freebsd 11 – install php, apache 2.4, Cyrus-sasl, postfix, postfixadmin, imap, pop3, squirrelmail, SpamAssassin, clamav
feebsd-update fetch
freebsd-update install
reboot
update ports
portsnap fetch
portsnap extract
portsnap fetch update
Install Mysql
cd /usr/ports/databases/mysql57-server
make install WITH_CHARSET=utf8 WITH_XCHARSET=all WITH_COLLATION=utf8_general_ci BUILD_OPTIMIZED=yes BUILD_STATIC=yes WITH_NDB=yes clean
Install Apache + Php
cd /usr/ports/www/apache24
make install clean
cd /usr/ports/lang/php56
make config
add
[X] MAILHEAD Enable mail header patch
make install clean
cd /usr/ports/lang/php56-extensions
make install clean
add
[X] FTP FTP support
[X] GD GD library support
[X] IMAP IMAP support
[X] MBSTRING multibyte string support
[X] MCRYPT Encryption support
[X] MYSQL MySQL database support
[X] MYSQLI MySQLi database support
[X] ZIP ZIP support
[X] ZLIB ZLIB support
cd /usr/ports/www/mod_php56
make config
add
[X] MAILHEAD Enable mail header patch
make install clean
cp -rp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
vi /usr/local/etc/apache24/httpd.conf
ServerName www.jason-tang.com
change
DirectoryIndex index.html
to
DirectoryIndex index.html index.htm index.php
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Install Named
cd /usr/ports/dns/bind910
make install clean
vi /usr/local/etc/namedb/named.conf
change
listen-on { 127.0.0.1; };
to
// listen-on { 127.0.0.1; };
vi /etc/resolv.conf
change to
nameserver 127.0.0.1
nameserver 8.8.8.8
vi /etc/rc.conf
syslogd_enable="YES"
syslogd_flags="-ss"
mysql_enable="YES"
apache24_enable="YES"
named_enable="YES"
reboot
cat /root/.mysql_secret
mysql -u root -p
ALTER USER 'root'@'localhost' IDENTIFIED BY 'test';
exit
/usr/local/etc/rc.d/mysql-server restart
Install Cyrus-sasl
cd /usr/ports/security/cyrus-sasl2
make install clean
vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
log_level:3
mech_list: PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket
Install cyrus-sasl2-saslauthd
cd /usr/ports/security/cyrus-sasl2-saslauthd
make install clean
vi /etc/rc.conf
saslauthd_enable="YES"
Install Postfix
cd /usr/ports/mail/postfix
make install clean
add
[X] MYSQL MySQL database support
[X] SASL Cyrus SASL support (Dovecot SASL is always built in)
Installing postfix-3.1.4,1...
===> Creating groups.
Using existing group 'mail'.
Creating group 'maildrop' with gid '126'.
Creating group 'postfix' with gid '125'.
===> Creating users
Creating user 'postfix' with uid '125'.
Adding user 'postfix' to group 'mail'.
Would you like to activate Postfix in /usr/local/etc/mail/mailer.conf [n]?n
echo 'postfix: root' >> /etc/aliases
/usr/local/bin/newaliases
chown postfix:postfix /etc/opiekeys
pw groupadd vmail -g 500
pw useradd vmail -u 500 -g 500 -s /sbin/nologin -d /dev/null
mkdir /home/domains
chown -R vmail:vmail /home/domains
chmod -R ug+rwx,o-rwx /home/domains
mkdir /usr/local/etc/postfix/TLS
cd /usr/local/etc/postfix/TLS
openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 7300
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Hong Kong
Locality Name (eg, city) []:Hong Kong
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Jason Tang Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:Jason Tang
Email Address []: [email protected]
vi /usr/local/etc/postfix/main.cf
myhostname = mail.jason-tang.com
mydomain = jason-tang.com
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.1/32
inet_interfaces = all
virtual_mailbox_base = /home/domains/
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:500
virtual_gid_maps = static:500
virtual_transport = maildrop
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
message_size_limit = 51200000
virtual_mailbox_limit = 209715200
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_banner=$myhostname ESMTP $mail_name ($mail_version)
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/postfix/TLS/smtpd.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/TLS/smtpd.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/TLS/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks.regexp
vi /usr/local/etc/postfix/master.cf
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
vi /usr/local/etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'
vi /usr/local/etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
additional_conditions = AND active = '1'
vi /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'
vi /usr/local/etc/postfix/mime_header_checks.regexp
/filename=\"?(.*)\.(bat|cmd|com|pif|exe)\"?$/ REJECT
vi /etc/rc.conf
postfix_enable="YES"
Install Sudo
cd /usr/ports/security/sudo
make install clean
vi /usr/local/etc/sudoers
