# PostgreSQL+Postfix+Nginx+PHP+RoundCube+Dovecot+ SpamAssassin+Clamav+Spamd



## graudeejs (Jan 27, 2010)

When Installing software I will use portmaster from ports-mgmt/portmaster

Goal of this howto (unsorted):

configure mail server that will handle virtual mailboxes, virtual domains and/or relay mail to other hosts.
configure webmail
let users to connect to their accounts using imaps protocol
let user to send mail using smtps protocol
configure antivirus and spam filtering software
use only OpenSource software available in FreeBSD ports
where possible/nessacery encrypt connections with OpenSSL
use static uid:gid for mail
store mail in /mail/[red]domain[/red]/[red]username[/red]
use sockets where possible
[red]configure my own mailserver[/red]

*Table Of Content*
Preparing system
Install PostgreSQL
Install & configure Dovecot
Install & configure Postfix
Install & configure nginx
Install & configure RoundCube
Configure PostgreSQL
Configure PHP
Install and Configure Spamd
Install and Configure Clamav
Install and Configure SpamAssassin
Checking if it works
References
Change log​
I've left some reserved posts for future use {perhaps security related or something else}


----------



## graudeejs (Jan 27, 2010)

Preparing system

I'll use GENERIC kernel
To be able to run PostgreSQL in jail you need to {you may/will need to tune these values to your needs}

```
# cat < EOF >> [file]/boot/loader.conf[/file]
kern.ipc.semmni=40
kern.ipc.semmns=240
kern.ipc.seumr=40
kern.ipc.semmnu=120
EOF
# echo 'security.jail.sysvipc_allowed=1' >> [file]/etc/sysctl.conf[/file]
```

and

```
# echo 'jail_sysvipc_allow="YES"' >> [file]/etc/rc.conf[/file]
```


Sine we'll be using jail, we also want to use nullfs

```
# echo 'nullfs_load="YES"' >> [file]/boot/loader.conf[/file]
```


now reboot your FreeBSD, and create new jails, start it and jexec to it.
[red]Everything below will be executed in jail[/red]

*Now in your jail*
By default OpenSSL from Base system will create 1024 bit RSA keys, I don't like that, It's not enough.
So in /etc/ssl/openssl.cnf
find and set

```
default_bits            = 4096
```


----------



## graudeejs (Jan 27, 2010)

Install PostgreSQL

Install and start postgresql

```
# portmaster [port]databases/postgresql84-server[/port]
# echo 'postgresql_enable="YES"' >> [file]/etc/rc.conf[/file]
# /usr/local/etc/rc.d/postgresql initdb
# /usr/local/etc/rc.d/postgresql start
```


----------



## graudeejs (Jan 27, 2010)

Install & configure Dovecot

Install dovecot

```
# portmaster [port]mail/dovecot[/port]
```
make sure to select *SSL*, *PGSQL*

Create SSL/TLS certificate for secure connections:

```
# mkdir -p /etc/ssl/dovecot
# cd /etc/ssl/dovecot
# openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 365
# chmod 640 /etc/ssl/dovecot/*
```
more info: http://forums.freebsd.org/showthread.php?t=6490

Edit /usr/local/etc/dovecot.conf

```
protocols = imaps
disable_plaintext_auth = no

ssl = yes
ssl_cert_file = /etc/ssl/dovecot/cert.pem
ssl_key_file = /etc/ssl/dovecot/key.pem

mail_privileged_group = mail
dotlock_use_excl = yes
mail_location = maildir:/mail/%d/%n
verbose_proctitle = yes

# mailnull user id is 26
first_valid_uid = 26
last_valid_uid = 26
mail_uid = mailnull

# mail goup id is 6
first_valid_gid = 6
last_valid_gid = 6
mail_gid = mail

maildir_copy_with_hardlinks = yes

protocol imap {
  imap_client_workarounds = delay-newmail netscape-eoh tb-extra-mailbox-sep
  mail_plugins = quota imap_quota
}

protocol managesieve {

}

protocol lda {
  postmaster_address = postmaster@example.com
  sendmail_path = /usr/sbin/sendmail
  mail_plugins = quota
}

auth_username_format = %Lu

auth default {
  mechanisms = plain

  passdb sql {
    args = /usr/local/etc/dovecot-sql.conf
  }
  userdb prefetch {
    # keep this, otherwise quota won't work
  }

  user = root

  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = mailnull
      group = mail
    }
    client {
      path = /var/run/dovecot/auth-client
      mode = 0660
        user = postfix
        group = mail
    }
  }

}

dict {

}

plugin {
  quota = maildir:User quota
  quota_rule = *:storage=1GB
}
```

Edit /usr/local/etc/dovecot-sql.conf

```
driver = pgsql
connect = host=/tmp dbname=mail user=dovecot password=DovecotPassword
default_pass_scheme = PLAIN-MD5

password_query = \
  SELECT username, domain, password, '*:bytes=' || quota || '[red]M[/red]' AS userdb_quota_rule \
  FROM mailbox WHERE username = '%n' AND domain = '%d' AND active = true
```
M in red means that SQL query will return quota in Megabytes (Consider it as modifier)

*TIP: host can be IP, hostname of path to PostgreSQL socket*

Enable dovecot at jail startup

```
# echo 'dovecot_enable="YES"' >> [file]/etc/rc.conf[/file]
```

_NOTE: you may want to install mail/dovecot-sieve, it will help you to automatically move different mails to different folders _


----------



## graudeejs (Jan 27, 2010)

Install & configure Postfix

Stop sendmail

```
# /etc/rc.d/sendmail stop
```

Install postfix

```
# portmaster [port]mail/postfix[/port]
...
Added group "postfix".
Added group "maildrop".
Added user "postfix".
You need user "postfix" added to group "mail".
Would you like me to add it [y]? [red][b]y[/b][/red]
...
Would you like to activate Postfix in /etc/mail/mailer.conf [n]? [red][b]y[/b][/red]
```
make sure to select *DOVECOT*, *TLS*, *PGSQL*, *VDA*

Make system use postfix instead of sendmail

```
# cat < EOF >> [file]/etc/rc.conf[/file]
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
EOF
# cat < EOF >> [file]/etc/periodic.conf[/file]
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
EOF
```

Create and secure the SMTP SSL certificate:

```
# mkdir -p /etc/ssl/postfix
# cd /etc/ssl/postfix
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 365
# chmod 640 /etc/ssl/postfix/*
# chgrp -R postfix /etc/ssl/postfix
```

edit red test in /usr/local/etc/postfix/main.cf

```
...
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing.  When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#[red]

smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_unauth_pipelining,
  reject_invalid_hostname,
  reject_rbl_client bl.spamcop.net

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks


virtual_mailbox_base = /mail
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_maps.cf
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_domains.cf
virtual_alias_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_alias_maps.cf
local_recipient_maps = $virtual_mailbox_maps
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes

[b]# I use static uid:gid, dynamic ones caused problems for me {permission related}[/b]
virtual_uid_maps = static:26
virtual_gid_maps = static:6

virtual_transport = dovecot

smtpd_delay_reject = yes
smtpd_helo_required = yes


broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous


smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
[/red]
...
myhostname = [red]example.com[/red]
...
mydomain = [red]example.com[/red]
...
mydestination = [red]localhost.$mydomain, localhost[/red]
...
#relay_domains = pgsql:/usr/local/etc/postfix/pgsql_relay_domains.cf
...
```


uncomment this in /usr/local/etc/postfix/master.cf

```
[red]smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject[/red]
  -o message_size_limit=26214400
```
message_size_limit will change message size limit from 10240000B (default) to 25M

and add this to /usr/local/etc/postfix/master.cf

```
dovecot    unix -        n       n       -       -       pipe
  flags=DRhu user=mailnull:mail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}
```



/usr/local/etc/postfix/pgsql_relay_domains.cf

```
user = postfix
password = postfix_password
hosts = /tmp
dbname = mail
query = SELECT domain FROM mailbox_relay_domains WHERE domain = '%s' AND active = true
```

/usr/local/etc/postfix/pgsql_virtual_alias_maps.cf

```
user = postfix
password = postfix_password
hosts = /tmp
dbname = mail
query = SELECT dest_username || '@' || dest_domain FROM mailbox_aliases WHERE address = '%s' AND active = true
```

/usr/local/etc/postfix/pgsql_virtual_mailbox_domains.cf

```
user = postfix
password = postfix_password
hosts = /tmp
dbname = mail
query = SELECT domain FROM mailbox WHERE domain = '%s' AND active = true
```

/usr/local/etc/postfix/pgsql_virtual_mailbox_limit_maps.cf

```
user = postfix
password = postfix_password
hosts = /tmp
dbname = mail
query = SELECT quota FROM mailbox WHERE username = '%u' AND domain = '%d' AND active = true
```

/usr/local/etc/postfix/pgsql_virtual_mailbox_maps.cf

```
user = postfix
password = postfix_password
hosts = /tmp
dbname = mail
query = SELECT domain || '/' || username FROM mailbox WHERE username = '%u' AND domain = '%d' AND active = true
```
*TIP: as host you can use IP, hostname or path to postgreSQL socket*

