# Sendmail+procmail+imapuw+smtpauth+sasl+ssl+spamass assin



## rop (Nov 25, 2009)

I have made this configuration few years ago on 6.1 release for testing purposes.I hope it is not much outdated.

*Imap-uw*
Install mail/cclient with -DWITH_SSL_AND_PLAINTEXT (for e-mail clients without ssl support)

```
cd /usr/ports/mail/cclient
make -DWITH_SSL_AND_PLAINTEXT install
```
Install mail/imap-uw

```
cd /usr/ports/mail/imap-uw
make -DWITH_SSL_AND_PLAINTEXT install
```
make OpenSSL cert for imapd and ipop3s

```
make cert
```
Edit /etc/inetd.conf add following lines

```
imaps stream tcp nowait root /usr/local/libexec/imapd imapd
pop3s stream tcp nowait root /usr/local/libexec/ipop3d ipop3d
```
Test configuration with e-mail client.

*Sendmail*
Install cyrus-sasl2 and dependent packages.

```
cd /usr/ports/security/cyrus-sasl2-saslauthd
make install
```
Edit /etc/rc.conf

```
saslauthd_enable="YES"
```
Test saslauthd

```
/usr/local/etc/rc.d/saslauthd start
testsaslauthd -u [username] -p [passwd]
0: OK "Success."
```
You have to recompile sendmail to work with cyrus. In /etc/make.conf make sure you have following lines unhashed

```
SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
```

Check /usr/local/lib/sasl2/Sendmail.conf for entry:

```
pwcheck_method: sasl_authd
```
then:

```
cd /usr/src/lib/libsm; make clean; make obj; make depend; make
cd /usr/src/lib/libsmutil; make clean; make obj; make depend; make
cd /usr/src/usr.sbin/sendmail; make clean; make obj; make depend; make; make
install
```
SSL certs:

```
mkdir /etc/mail/certs
cd /etc/mail/certs
openssl dsaparam 1024 -out dsa1024.pem
openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout
mykey.pem
rm dsa1024.pem
chmod -R 600 /etc/mail/certs/*
```
Change directory to /etc/mail
If you don't have my.domain.mc file there do

```
make all
```
 then edit my.domain.mc and add following lines:

```
define(`confAUTH_MECHANISMS',`PLAIN LOGIN')
TRUST_AUTH_MECH(`PLAIN LOGIN')
define(`CERT_DIR', `/etc/mail/certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR/mycert.pem')
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')
DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')
```
You can deal with sendmail daemon options (DAEMON_OPTIONS) for further adjustments.
Add procmail to config file

```
FEATURE(local_procmail)
MAILER(procmail)
```
You can define maximum message size (here its really big )

```
define(`confMAX_MESSAGE_SIZE', `104857600')
```
Quit editing and rebuild configuration (still in /etc/mail)

```
make all install restart
```
I assume you have 

```
sendmail_enable="YES"
```
in /etc/rc.conf.

*Procmail*
Fast install

```
cd /usr/ports/mail/procmail
make install clean
```

*Spamassassin*

```
cd /usr/ports/mail/p5-Mail-SpamAssassin
make install clean
```
There are huge possibilities of configuration for spamassassin
The simple one for test needs:
/usr/local/etc/mail/spamassassin/local.cf

```
rewrite_header Subject *****SPAM*****
required_hits 5
rewrite_subject 1
report_header 1
use_terse_report 1
defang_mime 0
report_safe 0
use_bayes 1
auto_learn 1
```
Edit /etc/rc.conf

```
spamd_enable="YES"
```
Launch spamassassin

```
/usr/local/etc/rc.d/sa-spamd start
```

*Mailbox quota*
I accepted the solution which doesn't use system quota.
Visit http://www.xray.mpe.mpg.de/mailing-lists/procmail/2003-07/msg00021.html to get more detailed informations.

Download http://www.it.ca/software/fsizecompare.c and compile it

```
$ cc fsizecompare.c -o fsizecompare
```
I have attached this file in case broken link.
The result binary let you check size of the mailbox.
The fsizecompare file should be accessible for procmail (you can use $PATH variable to achieve it). Part of procmail configuration file (procmailrc) responsible for quota checking should looks like:

```
QUOTA=15000000
MSG="User's quota exceeded. You should also see a bounce message."
:0
* !$? fsizecompare $QUOTA $ORGMAIL
{ EXITCODE=77 }
:0 A
* ^Subject: \/.+
| ( formail -rI"BOUNCED: $MATCH" ; echo "$MSG" ) | $SENDMAIL -t â€“oi
```
First line define quota size.
Try to notice that this will check mailbox user size
(/var/mail/[username]) so QUOTA size should allow for maximal message size.

*Tests*
Create .procmailrc in home directory

```
LOGFILE=$HOME/procmail.log
QUOTA=15000000
SHELL=/bin/sh
PATH=$HOME:/usr/bin:/usr/local/bin:/usr/local/sbin:${PATH}
MSG="User's quota exceeded. You should also see a bounce message."
:0
* !$? fsizecompare $QUOTA $ORGMAIL
{ EXITCODE=77 }
:0 A
* ^Subject: \/.+
| ( formail -rI"BOUNCED: $MATCH" ; echo "$MSG" ) | $SENDMAIL -t â€“oi
:0fw
| /usr/local/bin/spamc -s 256000
```
Send test e-mail
Examine procmail.log if procmail corectly process e-mail messages. Check e-mail header for spamassassin entries:

```
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
foo.com
X-Spam-Level:
X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=ham
version=3.1.7
```

Working sendmail mc file:

```
divert(0)
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.6.1 2006/04/13 04:00:23
gshapiro Exp $')
OSTYPE(freebsd6)
DOMAIN(generic)
FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
FEATURE(local_procmail)
dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl your permission.
dnl FEATURE(relay_based_on_MX)
dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl [url]http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/[/url]
dnl Uncomment to activate Realtime Blackhole List
dnl information available at [url]http://www.mail-abuse.com/[/url]
dnl NOTE: This is a subscription service as of July 31, 2001
dnl FEATURE(dnsbl)
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from "
$&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?"
$&{client_addr}')
dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')
dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')
dnl Enable for both IPv4 and IPv6 (optional)
dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet')
dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(procmail)
MAILER(local)
MAILER(smtp)
define(`confAUTH_MECHANISMS',`PLAIN LOGIN')
TRUST_AUTH_MECH(`PLAIN LOGIN')
define(`CERT_DIR', `/etc/mail/certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR/mycert.pem')
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')
DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')
define(`confMAX_MESSAGE_SIZE', `104857600')
```
Read sources of this howto:
http://www.puresimplicity.net/~hemi/freebsd/sendmail.html
http://wiki.bestpractical.com/view/SpamFiltering
Excuse my english and mistakes


----------