www ALL=(vmail) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postcreation.sh, /usr/local/bin/postfixadmin-mailbox-postdeletion.sh, /usr/local/bin/postfixadmin-domain-postdeletion.sh
Install Postfixadmin
cd /usr/ports/mail/postfixadmin
make install clean
add
[X] MYSQL MySQL database support
1. Copy *.sh Files
cp -rp /usr/local/share/postfixadmin/ADDITIONS/postfixadmin*.sh /usr/local/bin
chmod 755 /usr/local/bin/postfixadmin*.sh
vi /usr/local/bin/postfixadmin-mailbox-postcreation.sh
change
basedir=/var/spool/maildirs
to
basedir=/home/domains
change
maildirmake "$maildir"
to
/usr/local/bin/maildirmake "$maildir"
vi /usr/local/bin/postfixadmin-mailbox-postdeletion.sh
change
basedir=/var/spool/maildirs
trashbase=/var/spool/deleted-maildirs
to
basedir=/home/domains
trashbase=/home/domains
vi /usr/local/bin/postfixadmin-domain-postdeletion.sh
change
basedir=/var/spool/maildirs
trashbase=/var/spool/deleted-maildirs
to
basedir=/home/domains
trashbase=/home/domains
2. Create the MySQL Database
mysql -u root -p
test
CREATE DATABASE postfix;
GRANT ALL ON postfix.* TO [email protected] IDENTIFIED BY "postfix";
exit
3. Configure PostfixAdmin
vi /usr/local/www/postfixadmin/config.inc.php
$CONF['configured'] = true;
$CONF['database_type'] = 'mysqli';
$CONF['database_password'] = 'postfix';
$CONF['admin_email'] = '[email protected]';
$CONF['aliases'] = '0';
$CONF['mailboxes'] = '0';
$CONF['maxquota'] = '0';
$CONF['domain_quota_default'] = '0';
$CONF['domain_quota'] = 'NO';
$CONF['vacation'] = 'YES';
$CONF['vacation_domain'] = 'autoreply.jason-tang.com';
$CONF['footer_text'] = 'Return to mail.jason-tang.com PostfixAdmin';
$CONF['footer_link'] = 'http://mail.jason-tang.com/postfixadmin';
$CONF['mailbox_postcreation_script']='/usr/local/bin/sudo -u vmail /usr/local/bin/postfixadmin-mailbox-postcreation.sh';
// $CONF['mailbox_postedit_script'] = '';
$CONF['mailbox_postdeletion_script']='/usr/local/bin/sudo -u vmail /usr/local/bin/postfixadmin-mailbox-postdeletion.sh';
// $CONF['domain_postcreation_script'] = '';
$CONF['domain_postdeletion_script']='/usr/local/bin/sudo -u vmail /usr/local/bin/postfixadmin-domain-postdeletion.sh';
$CONF['new_quota_table'] = 'NO';
4. Configure Apache
vi /usr/local/etc/apache24/httpd.conf
Alias /postfixadmin "/usr/local/www/postfixadmin/"
<Directory "/usr/local/www/postfixadmin">
Options Indexes
AllowOverride ALL
Require all granted
</Directory>
/usr/local/etc/rc.d/apache24 restart
5.http://IP/postfixadmin/setup.php
You should see a list of 'OK' messages.
Change setup password
Setup password <-------- Input your Setup Password
Setup password (again) <-------- Input your Setup Password again
And then click "Generate password hash"
If you want to use the password you entered as setup password, edit config.inc.php or config.local.php and set
$CONF['setup_password'] = '8c487e1722baa627e55712178141b21b:518761bc455e27d52eb1ed0faffecb8aeea2c90e';
vi /usr/local/www/postfixadmin/config.inc.php
$CONF['setup_password'] = '8c487e1722baa627e55712178141b21b:518761bc455e27d52eb1ed0faffecb8aeea2c90e';
You should see a list of 'OK' messages.
Create superadmin account
Setup password <-------- Input your Setup password
Admin: <-------- Input your Email address(Just for postfixadmin)
Password: <-------- Input your Password
Password (again): <-------- Input your Password again
And then click "Add Admin"
The admin [email protected] has been added!
You are done with your basic setup.
You can now login to PostfixAdmin using the account you just created.
mv /usr/local/www/postfixadmin/setup.php /usr/local/www/postfixadmin/setup.php.disabled
chmod 000 /usr/local/www/postfixadmin/setup.php.disabled
Install Courier-imap
cd /usr/ports/mail/courier-imap
make install clean
add
[X] AUTH_MYSQL MySQL support
chmod +x /var/run/authdaemond
vi /usr/local/etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
vi /usr/local/etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_DATABASE postfix
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '500'
MYSQL_GID_FIELD '500'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/home/domains/',maildir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/home/domains/',maildir)
MYSQL_QUOTA_FIELD concat(quota,'S')
MYSQL_WHERE_CLAUSE active='1'
cp -rp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf
/usr/local/share/courier-imap/mkpop3dcert
cp -rp /usr/local/etc/courier-imap/imapd.cnf.dist /usr/local/etc/courier-imap/imapd.cnf
/usr/local/share/courier-imap/mkimapdcert
/usr/local/share/courier-imap/mkdhparams
vi /usr/local/etc/courier-imap/pop3d-ssl
TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@..."