Secure Postfixâ€™s PGSQL files:
	
	



```
# chmod 640 /usr/local/etc/postfix/pgsql_*
# chgrp postfix /usr/local/etc/postfix/pgsql_*
```


Create our virtual mail directories:

```
# mkdir /mail
# chown mailnull:mail /mail
```


Enable postfix at jail startup

```
echo 'postfix_enable="YES"' >> [file]/etc/rc.conf[/file]
```


----------



## graudeejs (Jan 27, 2010)

Install & configure nginx

Install nginx and spawn_fcgi

```
# portmaster [port]www/nginx[/port] [port]www/spawn-fcgi[/port]
```

enable service

```
# cat < EOF >> [file]/etc/rc.conf[/file]
nginx_enable="YES"
spawn_fcgi_enable="YES"
spawn_fcgi_bindaddr=""
spawn_fcgi_bindport=""
spawn_fcgi_bindsocket="/var/run/spawn_fcgi.socket"
spawn_fcgi_bindsocket_mode="0700"
EOF
```
this will start spawn_fcgi with socket, instead of listening to some port

/usr/local/etc/nginx/nginx.conf

```
#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;



    server {
[B]        # This will redirect http to https :D[/B]
        listen       80;
        server_name example.com;
        location / {
            rewrite ^ https://example.com/$request_uri? permanent;
        }
    }


    server {
        listen       443;
        server_name  example.com;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   /usr/local/www/roundcube;
            index  index.php;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }

               location ~ \.php$ {
            root           /usr/local/www/roundcube;
            fastcgi_pass   unix:/var/run/spawn_fcgi.socket;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /usr/local/www/roundcube/$fastcgi_script_name;
            include        fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}

        ssl                  on;
        ssl_certificate      /etc/ssl/www/www.pem;
        ssl_certificate_key  /etc/ssl/www/www.pem;
        ssl_session_timeout  5m;
        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;

        client_max_body_size 25m;
    }

}
```
This will listen on https port, it's a good idea to make another host to listen on port 80, and redirect to https

*client_max_body_size 25m;* this will set max body size to 25M which means, that you can upload up to 25M per file. It's important to set this variable, not only in php.ini {see *Configure PHP* section below

*TIP: you can install nginx+RoundCube+PHP in different jail. I think this would add extra security layer to mail server. One thing I dislike about RoundCube is that It can't connect to db via socket*


----------



## graudeejs (Jan 27, 2010)

Install and configure RoundCube

Install

```
portmaster [port]mail/roundcube[/port]
```
Make sure to select *PGSQL*, *SSL*
When asked for php5 config make sure to select *FASTCGI*

in /usr/local/www/roundcube/config/db.inc.php set

```
[b]# you should be able to use hostname instead of IP as well
# unfortunatly it's not possible to specify socket :([/b]
$rcmail_config['db_dsnw'] = 'pgsql://roundcube:[red]RoundcubePassword[/red]@123.123.123.123/mail'
```

in /usr/local/www/roundcube/config/main.inc.php set
	
	



```
$rcmail_config['log_driver'] = 'syslog';
$rcmail_config['force_https'] = TRUE;
$rcmail_config['default_host'] = 'ssl://example.com';
$rcmail_config['default_port'] = 993;
$rcmail_config['imap_auth_type'] = auth;
$rcmail_config['username_domain'] = 'example.com';
$rcmail_config['mail_domain'] = 'example.com';
$rcmail_config['smtp_server'] = 'ssl://example.com';
$rcmail_config['smtp_port'] = 465;
$rcmail_config['smtp_user'] = '%u';
$rcmail_config['smtp_pass'] = '%p';
$rcmail_config['sendmail_delay'] = 20;
$rcmail_config['session_lifetime'] = 30;
[b]// set some random password[/b]
$rcmail_config['des_key'] = 'SomeRandom24charPassword';
$rcmail_config['language'] = lv_LV;
$rcmail_config['product_name'] = 'Example.com :)';
$rcmail_config['create_default_folders'] = TRUE;
$rcmail_config['default_charset'] = 'ISO-8859-13';
$rcmail_config['identities_level'] = 1;
$rcmail_config['max_pagesize'] = 100;
$rcmail_config['log_logins'] = true;
[b]// this doesn't seam to work.... perhaps a bug...[/b]
$rcmail_config['timezone'] = 'Europe/Riga';
$rcmail_config['show_images'] = 1;
[b]// most average users probably prefer html emails[/b]
$rcmail_config['htmleditor'] = TRUE;
```
to get info what these variables means read config file, it's pretty well commented


----------



## graudeejs (Jan 27, 2010)

Configure PostgreSQL

*PostreSQL configuration for RoundCube*

```
# su pgsql
$ psql template1
-- create users
CREATE USER postfix ENCRYPTED password 'PostfixPassword';
CREATE USER dovecot ENCRYPTED password 'DovecotPassword';
CREATE ROLE mailman WITH USER postfix, dovecot;
-- create group
CREATE DATABASE mail OWNER mailman;

\c mail

-- virtual mailboxes
CREATE TABLE mailbox (
	username	VARCHAR(128) NOT NULL,
	domain		VARCHAR(128) NOT NULL,
	password	CHAR(32) NOT NULL,
	quota		INTEGER DEFAULT 1024 NOT NULL,
	active		BOOLEAN DEFAULT true NOT NULL,
	PRIMARY KEY (username, domain)
);

-- virtual mailbox aliases
CREATE TABLE mailbox_aliases (
	address		VARCHAR(256) PRIMARY KEY,
	dest_username	VARCHAR(128) NOT NULL,
	dest_domain	VARCHAR(128) NOT NULL,
	active		BOOLEAN DEFAULT true NOT NULL,
	FOREIGN KEY (dest_username, dest_domain) REFERENCES mailbox (username, domain) ON DELETE CASCADE
);

-- relay domains
CREATE TABLE mailbox_relay_domains (
	domain		VARCHAR(256) PRIMARY KEY,
	active		BOOLEAN DEFAULT true NOT NULL
);



-- grant permissions
GRANT SELECT ON mailbox TO dovecot;
GRANT SELECT ON mailbox,mailbox_aliases,mailbox_relay_domains TO postfix;

-- create virtual domain
-- currently virtual domains doesn't work for me
INSERT INTO domains_relay_domains VALUES ('example.com');

-- create user
INSERT INTO mailbox VALUES ('test','example.com','MD5 Hash of password');

-- create virtual aliases
INSERT INTO mailbox_aliases VALUES ('postmaster@example.com', 'test', 'example.com');
INSERT INTO mailbox_aliases VALUES ('root@example.com', 'test', 'example.com');
INSERT INTO mailbox_aliases VALUES ('example@example.com', 'test', 'example.com');
INSERT INTO mailbox_aliases VALUES ('abuse@example.com', 'test', 'example.com');

-- create roundcube and database
CREATE USER roundcube ENCRYPTED password 'RoundcubePassword';
CREATE DATABASE webmail WITH OWNER roundcube;
\c - roundcube

-- create tables etc for roundcube
\i /usr/local/www/roundcube/SQL/postgres.initial.sql

-- exit psql
\q
```


in /usr/local/pgsql/data/pg_hba.conf you need to set
who is allowed access postgresql and from where. This file is pretty well
written so, you should read it yourself 

Add this entry

```
local   mail        postfix,dovecot                        md5
host    webmail     roundcube           [red]jail_IP[/red]/32         md5
```



If postfix and dovecot connects to database over net, then

```
host    mail        postfix,dovecot     [red]jail_IP[/red]/32         md5
host    webmail     roundcube           [red]jail_IP[/red]/32         md5
```
also for db security I suggest you change password for pgsql user and set password authentication for everything and everyone form anywhere


----------



## graudeejs (Jan 27, 2010)

Configure PHP

To attach files in webmail interface (roundcube) we need to configure php to allow uploading bigger files {by default it's about 2MB, which is very, very small}

copy example config file

```
# cp /usr/local/etc/php.ini-recommended /usr/local/etc/php.ini
```

edit variables in /usr/local/etc/php.ini

```
; Maximum size of POST data that PHP will accept.
post_max_size = 25M

; Maximum allowed size for uploaded files.
upload_max_filesize = 20M

; Maximum number of files that can be uploaded via a single request
max_file_uploads = 10
```

EDIT: after editing /usr/local/etc/php.ini if spawn-fcgi is started, you need to restart it, for new setting to take effect

```
# /usr/local/etc/rc.d/spawn-fcgi restart
```


----------



## graudeejs (Feb 5, 2010)

[red]This section must be done on host system, not in jail[/red]

Install and configure spamd (common)

```
# portmaster [port]mail/spamd[/port]
```


```
# cat < EOF >> [file]/etc/rc.conf[/file]
obspamlogd_enable="YES"
obspamd_enable="YES"
obspamd_flags="-l IP_mail_server -h example.com"
EOF
```
-l is optional, if you omit it, spamd will listen on all aliased IP's AFAIK

