamAssassin, is an Apache subproject and is probably the most famous and powerful free software spam filtering program. It uses a wide range of tests to assign an overall score to a piece of mail, if the score is above the acceptable threshold it is considered spam. Amavisd-new comes with SpamAssassin embedded, rather than the stand alone daemon. This simplifies the configuration greatly, since SpamAssassin can be configured in the same place that amavisd-new can. The SpamAssassin directives always begin with sa as in $sa_kill_level_deflt, which sets the threshold above which SpamAssassin will simply drop an email instead of tagging it as spam.

Amavisd-new is under /usr/ports/security/amavisd-new. It should be built with the with the spamassassin option, which will automatically build and install SpamAssassin during the amavisd installation.

Installing amavisd-new

 
cd /usr/ports/security/amavisd-new
make install && make clean

You’ll be presented with a config dialog. The required options are MySQL, and SpamAssassin. Again, after selecting these, feel free to install other options if you feel adventurous.

Amavisd-new configuration dialogAmavisd-new configuration dialog

Tip: If you’ve already installed amavisd-new, and wish to re-configure it, start the process with make config, which will re-present you with the configuration dialog.

Configuring Postfix to work with amavisd-new

It’s simple, yet important to configure Postfix to filter all mail through amavisd-new, which then acts as a broker and filters the mail through both ClamAV and SpamAssassin. To do so add the following lines to the main.cf file:

# filter with amavisd-new which proxies to ClamAV and SpamAssassin 
content_filter=smtp-amavis:[127.0.0.1]:10024

Configuring the amavisd-new daemon

Amavisd-new is now installed, and Postfix is filtering to it. The only thing left to do is configure the amavisd-new daemon itself. The ports package doesn’t create an amavisd-new directory under /usr/local/etc, unlike most of the other packages. Instead, the amavisd.conf is directly under /usr/local/etc. Similar to the Postfix configuration block above, I’ll be mixing explanation tid-bits with the configuration, so make sure to read it thoroughly.

# Important lines to check, as I said above, I'm mixing
# in my own comments with the configuration file.

# Make sure these two lines are commented out, as they
# will disable spam and virus filtering

# uncomment to DISABLE anti-virus code
# @bypass_virus_checks_maps = (1); 

# uncomment to DISABLE anti-spam code
# @bypass_spam_checks_maps  = (1);  


# (no default;  customary: vscan or amavis), -u
$daemon_user  = 'vscan';    

# (no default;  customary: vscan or amavis), -g
$daemon_group = 'vscan';     

# Configure this to your domain
# a convenient default for other settings
$mydomain = 'mydomain.com';   

# Configure the FQDN of your mail host
$myhostname = 'myhost.mydomain.com';

# Change the local_domains_maps to include all 
# the mail domains you are hosting
@local_domains_maps = ( [ ".$mydomain", '.example2.com'] ); 

# IF you want email marked as spam to have a different 
# subject header, change the following line
$sa_spam_subject_tag = '***SPAM*** ';

# Default is 6.31, if message is above this
# it will be dropped, and nothing sent to the user
$sa_kill_level_deflt = '20'; 


# Change the default tag level from 2.0 to undef
# This will insure all mail addressed to domains 
# in @local_domains will get a spam score in the header, spam or not.  
$sa_tag_level_deflt = undef;

# Make sure this matches what's in main.cf
# listen on this local TCP port(s) (see $protocol)
$inet_socket_port = 10024;   

# Configure these two lines to receive email alerts
# when mail is blocked
$spam_admin = 'webmaster@mydomain.com';
$virus_admin = 'webmaster@mydomain.com';

### CLAM_AV INTEGRATION ###
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/usr/share/clamav/clamd.sock"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

ClamAV comes with `freshclam`, an automated process for staying up to date with the latest virus signatures

ClamAV

ClamAV is a widely used free software anti-virus package. It is released under the GPL license, and is available for most unix-like platforms. It has many features, but its main goal is an integrated attachment scanner for mail servers. ClamAV is used in a production setting across many private companies, large universities, and government agencies such as: Barracuda Networks, Michigan State University, Brandeis University, Webmail.us, Slashmail, and the US state of Vermont.

ClamAV’s configuration file, like that of amavisd-new is directly under /usr/local/etc, and is called clamd.conf. The default configuration is more or less what we need, but it’s good to take a peek through the file anyway.