vi /usr/local/etc/courier-imap/imapd-ssl
TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@..."
vi /etc/rc.conf
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_imapd_ssl_enable="YES"
Install Maildrop
cd /usr/ports/mail/maildrop
make WITH_AUTHLIB=yes install clean
[X] AUTH_MYSQL MySQL support
vi /usr/local/etc/postfix/master.cf
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
Install Squirrelmail
cd /usr/ports/mail/squirrelmail
make install clean
#for multiple language support
cd /usr/ports/mail/squirrelmail-translations
make install clean
#for multiple language support
chown -R www:www /usr/local/www/squirrelmail
/usr/local/www/squirrelmail/configure
10->1->zh_TW->2->utf-8->S->Q
vi /usr/local/etc/apache24/httpd.conf
Alias /webmail "/usr/local/www/squirrelmail/"
<Directory "/usr/local/www/squirrelmail">
Options Indexes
AllowOverride ALL
Require all granted
</Directory>
cd /usr/local/www/squirrelmail/config
cp config_default.php config.php
reboot
Test:
http://IP/postfixadmin
http://IP/webmail
Install clamav
cd /usr/ports/security/clamav
make install clean
[X] MILTER Compile the milter interface
vi /usr/local/etc/clamav-milter.conf
AddHeader Yes
vi /etc/rc.conf
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_milter_enable="YES"
/usr/local/etc/rc.d/clamav-clamd restart
/usr/local/bin/freshclam
Install SpamAssassin
cd /usr/ports/security/p5-IO-Socket-SSL
make config
Add
[X] IDN International Domain Names support
OK
make install clean
cd /usr/ports/mail/spamassassin
make install clean
/usr/local/bin/sa-update
vi /usr/local/etc/mail/spamassassin/local.cf
rewrite_header Subject *****SPAM*****
report_safe 1
required_score 5.0
use_bayes 1
bayes_auto_learn 1
vi /etc/rc.conf
spamd_enable="YES"
spamd_flags="-u spamd -H /var/spool/spamd"
/usr/local/etc/rc.d/sa-spamd restart
chown -R spamd:spamd /root/.spamassassin
cd /usr/ports/mail/spamass-milter
make install clean
vi /usr/local/etc/rc.d/spamass-milter
change
: ${spamass_milter_socket_mode="644"}
to
: ${spamass_milter_socket_mode="777"}
vi /etc/rc.conf
spamass_milter_enable="YES"
vi /usr/local/etc/postfix/main.cf
milter_connect_macros = b j _ {daemon_name} {if_name} {if_addr}
smtpd_milters =
unix:/var/run/clamav/clmilter.sock
unix:/var/run/spamass-milter.sock
milter_default_action = accept
Install Virtual Vacation
1. Create a local account
pw groupadd vacation -g 501
pw useradd vacation -u 501 -g 501 -s /sbin/nologin -d /nonexistent -c "Virtual Vacation"
2. Install vacation.pl
mkdir /var/spool/vacation
cp -rp /usr/local/share/postfixadmin/VIRTUAL_VACATION/vacation.pl /var/spool/vacation/vacation.pl
#had to download vacation.pl from https://github.com/postfixadmin/postfixadmin/blob/master/VIRTUAL_VACATION/vacation.pl
chown -R root:vacation /var/spool/vacation
chmod -R 750 /var/spool/vacation
3. Setup the transport type
vi /usr/local/etc/postfix/master.cf
vacation unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}
4. Setup the transport maps file
vi /usr/local/etc/postfix/main.cf
transport_maps = hash:/usr/local/etc/postfix/transport
vi /usr/local//etc/postfix/transport
autoreply.jason-tang.com vacation
/usr/local/sbin/postmap /usr/local/etc/postfix/transport
5. Configure vacation.pl
vi /var/spool/vacation/vacation.pl
change
#!/usr/bin/perl -X
to
#!/usr/local/bin/perl -X
our $db_type = 'mysql';
our $db_username = 'postfix';
our $db_password = 'postfix';
our $db_name = 'postfix';
our $vacation_domain = 'autoreply.jason-tang.com';
/usr/local/etc/rc.d/postfix reload
perl -MCPAN -e 'install DBI'
cd /usr/ports/databases/p5-DBD-mysql/
make install clean
reboot
ref: http://www.jason-tang.com/index.php/system/15-bsd/88-install-postfix-on-freebsd-11-0-minimal-ports-src-sshd-enable-disable-sendmail