*enable and configure pf* { this one you figure out yourself  }

you need to mount *fdescfs* to */dev/fs* for graylisting to work.

```
# echo 'fdescfs /dev/fd fdescfs rw 0 0' >> [file]/etc/fstab[/file]
```

And you need to create spamd database

```
# touch /var/db/spamd
# chown _spamd:_spamd /var/db/spamd
# chmod ug=rw,o= /var/db/spamd
```


Configure spamd (blacklisting)

to *obspamd_flags* in /etc/rc.conf add *-b* flag

I haven't yet figured out how exactly and does it work at all.
Run `# crontab -e` and add this

```
48      *       *       *       *       /usr/local/sbin/spamd-setup
```
This should fetch blacklists

to /etc/pf.conf add this
	
	



```
table <spamd> persist
rdr pass inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port spamd

# let spamd-setup update blacklist
pass out on $e_if0 inet proto tcp from [red]Host_IP[/red] to any port { spamd, spamd-cfg } keep state
pass out on $e_if0 inet proto udp from [red]Host_IP[/red] to any port spamd-sync keep state
```



Configure spamd (graylisting)

*grayisting may have a one serious dissadvangate. It may delay mail for more than 35 minutes... In case of gmail, it can be even longer, because gmail may try to deliver mail from different servers. You can probably resolve this by whitelisting all gmail IP's {but I don't have such a list, unfortunately}*

to /etc/pf.confadd this
	
	



```
table <spamd-white> persist
rdr pass inet proto tcp from !<spamd-white> to any port smtp -> 127.0.0.1 port spamd
```


*TIP: you can combine bough methods  also you can create your own whitelist and use it as well*


----------



## graudeejs (Feb 5, 2010)

Install and configure Clamav

install clamsmtp and clamav

```
# portmaster [port]security/clamav[/port] [port]security/clamsmtp[/port]
```

copy example config file

```
# cp /usr/local/etc/clamd.conf.default /usr/local/etc/clamd.conf
# cp /usr/local/etc/clamsmtpd.conf-sample /usr/local/etc/clamsmtpd.conf
# cp /usr/local/etc/freshclam.conf.default /usr/local/etc/freshclam.conf
```

Edit /usr/local/etc/clamd.conf

```
TemporaryDirectory /tmp
LocalSocket /var/run/clamav/clamd.socket
User clamav
```

Edit /usr/local/etc/clamsmtpd.conf the way you like
	
	



```
ClamAddress: /var/run/clamav/clamd.socket
Header: X-Virus-Scanned: ClamAV using ClamSMTP
TempDirectory: /tmp
Action: drop
Quarantine: off
User: clamav
```
make sure that *clamsmtpd* and *clamd* use same user and socket


Now you need to add fallowing to /usr/local/etc/postfix/master.cf

```
# AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes
        -o smtp_enforce_tls=no
# For injecting mail back into postfix from the filter
[red]IP_of_jail[/red]:10026 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=[red]IP_of_jail[/red]
```

to /usr/local/etc/postfix/main.cf add

```
content_filter = scan:[[red]IP_of_jail[/red]]:10025
```


enable clamav, freshclam and clamsmtpd at startup

```
cat < EOF >> [file]/etc/rc.conf[/file]
clamsmtpd_enable="YES"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_freshclam_flags="--quiet -a jail_ip -c 24"
EOF
```
*-c 12* means, that freshclam should update virus database every 2 hours (valid values 1-50)


----------



## graudeejs (Feb 5, 2010)

Install and configure SpamAssassin

install

```
# portmaster mail/p5-Mail-SpamAssassin
```

Configure daemon startup

```
# cat < EOF >> [file]/etc/rc.conf[/file]
spamd_enable="YES"
spamd_flags="-c --socketpath=/var/run/SpamAssassin.socket"
EOF
```
This will make spamassassin daemon to listen on socket, instead of opening port


```
# mkdir /var/spool/mqueue/.spamassassin
# chown _spamd:_spamd /var/spool/mqueue/.spamassassin
```

now run sa-update

```
# sa-update
```

add this to /usr/local/etc/postfix/master.cf

```
spamassassin unix  -       n       n       -       -       pipe
   user=nobody argv=/usr/local/bin/spamc -u mailnull -U /var/run/SpamAssassin.socket -e /usr/local/sbin/sendmail -oi -f ${sender} ${recipient}
```

and edit this line in /usr/local/etc/postfix/master.cf

```
smtp      inet  n       -       n       -       -       smtpd
```
to

```
smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamassassin
```

edit /usr/local/etc/mail/spamassassin/local.cf as needed.
Personally I set *required_score* to *4.0*


----------



## graudeejs (Feb 5, 2010)

Checking if it works

You might want to restart server, to check it everything is started 

Postfix
send mail to some user that is registered in database, mail should be delivered to /mail/domain/user/...
you can check status of mail queue with `# mailq`
Also send mail from jail to some other email server and see if you can send mails

Dovecot
Try logging in to your server (imap) with some mail client
Here's example mutt config:

```
set imap_user = "user@example.com"
set folder = "imaps://example.com:993"
set postponed = "+Drafts"
set spoolfile = "+INBOX"
set record = "+Sent"
```

Roundcube
This is very simple, simply open example.com in browser, and try to log in. If you can't login with roundcube, but can login with some email client, then roundcube is configured incorrectly
After you have logged in you need to check if you can send emails. Send some email to other server (gmail for example). If Roundcube won't be able to connect to smtps, than it will show error.

SpamAssassin
If SpamAssassin works, in received mail headers you should see something like this:

```
X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on bsdroot.lv
X-Spam-Level: *
X-Spam-Status: No, score=1.8 required=5.0 tests=MISSING_SUBJECT,
    TVD_SPACE_RATIO autolearn=no version=3.3.0
```

Clamav
If clamav works, in received mail headers you should see something like this:

```
X-Virus-Scanned: ClamAV using ClamSMTP
```

_NOTE: you my want to create 1 or 2 common certificates, and use it by all services (depending on your configuration). Certificates cost money (at least certificates signed by CA).

NOTE: passwords in config files are save unencrypted, later I'll think how to save them encrypted
_


More and much more detailed info in references


----------



## graudeejs (Feb 5, 2010)

Don't forget to configure you MX records on your DNS


----------



## graudeejs (Feb 5, 2010)

reserved.


----------



## graudeejs (Feb 5, 2010)

Where to look for errors:
/var/log/message
/var/log/maillog
/var/log/nginx*


References (unsorted)
almost unsorted
FreeBSD-Postfix-MySQL-SpamAssassin-Maia-Virtual Setup
Greylisting with PF
ClamSMTP: Using with Postfix
HOWTO: Mailserver mit Postfix, Dovecot, Antispam und PostgreSQL Backend (german)
postfix master(5)
postfix postconf(5)
postfix pgsql_table(5)
Dovecot LDA with Postfix
Postfix Howtos and FAQs
Greylisting
Postfix Virtual Domain Hosting Howto
Integrating SpamAssassin into Postfix using spamd
Increase upload size in your php.ini
http://wiki.dovecot.org/Quota
http://wiki.dovecot.org/Quota/1.1
want to change maxfile size in nginx
http://www.kolab.org/pipermail/kolab-users/2006-May/004885.html
nginx redirect http to https
Fighting spam with pf


Some other links I came by, but didn't really use
HOW TO: Setup RoundCube Webmail on Your Server
Nginx "how to" - Fast and Secure Web Server
Other Trick For Blocking Spam
Integrate Spamassassin into Postfix/Dovecot
Howto ipfw + spamd graylisting (in Russian)

TO Read
http://www.freespamfilter.org/FC4.html#_Toc110999157


----------



## graudeejs (Feb 12, 2010)

OK, it seams I've finished this Howto.
Suggestions and error correction {i'm just a human} are welcomed 

also don't forget that you don't need to fallow this howto step by step, you can improvize 

Originally I wanted to use lighttpd but later changed to nginx. I did that because nginx is much easier to set up, because if you make error in config, it's easier to find it.

[red]Don't expect this tutorial to work out of the box. You will need to work yourself. I wrote this from what I could remember.[/red]
But since then, I've rebuild my mail server many times, and this tutorial helped me a lot. When I find stuff that doesn't glue well, I try to fix it. So it's not perfect...