Make sure that mail scanning is enabled:

# Example
LogFile /var/log/clamd.log
LogFileMaxSize 5M
DatabaseDirectory /usr/share/clamav

# UNIX Socket which other programs will use
# ie: amavisd-new, will use to connect to ClamAV
LocalSocket /usr/share/clamav/clamd.sock

# Obviously, the user who will own the ClamAV process.
User clamav

Courier-IMAP

Courier-IMAP is the IMAP client which allows Squirelmail, and other mail clients such as Mozilla Thunderbird to connect and download messages. There are actually two components installed:

  • courier-authlib, which manages user authentication; and
  • courier-imap, which is the actual IMAP server.

However, this dependency is automatically resolved by FreeBSD’s ports, all you need to do is select the AUTH_MYSQL option.

Installing and configuring

/usr/ports/mail/courier-imap
make install && make clean

Make sure to enable the MySQL option, so the authmysql module is built with courier-authlib.

Courier configuration dialogCourier configuration dialog

After the installation is complete, there will be two directories under /usr/local/etc: authlib, and courier-imap.

courier-authlib

authlib/authdaemonrc:

authmodulelist="authmysql"

authlib/authmysqlrc:

# User Information
MYSQL_CRYPT_PWFIELD     password
MYSQL_GID_FIELD         '125'
MYSQL_UID_FIELD         '125'
MYSQL_HOME_FIELD        '/usr/local/virtual'
MYSQL_LOGIN_FIELD       username
MYSQL_MAILDIR_FIELD     maildir
MYSQL_NAME_FIELD        name

# MySQL Server information
MYSQL_SERVER            localhost
MYSQL_USERNAME          mail_admin
MYSQL_PASSWORD          mail_admin_password
MYSQL_DATABASE          mail
MYSQL_OPT               0
MYSQL_USER_TABLE        mailbox

courier-imap

This puts in place the mechanism to authenticate IMAP requests against the information you have stored in your MySQL database.

courier-imap/imapd:

 
# Change this from to 127.0.0.1, so that only
# SquirrelMail has un-encrypted access to IMAP
ADDRESS=127.0.0.1
PORT=143

courier-imap/imapd-ssl:

 
# The port, and IP address to listen for ssl/tls encrypted connections.
SSLADDRESS=0
SSLPORT=993

Webmail with SquirrelMail

SquirrelMail is a flexible, easy-to-configure webmail package written in PHP. Configuring Apache is beyond the scope of this article, and there are many other good tutorials out there, so I’m going to focus on installing the necessary packages, and then on configuring SquirrelMail.

Configuring SquirrelMail

Install Apache:

/usr/ports/www/apache22
make install && make clean

Install PHP:

/usr/ports/lang/php5
make install && make clean

Install SquirrelMail:

/usr/ports/mail/squirrelmail
make install && make clean

Installing SquirrelMail plugins:

/usr/ports/mail/squirrelmail-compatibility-plugin
make install && make clean

/usr/ports/mail/squirrelmail-vlogin-plugin
make install && make clean

Configuring SquirrelMail:

cd /usr/local/www/squirrelmail
./configure
  1. Select 2 to configure the server, make sure to configure the domain name, and the imap server settings.
  2. Select R to return to the main menu.
  3. Select 8 to enable plugins, make sure you’ve enabledthe vlogin plugin.
  4. Save and quit!

Conclusion

I’ve shown all the pieces required to put together a secure, full-featured, FreeBSD mail server. It was a lot to cover, and I thank you for staying with me. The first article took you through the steps of installing FreeBSD, managing updates, and installing the core server components for a fully functional and secure email server; this article covered configuring the core components for a robust, spam and virus filtering mail system. The journey is by no means over. I strongly encourage you to take the time to explore the packages used, and learn them thouroughly: they are powerful tools which will serve you well in the future.

Bibliography

http://www.postfix.org/

http://www.clamav.net/

http://www.ijs.si/software/amavisd/

http://spamassassin.apache.org/index.html

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/

Category: 
License: 

Comments

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

i thing there is an error in the manual.
actualy i was expecting part two with great impatience
now i am testing it and so far i am at the mysql query part
here i am:

Grant privileges
###
Run the following command:

GRANT SELECT on mail.* to mail_admin identified by password ('mail_admin_password');
###
(it is from inside of mysql)
but i get syntax error on this step
"ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('mail_admin_password')' at line 1"

i am not a mysql specialist, but i tried some variations of that command, but still i got errors

i thing that there is something missing, i dont see where in mysql the user mail_admin is created, and may be this is the reason this command to fail.
forgive me if i am wrong, but please fix it :))

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

GRANT SELECT on mail.* to mail_admin identified by password ('mail_admin_password');

should be
GRANT SELECT on mail.* to mail_admin identified by 'mail_admin_password';

and there will be no errors :))

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Can we please have a .pdf or at least a printable version of this article?

