pavement

Setting up a mailserver

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
m (typoed a #REDIRECT command to Mail toaster)
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
# Install Qmail
+
#REDIRECT [[Mail toaster]]
# Install Apache
+
# Install VQadmin
+
# Install Qmailadmin
+
# Install Dovecot
+
# Install sqwebmail
+
# Configure all of them
+
 
+
Voila, Qmail-based mailserver that supports [[POP3]], [[IMAP]], blindingly fast webmail interface, web-based controls for setup of multiple mail domains, and control of user accounts / catch-alls / mail forwards / auto-responders / you-name it fine-grained enough to be handed down to the user level, both the "individual user" level and the "single domain admin on a multi-domain mailserver" level.
+
 
+
Obviously, this article needs <s>some</s> '''a lot''' of polishing, but there's a start.
+
 
+
==Getting SMTP Authentication running==
+
Note: I'm assuming here that you're 1. running FreeBSD, 2. using vpopmail, 3. using rblsmtpd with a few RBL servers, and 4. using tcpserver/ucspi-tcp.  If you aren't doing any of the above, you're going to need to CAREFULLY read the following and adapt to your environment.  Good luck.
+
 
+
FIRST, if you're already running qmail, cp /var/qmail/control to /home/yourname/qmail-control.  You're very likely to bork your rcpthosts, locals, virtualdomains, and such when you install qmail-smtp_auth+tls over your existing qmail.  You want to be able to restore them from a copy in your homedir.  If you've set up aliases for localhost addresses in /var/qmail/alias, better copy that too.
+
 
+
Now, set up qmail from /usr/ports/mail/qmail-smtp_auth+tls (on amd64 you may need to hack the Makefile first in order to get it to NOT refuse to build because you aren't on i386), then use the following info to build a certificate, making sure that you use certificate info that matches the servername (to minimize the number of warnings that clients receive the first time they connect and accept the certificate):
+
 
+
ph34r# '''cp /usr/local/openssl/openssl.cnf.sample /usr/local/openssl/openssl.cnf'''
+
ph34r# '''make certificate'''
+
 
+
Now change the permissions on vpopmail's '''vchkpw''':
+
 
+
ph34r# '''chmod 4755 /usr/local/vpopmail/bin/vchkpw'''
+
ph34r# '''chown root /usr/local/vpopmail/bin/vchkpw'''
+
 
+
'''Change the server name in the following''', and use it to start tcpserver (assumes you're also wanting to use rblsmtpd with the listed RBLs). (note: escaping line breaks with \ as shown may or may not work, and is '''not''' recommended - I '''strongly''' recommend you get rid of the \'s and turn the following into one single line in your tcpserver.sh startup script)
+
 
+
'''/usr/local/bin/tcpserver -H -l0 -R -c 512 -p -x /etc/tcp.smtp.cdb -u 82 -g 81 0 smtp \'''
+
'''/usr/local/bin/rblsmtpd -r bl.spamcop.net -r dnsbl.njabl.org /var/qmail/bin/qmail-smtpd \'''
+
'''ph34r.tehinterweb.net /usr/local/vpopmail/bin/vchkpw /usr/bin/true | \'''
+
'''/var/qmail/bin/splogger rblsmtpd &'''
+
 
+
You should be ready to go now, and your qmail server will now authenticate against your vpopmail user database either with or without SSL/TLS encryption!
+
 
+
Note: you may want to run another instance of tcpserver on a nonstandard port as well as on port 25.  Why?  Because there are a lot of ISPs these days that are blocking all traffic to destination port 25 anywhere outside their own network.  So you will probably want to be able to set up your mail clients, on portable machines, to access your authenticated SMTP on a non-standard port to get around that limitation.  I use 2525 because it's easy to remember, but of course you can pick whatever you like.
+
 
+
To run another instance of qmail on port 2525, you would duplicate the tcpserver line shown above, but in the duplicate entry you would substitute '''2525''' for '''smtp'''.
+
 
+
[[Category:Common Tasks]]
+

Latest revision as of 14:13, 2 January 2005

  1. REDIRECT Mail toaster
Personal tools