----------



## graudeejs (Feb 18, 2010)

Change log
2010-02-18: Added few lines in nginx.conf to redirect http to https
2010-02-22: Added 2x pf rules to smapd blacklist section. This fixes spamd-setup not being able to update blacklist
2010-02-23: Fixed many console commands (echo), Syntax was wrong, sorry
2010-02-26: Fixed SpamAssassin. Now it scans mail 
2010-02-26: added *Checking if it works* section
2010-03-09: Improved PostgreSQL queries in "Configure PostgreSQL" section [didn't test, but they should work, anyway, if it doesn't let me know]
2010-03-09: Fixed may typos pointed to me by osx-addict
2010-03-10: Fixed typo in Postfix section (thanks to osx-addict. Fixed one PostgreSQL query in postfix section, to match updated PostgreSQL query
2010-04-10: in Install & configure Postfix section *s/chmod mailnull:mail/chown mailnull:mail/*
2010-05-31: Fixed SQL insert query bug in *Configure PostgreSQL* section pointed out by zloidemon on jabber. Fix in *Install and configure Clamav* section
2010-11-05: Add some missing info to *SpamAssasin* section. Some other fixes
2011-01-20: Remove *relay_domains* from /usr/local/etc/postfix/main.cf, it was not needed, as it serves different purpose. Fix spamd section: you need to create database manually
2011-01-22: Fix beginning of spamd section


----------



## Sylhouette (Mar 2, 2010)

Great howto.
Makes me try using nginx instead of apache.

One note however, something that i miss, user management!

regards,
Johan


----------



## graudeejs (Mar 2, 2010)

Ah, for user management, I will write my own php scritps


----------



## mikec (Mar 4, 2010)

Great how-to killasmurf.  Ran into a couple things when starting spamassassin, on initial startup SA wants you to run sa-update first and I believe the command 

`# chown _spamd:_spamd /var/spool/mqueue/.spamassassin`

should be 

`# chown mailnull:mailnull /var/spool/mqueue/.spamassassin`

My error logs complained about SA not having permission to create or write bayes files inside the directory and I noticed in master.cf your starting SA with -u mailnull.  I made the change and SA runs perfect.

Hopefully you could add a section on automatically moving mail marked as spam.  I created a script that greps inboxes for spam flag for half hour but it'd be nice to have something do it in real time.

Great how-to.


----------



## osx-addict (Mar 9, 2010)

I read the entire thing.. End to end.. However, it might be nice on each step to indicate what is in a jail vs not.. I think you're running postgres in a jail..

Also, in the section where you're installing spamd and related 'mail' tools, you mention that they should be in the host environment.. I ran an 'smtp' jail that had everything but the roundcube/apache combination -- so it had sendmail, spamd, clamav, spamasassin, dovecot, and a few milters to glue it together.  Worked just fine.. I'll be working on setting up my jails again this evening after I get home and want to set things up like :


smtp.example.com : (sendmail or postfix), spamd, clamav, spamasassin, dovecot, maildir folders for mail
http://www.example.com  : (apache or nginx), roundcube (in a non-public directory--must know exact URL - discourage hackers), other pages, forward to other virtual domains,etc.
db.example.com   : postgres -- if I can get it to behave in a jail -- otherwise it will be back in host environment
host.example.com : host environment -- user accounts,etc.
dns.example.com  : dns lookups (eventually)
proxy.example.com: privoxy proxy server (or better?) - eventually


----------



## graudeejs (Mar 9, 2010)

killasmurf86 said:
			
		

> Preparing system
> ....
> [red]Everything below will be executed in jail[/red]
> ....





			
				killasmurf86 said:
			
		

> [red]This section should be done on host system, not in jail {at least I did this on host}[/red]
> 
> Install and configure spamd (common)
> ....



Did you miss ^^^ 

Yes, having postfix on host system, has some advantages, that I discovered later.
I wanted all jails to send daily messages to postfix jail, host couldn't do it, because it had ip alias which matched destination  then I moved postfix, dovecot and postgresql to host (I have single server)
However I'll probably move postgresql back to jail later.

Bare with me, I'm new to this. This is my first mailserver configuration 
I gained a lot of knowledge while doing this, however there are still many things I don't know, especially related to security.


----------



## osx-addict (Mar 9, 2010)

Thanks for the update.. I did see the few notes about what was in jails but was looking for something (perhaps at the top) outlining the game plan (e.g. host + 4 jails with what is in each jail) or similar.. 

Are you interested in fixing typo's?  There are a handful of places with typos such as the portmaster line for nginx (which says something like "portmaster ngnix" instead of "portmaster nginx")... I've also got an issue with one of the Dovecot SQL files with it complaining about the 'host' line not being recognized.. I've got to look into that further.

In my older FreeBSD 7.1 setup I had a jailed mail server with sendmail and the rest of what you've got (dovecot, spamd,excluding roundcube which was in an Apache jail) and all jails were able to talk to one another w/o any issues.  I did have to install something from the mail tools area to forward outgoing messages to my jailed sendmail as I couldn't get the other minimal (e.g. host) sendmail to behave for this sort of 'forward' config...  I don't recall what tool it was though. I'll have to look when I'm home later if there's interest, although postfix can probably be configured to do that.

I would not put roundcube (or any other PHP based site) outside of a jailed environment.. I've had one break-in due to an issue that was discovered last year (in roundcube) before I ran FreeBSD (was on Linux at the time) and a rootkit was installed and .... (you get the picture).. PHP scripts are what I'm scared most about -- they're an easy back door into a system to take control..


----------



## graudeejs (Mar 9, 2010)

Thanks for info, Yes, I'm more than interested in fixing typos, problems etc


----------



## DutchDaemon (Mar 9, 2010)

[ but please use PM for that! ]


----------



## osx-addict (Mar 10, 2010)

Ok.. So I got this setup yesterday on my FreeBSD 8-stable system in the following configuration :

host    : example.com
  jail1 : db.example.com (PostgreSQL 8.4 server)
  jail2 : smtp.example.com (Postfix, Dovecot, SpamAssassin, ClamAV -- no Spamd or PF)

I've skipped for now RoundCube and NGIx since I'll leave that for a later chapter once the main mail server is up and running as expected. I had to tweak the SQL a bit to make PostgreSQL happy with it (I dropped a note to KAS about this a bit ago so he can update the thread).  I'll admit right now that I had some issues with the Postfix config files -- primarily master.cf.  Initially Postfix was complaining about the stuff at the end but after a bit of googling around I found I had a line in the wrong place and moved it -- I believe in the end I disabled the 'scan' line that drives SpamAssassin..  Below are the offending lines from my files for reference :

First file : main.cf (comments removed for brevity sake)

```
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
myhostname = smtp.example.com
mydomain = example.com
unknown_local_recipient_reject_code = 550
mynetworks_style = host
debug_peer_level = 2
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = /usr/local/share/doc/postfix
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = /usr/local/share/doc/postfix
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_unauth_pipelining,
  reject_invalid_hostname,
  reject_rbl_client bl.spamcop.net

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks

virtual_mailbox_base = /mail
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_maps.cf
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_domains.cf
virtual_alias_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_alias_maps.cf
local_recipient_maps = $virtual_mailbox_maps
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes

virtual_uid_maps = static:26
virtual_gid_maps = static:6

virtual_transport = dovecot

smtpd_delay_reject = yes
smtpd_helo_required = yes


broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous


smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

mydestination = localhost.$mydomain, localhost
relay_domains = pgsql:/usr/local/etc/postfix/pgsql_relay_domains.cf
```

Now for master.cf (again, no comments):

```
smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamassassin
#               content_filter = scan:[10.0.1.4]:10025
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

spamassassin unix  -       n       n       -       -       pipe
   user=nobody argv=/usr/local/bin/spamc -u mailnull -d 10.0.1.4 -e /usr/local/sbin/sendmail -oi -f ${sender} ${recipient}

dovecot    unix -        n       n       -       -       pipe
  flags=DRhu user=mailnull:mail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}

scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes
        -o smtp_enforce_tls=no

10.0.1.4:10026 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=smtp.example.com
```


Postfix is fine with this config -- no complaints. However, when started it accepts incoming connections and doesn't appear to do anything with them.. Below is a snippet of the log data showing it running for 3 minutes -- 'top' showed no signs of life from clamav, SpamAssassin or anything else during this period.. Did I miss something -- perhaps related to the lack of running PF + Spamd (the greylisting part)?  One thing I need to do is change the IP of the mail jail temporarily to allow me to diagnose these problems -- as soon as I start Postfix, I had about 5 connections within about 3 seconds.. All connections are routed to port 10.0.1.4 from my Cisco router -- if I tell it to use something else then I can diagnose in a less stressed (for me) environment.. 


```
Mar 10 00:46:12 smtp postfix/master[12633]: daemon started -- version 2.7.0, configuration /usr/local/etc/postfix
Mar 10 00:46:13 smtp postfix/smtpd[12636]: connect from unknown[210.245.11.52]
Mar 10 00:46:28 smtp postfix/smtpd[12640]: connect from snt0-omc2-s7.snt0.hotmail.com[65.55.90.82]
Mar 10 00:46:35 smtp postfix/smtpd[12642]: connect from n49d.bullet.mail.sp1.yahoo.com[66.163.169.175]
Mar 10 00:46:43 smtp postfix/smtpd[12643]: connect from n47d.bullet.mail.sp1.yahoo.com[66.163.169.173]
Mar 10 00:46:43 smtp postfix/smtpd[12644]: connect from n47a.bullet.mail.sp1.yahoo.com[66.163.168.141]
Mar 10 00:47:01 smtp postfix/smtpd[12652]: connect from snt0-omc4-s4.snt0.hotmail.com[65.55.90.207]
Mar 10 00:47:53 smtp postfix/smtpd[12657]: connect from e227.en25.com[209.167.231.227]
Mar 10 00:48:10 smtp postfix/smtpd[12659]: connect from dcs-maillist.cs.uiuc.edu[128.174.252.7]
Mar 10 00:48:36 smtp postfix/smtpd[12664]: connect from bay0-omc2-s16.bay0.hotmail.com[65.54.190.91]
Mar 10 00:49:03 smtp postfix/smtpd[12671]: connect from n51c.bullet.mail.sp1.yahoo.com[66.163.168.185]
Mar 10 00:49:03 smtp postfix/smtpd[12670]: connect from bay0-omc1-s20.bay0.hotmail.com[65.54.190.31]
Mar 10 00:49:44 smtp postfix/postfix-script[12692]: stopping the Postfix mail system
Mar 10 00:49:44 smtp postfix/master[12633]: terminating on signal 15
```


----------



## halplus (Apr 10, 2010)

```
Apr 10 10:54:47 somehost dovecot: auth(default): prefetch(root@somehost.tld): userdb lookup not possible with only userdb prefetch
```

An idea?