Thanks a lot :)

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

+1 for the printable version of this article.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

+1 for the printable version also (metoo... Feh)

Also, given the FreeBSD project themselves now recommending using portsnap rather than cvsup to keep your ports tree up-to-date (and speaking personally, it's a whole lot easier to work than cvsup) might it be worth mentioning it?

Yousef Ourabi's picture

The problem as I see it with portsnap is that you can't upgrade your src tree -- and seamless upgrading from release to release via make buildworld && make buildkernel is one of FreeBSD's strongest points -- and with one extra line to the cvsup config file it (cvsup) can pull down source and documents -- so it's still more attractive in my eyes

Though there are strong advantages to portsnap: faster update, no portsdb -Uu after pulling down the ports tree, more secure (signed with keys...etc)

-Yousef Ourabi

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

... but what makes this mailserver secure now?

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

This doc is by no means even close to a beginners document. there are all kinds of steps left out and missing parts that a newbie would totally screw a system up... So tread lightly and research everything first by looking at other sources especially with the Kernel Make. Its a hopeless mess....

Draco

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Not that it's of weighing importance, but one should take notice of the error in the filename of the certificate (`main.cf', page #1 of the tutorial). It says `smtpd.cert', whilst the certificate created is named `smtpd.crt'. Naturally, one would stumble across this even at first go, but then again, it might serve well changing it if one wanted a spotless and correct version for print.

Good day to all, and thank you Yousef for your great article.:)

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

In a configuration like that is the saslauthd need to be started also, or it is not necessary.
I am confused because I found many posts starting the saslauthd and others not.
Is the following variables needed smtpd_sasl_application_name, smtpd_sasl_type.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

If the maildir field in the MySQL data base is a directory Postfix complains:

Jan 26 00:13:35 web postfix/virtual[1190]: 24A635C9: to=, relay=virtual, delay=0.41, delays=0.12/0.18/0/0.11, dsn=4.2.0, status=deferred (delivery failed to mailbox /usr/local/virtual/jennifer: cannot open file: Is a directory)

If the maildir field in the data base is a file IMAP complains:

Jan 26 00:17:51 web imapd-ssl: chdir jennifer: Not a directory

Any thoughts?

Yousef Ourabi's picture

Hey:
if you do a mysql "select maildir from mailbox", do the directories have a trailing / -- if not that's probably the cause.

-Yousef

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Thanks for the pointer on the maildir above. I am having some issues with squirrelmail I keep getting the following error when trying to navigate to the web page:

/libexec/ld-elf.so.1: /usr/local/lib/php/20020429/gettext.so: Undefined symbol "php_realpath"

Note I am running PHP 4, I don't know if this is related.

Thanks again,
Aaron

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Since my web server was already running PHP4 and I didn't feel up to trying to load both modules into apache I ended up using sqwebmail. Very intuitive and simple in its configuration.

Thanks again,
Aaron

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

what to add in rc.conf? i mean how to start all these programs?

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

i was just wondering what do i have to add to rc.conf to start all of this apps... I've installed them exactly as it's guided...
thx

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Hello all - I am a complete newbie to FreeBSD and any Unix/Linux based systems. My company has been a Windows only shop until a change in management. I followed this article to the "T" and am having problems. When I start Postfix, I get an error that it cannot perform a lookup using the mysql_virtual_aliases_maps.cf file. I was thinking that maybe the SELECT statement within that file is causing the problem? I do know that I had to insert my own mail_admin password, which has been done.

I am fairly certain that the other components are working. Squirrelmail's "configtest.php" comes back stating that the system is working fine. I can also telnet to amavisd and issue an EHLO command, which returns data, making it seem as though it is working.

One last item - can you give some examples of what data actually goes into the database "mail"? I have added users, a virtual domain and aliases. But some examples would give me a starting point of what the syntax actaully is. Not the INSERT string to add data to the database, but the actaul way the data is setup to be read. For example: if I have a user that has a username of "jdoe1" what would his alias be? And, if the server is currently "server1.mydomain.com" which IS the domain that I am looking to receive mail on, what is the virtual domain?

The ultimate goal of this server is to make it an external smarthost for an internal Microsoft Exchange box. I would appreciate anyone willing to give me some pointers there too once the mail system is actually up and running. I've seen that there are ways to actually pull the AD information using OpenLDAP.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Hi.. I have error:
host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=71084-02, parts_decode_ext FAILED: Unix utility file(1) not available, but is needed at (eval 70) line 113. (in reply to end of DATA command))

Help?

Author information

Yousef Ourabi's picture

Biography

Yousef Ourabi is a developer in the San Francisco bay area.