----------



## graudeejs (Apr 10, 2010)

no clue. show config


----------



## dennylin93 (Apr 10, 2010)

It looks like you didn't configure userdb prefetch properly. Try taking a look at Prefetch User Database.

Also, do `# dovecot -n` if you want to paste Dovecot's configuration.


----------



## halplus (Apr 10, 2010)

This is the config


```
-- Config start ---------------------
# 1.2.10: /usr/local/etc/dovecot.conf
# OS: FreeBSD 7.0-RELEASE-p11 i386  ufs
protocols: imaps
ssl_cert_file: /etc/ssl/dovecot/cert.pem
ssl_key_file: /etc/ssl/dovecot/key.pem
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
verbose_proctitle: yes
first_valid_uid: 26
last_valid_uid: 26
first_valid_gid: 6
last_valid_gid: 6
mail_privileged_group: mail
mail_uid: mailnull
mail_gid: mail
mail_location: maildir:/mail/%d/%n
mail_plugins: quota imap_quota
imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
lda:
  postmaster_address: [email]postmaster@example.com[/email]
  sendmail_path: /usr/sbin/sendmail
  mail_plugins: quota
auth default:
  username_format: %Lu
  passdb:
    driver: sql
    args: /usr/local/etc/dovecot-sql.conf
  userdb:
    driver: prefetch
  socket:
    type: listen
    client:
      path: /var/run/dovecot/auth-client
      mode: 432
      user: postfix
      group: mail
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user: mailnull
      group: mail
plugin:
  quota: maildir:User quota
  quota_rule: *:storage=1GB
-- Config end ---------------------
```

I see some postmaster@example.com weirdness but i don't think that's the thing


I remember that when i installed postfix i got this (maybe that's related). 


```
somehost# chmod mailnull:mail /mail
chmod: invalid file mode: mailnull:mail
```

I honestly have no idea on what kind of permissions those softwares require and what you were trying to do.

I want to add a constructive coment about the tutorial. It is great and as i can see can be almost blindly followed but you forget at some points to explain what you are doing. I know i should RTFM but ok, my conectivity is incredibly limited (we pay 140 dollars for 80 hours of dialup internet conectivity) So every minute counts. Therefore manuals take unfortunately a second position.

I see that emails return and bounce back to the sender with an error that says something like the user is not existant. Like for instance if they weren't added to the database. HEre is a sample

-- sample start -------------

```
This is the mail system at host somehost.tld.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<root@somehost.tld>: user unknown
```
-- sample end -------------

Also i want to add that i didn't deployed inside a Jail and that i didn't installed a web server, php or roundcube. I am planning to use another solution, partially coded on my own.
What I installed so far is postgres + postfix + dovecot on top of Freebsd. (I landed in this great TUT becuse those where my choices). And i plan to add dkimproxy to sign messages. As a matters of fact i istalled it already but haven't configured postfix to use it, in order to not add extra configuration noise. I plan some time in the future to add spamassasin as you did, as well as clamav and maybe greylisting and SPF checking. But that is future polishment.


----------



## graudeejs (Apr 10, 2010)

halplus said:
			
		

> I remember that when i installed postfix i got this (maybe that's related).
> 
> 
> ```
> ...


That was bug in my thread, I fixed it.
It was supposed to be chown



			
				halplus said:
			
		

> I honestly have no idea on what kind of permissions those softwares require and what you were trying to do.


You obviously lack basic Unix knowledge



			
				halplus said:
			
		

> I want to add a constructive coment about the tutorial. It is great and as i can see can be almost blindly followed but you forget at some points to explain what you are doing. I know i should RTFM but ok, my conectivity is incredibly limited (we pay 140 dollars for 80 hours of dialup internet conectivity) So every minute counts. Therefore manuals take unfortunately a second position.


If I had like 48h / day, I'd be glad to provide extra details, but I have lot's and lot's of stuff to do for University, and currently my time is very limited.
Also, before you run your mail server you should understand how it works. Otherwise when problems occur, you won't be able to fix them on your own



			
				halplus said:
			
		

> I see that emails return and bounce back to the sender with an error that says something like the user is not existant. Like for instance if they weren't added to the database. HEre is a sample
> 
> -- sample start -------------
> 
> ...


Maybe this is because you didn't `# chown mailnull:mail /mnt` see Update section


----------



## graudeejs (Apr 10, 2010)

show /usr/local/etc/dovecot-sql.conf


----------



## halplus (Apr 11, 2010)

> You obviously lack basic Unix knowledge


I don't think that dovecot configuration can be considered "Basic Unix Knowledge". 

When I said "those softwares" I meant dovecot and postfix not chmod which is only one . (Unless i am a supergenious and tried to let you realize by yourself that i knew that we were talking about chown too  in wich case we could say "those" so with that word i manipulated your head into thinking that, so you then could say that you made a mistake on your own without me having you to tell you). I just tried that line, saw that was wrong and didn't recognized that it was supposed to be chown. Simple. That kind of stuff happens when you work under heavy pressure during 5 hours the entire night because over the day the poor line couples with your neighbor and when she speaks (lots of sh..) takes down your connection which of course is not nice when you work with root in a server on the other side of the sea and you really don't want to break it. In any case we won a better tutorial. Now is fixed! Right?




> If I had like 48h / day, I'd be glad to provide extra details, but I have lot's and lot's of stuff to do for University, and currently my time is very limited.



Well was just an idea, since i saw that you solicited opinions. And don't worry I studied computer science too, so I know what you mean. I remember the discrete Math teacher was a Nazi that putted Informatics Olympiad questions in the final tests. "Ahh.. they are so easy" pretending he was the smartest ass. Used to say "see... trivial". (yes well now that you see the proof couldn't be easier) Jaj, some students were smarter and nobody left the room before 8 hours in the test. I think i would love to see him doing one of those tests sweating a lot and telling everyone "see... trivial" with a blank page while we think "sure let's see if you can do what we could". Ajajajajja.




> Also, before you run your mail server you should understand how it works. Otherwise when problems occur, you won't be able to fix them on your own.



Nahh I plan to drop all of the software over time and write highly scalable java based alternatives 
with reduced complexity and also store mail directly inside the database (whether conventional database on top of distributed cluster in async multimaster mode or hbase on top of hadoop), and not in those mbox or the other non_portable_outside_unix_non_scalable standard. Anyway right now i need this thingie. I am not that big and is likely to take a while before I conquer the entire planet/universe and beat yahoo mail and gmail . By then they will be so poor and i will have so many billions stolen from them that I will not care to hand you a few to fix such a little thing for me . Just joking around. I believe that i will be able. Right now i need to cancel the debt, i still do not take down yahoo .




> Maybe this is because you didn't # chown mailnull:mail /mnt see Update section



I believe you mean /mail. No, that made no difference at all. Is something else. I think dovecot is not properly configured or something.


Another thing. It seems to me that you changed email storage from /var/mail to /mail right? Any specific purpose on that? I want to take things back there instead of showing in root dir, i simply don't want to add extra noise ATM.




> show /usr/local/etc/dovecot-sql.conf





```
somehost# cat /usr/local/etc/dovecot-sql.conf

... (comments)

driver = pgsql
connect = host=/tmp dbname=mail user=dovecot password=SOMEPASSWORD
default_pass_scheme = PLAIN-MD5

password_query = \
  SELECT username, domain, password, '*:bytes=' || quota || 'M' AS userdb_quota_
rule \
  FROM mailbox WHERE username = '%n' AND domain = '%d' AND active = true
somehost#
```

I don't see user_query or tables with userdb_ prefixes or uids and gids like in

http://wiki.dovecot.org/UserDatabase/Prefetch

Here http://wiki.dovecot.org/AuthDatabase/SQL you can read:



> If you're using a single UID and GID for all users, you can use a SQL query such as:
> 
> user_query = SELECT 500 AS uid, 500 AS gid, home FROM users WHERE userid = '%n'



seems to me that's the way should be done since i do not have such users in my system therefore no uid or gid.

so i added in dovecot-sql.conf (and the consequent line in dovecot.conf) this line:


```
user_query = SELECT username,26 AS uid,6 AS gid FROM mailbox WHERE username = '%n'
```

However now i am getting this:

```
Apr 11 12:15:48 somehost dovecot: deliver(root@somehost.tld): msgid<400669.91433.qm@web65702.mail.ac4.yahoo.com>: saved mail to INBOX
...
Apr 11 12:26:34 somehost dovecot: imap-login: Aborted login (auth failed, 4 attempts): user=<root>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
```

Note that i haven't added any userdb_ prefix. However i don't know exactly how i should do that if ever.


----------



## BeastieBoy (Jun 27, 2010)

Excellent tutorial!

And you did well not to get into the details as they belong into other threads.

Concerning the Postgresql post initialization, I got the following message:


> Success. You can now start the database server using:
> 
> 
> ```
> ...


----------



## BeastieBoy (Jun 27, 2010)

I think you're missing some Postgresql details. This database is a beast, and knowing how to configure it, create users, databases is important. Just to "to get started" command should be enough.


----------



## BeastieBoy (Jun 27, 2010)

Oh and for god sake, remove these stupid echo and cat /etc/rc.conf statements! They are too dangerous!


----------



## graudeejs (Jun 27, 2010)

Thanks for feedback...
I'll try to fix this tomorrow..... if I can [lately I have problems posting to forum]
If I can't I will ask mods to fix this for me


----------



## graudeejs (Jun 27, 2010)

BeastieBoy said:
			
		

> Concerning the Postgresql post initialization, I got the following message:
> 
> Your /usr/local/etc/rc.d/postgresql start does work, I was just wondering why your command is different from what's output?



Not sure right now... cause lot of time have passed, and I did many things diferently each time I rebuild system 

Also I wrote this tutorial, after I actually implemented everything, and I tried to keep it generic, so no wonder some things may be incorrect... but at least I think it's a good starting point... [at least every time I need, I look for help here  ]


----------



## BeastieBoy (Jul 4, 2010)

I can't edit dovecot's configuration file, by default its rights are set to -r--r--r--, why is that?


----------



## dennylin93 (Jul 4, 2010)

Did you copy the file from dovecot-example.conf? Change the permissions to 644 using chmod().


----------



## graudeejs (Jul 4, 2010)

If you use vim or vi to save it you can use *:w!*


----------



## BeastieBoy (Jul 5, 2010)

In the configuration of dovecot, in the socket listen { ... }, you specify a client path in /var/run/dovecot/auth-client, but I think it's wrong, it should be in /var/spool/postfix/private, because user postfix cannot create a file under /var/run/dovecot unless I missed a step.


----------



## graudeejs (Jul 5, 2010)

BeastieBoy said:
			
		

> In the configuration of dovecot, in the socket listen { ... }, you specify a client path in /var/run/dovecot/auth-client, but I think it's wrong, it should be in /var/spool/postfix/private, because user postfix cannot create a file under /var/run/dovecot unless I missed a step.



in postifx /usr/local/etc/main.cf I have

```
smtpd_sasl_path = /var/run/dovecot/auth-client
```

and it works.... {I'm not chrooting.... Probably will fix this one day}


----------



## BeastieBoy (Sep 4, 2010)

Hi,

I decided to add support for smtps. And guess what, ItFailsâ„¢.

imaps connection works so I think I'm not too far from getting it to work.

Here is what I have got in /var/log/maillog:

```
postfix/smtpd[16773]: SSL_accept error from ...
```

Any idea what could cause that? The error isn't very verbose.


----------



## graudeejs (Sep 4, 2010)

check in main.cf

```
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
```

in master.cf

```
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o message_size_limit=26214400
```

maybe you're missing something important 

also check file permissions on your certificate


----------



## BeastieBoy (Sep 4, 2010)

Speaking about certificate. For imaps access I get an annoying warning message about a self-signed certificate. How to get rid of that? Do you have that problem too?


----------



## graudeejs (Sep 5, 2010)

well, you can either pay some trusted authority to sign it for you

https://www.startssl.com/ offers free signing of certificates (but I haven't read license terms)

I import my certificate to apps (opera for example [using opera M2 mail client])
after that there is no annoying message about self-signed certificates


----------



## kpa (Sep 5, 2010)

Or create your own CA and sign your application certificates yourself


----------



## graudeejs (Sep 5, 2010)

kpa said:
			
		

> Or create your own CA and sign your application certificates yourself



Which will


			
				BeastieBoy said:
			
		

> For imaps access I get an annoying warning message about a self-signed certificate. How to get rid of that? Do you have that problem too?


----------



## kpa (Sep 5, 2010)

Well that's self signed too but in a different way. If you have your own CA you'll have to import  only one certificate to applications, the CA certificate. Certificates signed by your CA will be then automatically trusted.


----------



## ikbendeman (Oct 13, 2010)

killasmurf86 said:
			
		

> ```
> # cat < EOF >> [file]/boot/loader.conf[/file]
> kern.ipc.semmni=40
> kern.ipc.semmns=240
> ...



I believe the correct syntax for loader.conf should be 
	
	



```
kern.ipc.semmni="40"
```
 and the correct syntax for sysctl.conf would be 
	
	



```
kern.ipc.semmni=40
```
e.g:

```
# loader.conf
kern.ipc.semmni="40"
# sysctl.conf
kern.ipc.semmns=240
```

If I am wrong, somebody please correct me but I remember having problems with this because loader.conf wouldn't accept the sysctl.conf syntax.


----------



## graudeejs (Oct 13, 2010)

Works fine for me on my server


----------



## ikbendeman (Oct 14, 2010)

Read loader.conf(5) and check sysctl to see that those values are actually being inputed. I'm curious because on my laptop, in 7.0 it worked like that at setting up the synaptics touchpad via sysctl values in loader.conf worked but when going to 8.0 it gave me error messages until I switched to the SETTING="VALUE" format.


----------



## graudeejs (Oct 15, 2010)

I checked values on server, they are correct


----------



## ikbendeman (Oct 15, 2010)

Huh, interesting. Sorry then!


----------



## buttmanizer (Jan 20, 2011)

I have followed this tutorial, except that i skipped Nginx (I prefer Apache) and Roundcube.

When i boot my server, I have this message:


```
Jan 20 22:22:08 lexie root: /etc/rc: WARNING: failed to start obspamd
Jan 20 22:22:08 lexie kernel: em0: link state changed to UP
Jan 20 22:22:08 lexie spamlogd: Failed to initialize: 
Jan 20 22:22:08 lexie root: /etc/rc: WARNING: failed to start obspamlogd
```

I can't receive and send emails. I hope you can point me to the right direction.

When sending an email from Gmail to my mail server, here's the log:


```
Jan 20 22:38:38 lexie postfix/smtpd[1741]: connect from mail-qw0-f41.google.com[209.85.216.41]
...
...
Jan 20 22:40:47 lexie spamd[1070]: spamd: clean message (-0.8/4.0) for mailnull:26 in 4.5 seconds, 9631 bytes. 
Jan 20 22:40:47 lexie spamd[1070]: spamd: result: . 0 - 
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,T_TO_NO_BRKTS_FREEMAIL 
scantime=4.5,size=9631,user=mailnull,uid=26,required_score=4.0,rhost=localhost,raddr=127.0.0.1,rport=/var/run/SpamAssassin.socket,mid=
<ACDD3496-A5EE-453E-989F-88AF6CBCB99E@gmail.com>,autolearn=unavailable 
Jan 20 22:40:47 lexie postfix/pipe[1751]: 308EB3D1BBC: to=<me@mydomain.com>, relay=spamassassin, delay=4.6, delays=0.11/0/0/4.5, dsn=2.0.0, 
status=sent (delivered via spamassassin service)
Jan 20 22:40:47 lexie postfix/pickup[1244]: CCEDD3D1BC2: uid=65534 from=<me@gmail.com>
Jan 20 22:40:47 lexie postfix/qmgr[1245]: 308EB3D1BBC: removed
Jan 20 22:40:47 lexie postfix/cleanup[1749]: CCEDD3D1BC2: message-id=<ACDD3496-A5EE-453E-989F-88AF6CBCB99E@gmail.com>
Jan 20 22:40:47 lexie postfix/qmgr[1245]: CCEDD3D1BC2: from=<me@gmail.com>, size=9922, nrcpt=1 (queue active)
Jan 20 22:40:47 lexie clamsmtpd: 10002D: accepted connection from: 192.168.0.121
Jan 20 22:40:47 lexie postfix/smtpd[1741]: connect from localhost[192.168.0.121]
Jan 20 22:40:47 lexie spamd[1069]: prefork: child states: II 
Jan 20 22:40:47 lexie postfix/smtpd[1741]: E795F3D1BBC: client=localhost[192.168.0.121]
Jan 20 22:40:48 lexie clamsmtpd: 10002D: from=me@gmail.com, to=me@mydomain.com, status=CLEAN
Jan 20 22:40:48 lexie postfix/smtp[1757]: CCEDD3D1BC2: to=<me@mydomain.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22, 
delays=0.01/0/0.1/0.11, dsn=5.4.0, status=bounced (host 192.168.0.121[192.168.0.121] said: 554 5.4.0 Error: too many hops (in reply to end of 
DATA command))
Jan 20 22:40:48 lexie postfix/smtpd[1741]: disconnect from localhost[192.168.0.121]
Jan 20 22:40:48 lexie postfix/cleanup[1749]: 103C43D1BBE: message-id=<20110120144048.103C43D1BBE@jjjsoftware.com>
Jan 20 22:40:48 lexie postfix/bounce[1851]: CCEDD3D1BC2: sender non-delivery notification: 103C43D1BBE
Jan 20 22:40:48 lexie postfix/qmgr[1245]: 103C43D1BBE: from=<>, size=11778, nrcpt=1 (queue active)
Jan 20 22:40:48 lexie postfix/qmgr[1245]: CCEDD3D1BC2: removed
Jan 20 22:40:48 lexie postfix/qmgr[1245]: warning: connect to transport private/smtp: Connection refused
Jan 20 22:40:48 lexie postfix/error[1855]: 103C43D1BBE: to=<me@gmail.com>, relay=none, delay=0.03, delays=0/0.02/0/0.01, dsn=4.3.0, 
status=deferred (mail transport unavailable)
Jan 20 22:42:11 lexie dovecot: imap-login: Disconnected (no auth attempts): rip=this.is.my.ip, lip=192.168.0.121, TLS handshaking: Disconnected
Jan 20 22:42:11 lexie dovecot: imap-login: Disconnected (no auth attempts): rip=this.is.my.ip, lip=192.168.0.121, TLS handshaking: Disconnected
Jan 20 22:42:12 lexie dovecot: auth(default): new auth connection: pid=1871
Jan 20 22:42:12 lexie dovecot: auth(default): new auth connection: pid=1872
Jan 20 22:42:34 lexie postfix/qmgr[1245]: AE6353D1B96: from=<>, size=11773, nrcpt=1 (queue active)
Jan 20 22:42:34 lexie postfix/qmgr[1245]: warning: connect to transport private/smtp: Connection refused
Jan 20 22:42:34 lexie postfix/qmgr[1245]: AA56C3D1B98: from=<>, size=11789, nrcpt=1 (queue active)
Jan 20 22:42:34 lexie postfix/error[1879]: AE6353D1B96: to=<me@gmail.com>, relay=none, delay=17366, delays=17366/0.04/0/0.01, dsn=4.3.0, 
status=deferred (mail transport unavailable)
Jan 20 22:42:34 lexie postfix/error[1880]: AA56C3D1B98: to=<me@gmail.com>, relay=none, delay=17362, delays=17362/0.02/0/0, dsn=4.3.0, 
status=deferred (mail transport unavailable)
Jan 20 22:44:11 lexie postfix/anvil[1742]: statistics: max connection rate 1/60s for (smtp:209.85.216.41) at Jan 20 22:38:38
Jan 20 22:44:11 lexie postfix/anvil[1742]: statistics: max connection count 1 for (smtp:209.85.216.41) at Jan 20 22:38:38
Jan 20 22:44:11 lexie postfix/anvil[1742]: statistics: max cache size 1 at Jan 20 22:38:38
```

I alse have these errors:

```
egrep '(warning|error|fatal|panic):' /var/log/maillog | more
Jan 20 15:20:19 lexie postfix[30394]: fatal: myhostname and relayhost parameter settings must not be identical: mail.mydomain.com
Jan 20 15:48:02 lexie postfix/sendmail[35019]: fatal: myhostname and relayhost parameter settings must not be identical: mydomain.com
Jan 20 16:10:39 lexie postfix[1131]: fatal: myhostname and relayhost parameter settings must not be identical: mydomain.com
Jan 20 16:17:06 lexie postfix/qmgr[1534]: warning: connect to transport private/smtp: Connection refused
Jan 20 16:17:08 lexie postfix/trivial-rewrite[1535]: warning: do not list domain mydomain.com in BOTH virtual_mailbox_domains and relay_domains
Jan 20 16:17:08 lexie postfix/trivial-rewrite[1535]: warning: do not list domain mydomain.com in BOTH virtual_mailbox_domains and relay_domains
Jan 20 16:26:50 lexie postfix/qmgr[1240]: warning: connect to transport private/smtp: Connection refused
Jan 20 16:40:17 lexie postfix/qmgr[1240]: warning: connect to transport private/smtp: Connection refused
Jan 20 16:53:40 lexie postfix/smtpd[1494]: warning: [i]www.mydomain.com[/i][this.is.my.ip]: SASL PLAIN authentication failed:
```

Here's my postconf -n:


```
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = scan:[192.168.0.121]:10025
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
default_privs = nobody
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
local_recipient_maps = $virtual_mailbox_maps
mail_owner = postfix
mail_spool_directory = /var/home/mail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost.$mydomain, localhost
mydomain = mydomain.com
myhostname = mydomain.com
mynetworks = 192.168.0.0/24, 127.0.0.0/8
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = pgsql:/usr/local/etc/postfix/pgsql_relay_domains.cf
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,  permit_sasl_authenticated,  reject_non_fqdn_hostname,  reject_non_fqdn_sender,  
reject_non_fqdn_recipient,  reject_unauth_destination,  reject_unauth_pipelining,  reject_invalid_hostname,  reject_rbl_client bl.spamcop.net
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_alias_maps.cf
virtual_gid_maps = static:6
virtual_mailbox_base = /mail
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_domains.cf
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:26
```

Here's my dovecot -n:

```
dovecot -n
# 1.2.16: /usr/local/etc/dovecot.conf
# OS: FreeBSD 8.1-RELEASE amd64  ufs
protocols: imaps
ssl_cert_file: /etc/ssl/dovecot/cert.pem
ssl_key_file: /etc/ssl/dovecot/key.pem
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
verbose_proctitle: yes
first_valid_uid: 26
last_valid_uid: 26
first_valid_gid: 6
last_valid_gid: 6
mail_privileged_group: mail
mail_uid: mailnull
mail_gid: mail
mail_location: maildir:/mail/%d/%n
mail_plugins: quota imap_quota
imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
lda:
  postmaster_address: postmaster@mydomain.com
  mail_plugins: quota
  sendmail_path: /usr/sbin/sendmail
auth default:
  username_format: %Lu
  verbose: yes
  debug_passwords: yes
  passdb:
    driver: sql
    args: /usr/local/etc/dovecot-sql.conf
  userdb:
    driver: prefetch
  socket:
    type: listen
    client:
      path: /var/run/dovecot/auth-client
      mode: 432
      user: postfix
      group: mail
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user: mailnull
      group: mail
plugin:
  quota: maildir:User quota
  quota_rule: *:storage=1GB
```


----------



## graudeejs (Jan 20, 2011)

remove *relay_domains*
It is not needed (I edited postix part and commented out relay_domains)
See what changes


----------



## graudeejs (Jan 20, 2011)

About spamd:

```
# touch /var/db/spamd
# chown _spamd:_spamd
```

Did that fix the problem?


----------



## buttmanizer (Jan 21, 2011)

I commented out relay_domains, and chowned /var/db/spamd to _spamd.

After rebooting, I still have this error:

```
Starting obspamd.
spamd: bind: Can't assign requested address
/etc/rc: WARNING: failed to start obspamd
Starting obspamlogd.
spamlogd: couldn't initialize pcap: Device not configured
/etc/rc.conf: WARNING: failed to start obspamlogd
```

When sending email from Gmail to my mail, it's the same log from my previous post. And these:

```
...
Jan 21 08:29:23 lexie postfix/qmgr[1250]: warning: connect to transport private/smtp: Connection refused
Jan 21 08:29:23 lexie postfix/error[1576]: C528A3D1BC2: to=<me@gmail.com>, relay=none, delay=0.05, delays=0/0.04/0/0.01, dsn=4.3.0, 
status=deferred (mail transport unavailable)
```


----------



## graudeejs (Jan 21, 2011)

Did you run this test with spamd enabled or disabled? and did you adjust firewall rules.
The problem is, that both postfix and spamd don't work. And we can't figure about which one prevents mail from getting to your mailbox.

Right now, I suggest you disable your spamd if it was enabled, and adjust your firewall rules, so that your mail is passed straight to postfix.

Then send test mail.... and see what happens. Once we get postfix to work, we can fix spamd


----------



## buttmanizer (Jan 21, 2011)

I removed obspamlogd from /etc/rc.conf and when I reboot, the error of starting obspamlogd no longer appears.

However, I still can't send an email from GMail to my mail server. Here's the end of the log:

```
Jan 21 22:45:46 lexie postfix/pickup[1235]: 798143D1BCB: uid=65534 from=<me@gmail.com>
Jan 21 22:45:46 lexie postfix/qmgr[1236]: 8652E3D1BC5: removed
Jan 21 22:45:46 lexie postfix/cleanup[1526]: 798143D1BCB: message-id=<971FF512-AAB8-43F2-8413-691189C2F0D2@gmail.com>
Jan 21 22:45:46 lexie postfix/qmgr[1236]: 798143D1BCB: from=<me@gmail.com>, size=9580, nrcpt=1 (queue active)
Jan 21 22:45:46 lexie clamsmtpd: 100015: accepted connection from: 192.168.0.121
Jan 21 22:45:46 lexie postfix/smtpd[1517]: connect from localhost[192.168.0.121]
Jan 21 22:45:46 lexie spamd[1059]: prefork: child states: II 
Jan 21 22:45:46 lexie postfix/smtpd[1517]: 942863D1BC5: client=localhost[192.168.0.121]
Jan 21 22:45:46 lexie postfix/cleanup[1526]: 942863D1BC5: message-id=<971FF512-AAB8-43F2-8413-691189C2F0D2@gmail.com>
Jan 21 22:45:46 lexie clamsmtpd: 100015: from=me@gmail.com, to=me@mydomain.com, status=CLEAN
Jan 21 22:45:46 lexie postfix/smtp[1544]: 798143D1BCB: to=<me@mydomain.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22, 
delays=0.01/0/0.1/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 942863D1BC5)
Jan 21 22:45:46 lexie postfix/smtpd[1517]: disconnect from localhost[192.168.0.121]
Jan 21 22:45:46 lexie postfix/qmgr[1236]: 942863D1BC5: from=<me@gmail.com>, size=9807, nrcpt=1 (queue active)
Jan 21 22:45:46 lexie postfix/qmgr[1236]: 798143D1BCB: removed
Jan 21 22:45:46 lexie spamd[1060]: spamd: got connection over /var/run/SpamAssassin.socket 
Jan 21 22:45:46 lexie spamd[1060]: spamd: setuid to mailnull succeeded 
Jan 21 22:45:46 lexie spamd[1060]: spamd: processing message <971FF512-AAB8-43F2-8413-691189C2F0D2@gmail.com> for mailnull:26 
Jan 21 22:45:51 lexie spamd[1060]: spamd: clean message (-0.8/4.0) for mailnull:26 in 5.2 seconds, 9630 bytes. 
Jan 21 22:45:51 lexie spamd[1060]: spamd: result: . 0 - 
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,T_TO_NO_BRKTS_FREEMAIL 
scantime=5.2,size=9630,user=mailnull,uid=26,required_score=4.0,rhost=localhost,raddr=127.0.0.1,rport=/var/run/SpamAssassin.socket,mid=
<971FF512-AAB8-43F2-8413-691189C2F0D2@gmail.com>,autolearn=unavailable 
Jan 21 22:45:51 lexie postfix/pipe[1528]: 942863D1BC5: to=<me@mydomain.com>, relay=spamassassin, delay=5.4, delays=0.11/0/0/5.3, dsn=2.0.0, 
status=sent (delivered via spamassassin service)
Jan 21 22:45:51 lexie postfix/pickup[1235]: EC5D63D1BCB: uid=65534 from=<me@gmail.com>
Jan 21 22:45:51 lexie postfix/qmgr[1236]: 942863D1BC5: removed
Jan 21 22:45:51 lexie postfix/cleanup[1526]: EC5D63D1BCB: message-id=<971FF512-AAB8-43F2-8413-691189C2F0D2@gmail.com>
Jan 21 22:45:51 lexie postfix/qmgr[1236]: EC5D63D1BCB: from=<me@gmail.com>, size=9922, nrcpt=1 (queue active)
Jan 21 22:45:51 lexie clamsmtpd: 100016: accepted connection from: 192.168.0.121
Jan 21 22:45:51 lexie postfix/smtpd[1545]: connect from localhost[192.168.0.121]
Jan 21 22:45:51 lexie spamd[1059]: prefork: child states: II 
Jan 21 22:45:52 lexie postfix/smtpd[1545]: 12C823D1BC5: client=localhost[192.168.0.121]
Jan 21 22:45:52 lexie clamsmtpd: 100016: from=me@gmail.com, to=me@mydomain.com, status=CLEAN
Jan 21 22:45:52 lexie postfix/smtp[1544]: EC5D63D1BCB: to=<me@mydomain.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22, 
delays=0.01/0/0.1/0.11, dsn=5.4.0, status=bounced (host 192.168.0.121[192.168.0.121] said: 554 5.4.0 Error: too many hops (in reply to end of 
DATA command))
Jan 21 22:45:52 lexie postfix/smtpd[1545]: disconnect from localhost[192.168.0.121]
Jan 21 22:45:52 lexie postfix/cleanup[1526]: 2F8FE3D1BC7: message-id=<20110121144552.2F8FE3D1BC7@jjjsoftware.com>
Jan 21 22:45:52 lexie postfix/bounce[1629]: EC5D63D1BCB: sender non-delivery notification: 2F8FE3D1BC7
Jan 21 22:45:52 lexie postfix/qmgr[1236]: 2F8FE3D1BC7: from=<>, size=11778, nrcpt=1 (queue active)
Jan 21 22:45:52 lexie postfix/qmgr[1236]: EC5D63D1BCB: removed
Jan 21 22:45:52 lexie postfix/qmgr[1236]: warning: connect to transport private/smtp: Connection refused
Jan 21 22:45:52 lexie postfix/error[1632]: 2F8FE3D1BC7: to=<me@gmail.com>, relay=none, delay=0.03, delays=0/0.02/0/0.01, dsn=4.3.0, 
status=deferred (mail transport unavailable)
```

I also have not modified my firewall firewall rules yet. Can you show me how to do this?

Thanks a lot.


----------



## graudeejs (Jan 21, 2011)

So your domain name is *mydomain.com*, Is that true? (did you just set it, or did you paid for it?)
And the box is behind router?


----------



## buttmanizer (Jan 22, 2011)

Of course not. I just substituted it for my real domain. Actually my real domain is jjjsoftware.com.

Yes my server is behind a router, an Apple Airport Extreme Base Station. I have opened up ports 993 and and 25, even 10025.

I have also setup an MX record for mail.jjjsoftware.com in my domain registrar's control panel.



			
				killasmurf86 said:
			
		

> [red]This section should be done on host system, not in jail {at least I did this on host}[/red]
> ...
> *enable and configure pf* { this one you figure out yourself  }
> ...



Can you teach me how to do this? I have not edited my /etc/pf.conf except your instructions for spamd.

Again thanks a lot for helping me.


----------



## graudeejs (Jan 22, 2011)

That color hurts eyes. For file/directory names use file tags.



			
				buttmanizer said:
			
		

> Can you teach me how to do this? I have not edited my /etc/pf.conf except your instructions for spamd.



No, this is out of scope... it's HUGE topic.
But, hey here's pf(4) and http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html

Also in I've got some info about setting up spamd in resources section


----------



## buttmanizer (Jan 24, 2011)

Oks now I have enabled pf as you described, except the whitelisting part.

But again when test sending from GMail to my mail server, here's the error:


```
...
Jan 24 11:49:43 lexie postfix/cleanup[66420]: 2EEF33D1D1D: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:43 lexie postfix/qmgr[25768]: 2EEF33D1D1D: from=<root@jjjsoftware.com>, size=7920, nrcpt=1 (queue active)
Jan 24 11:49:43 lexie clamsmtpd: 10074D: accepted connection from: 192.168.0.121
Jan 24 11:49:43 lexie postfix/smtpd[66431]: connect from localhost[192.168.0.121]
Jan 24 11:49:43 lexie spamd[1059]: prefork: child states: II 
Jan 24 11:49:43 lexie postfix/smtpd[66431]: 4988B3D1BD9: client=localhost[192.168.0.121]
Jan 24 11:49:43 lexie postfix/cleanup[66420]: 4988B3D1BD9: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:43 lexie clamsmtpd: 10074D: from=root@jjjsoftware.com, to=jovito@jjjsoftware.com, status=CLEAN
Jan 24 11:49:43 lexie postfix/smtp[66430]: 2EEF33D1D1D: to=<jovito@jjjsoftware.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22, 
delays=0.01/0/0.1/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4988B3D1BD9)
Jan 24 11:49:43 lexie postfix/smtpd[66431]: disconnect from localhost[192.168.0.121]
Jan 24 11:49:43 lexie postfix/qmgr[25768]: 4988B3D1BD9: from=<root@jjjsoftware.com>, size=8147, nrcpt=1 (queue active)
Jan 24 11:49:43 lexie postfix/qmgr[25768]: 2EEF33D1D1D: removed
Jan 24 11:49:43 lexie spamd[51792]: spamd: got connection over /var/run/SpamAssassin.socket 
Jan 24 11:49:43 lexie spamd[51792]: spamd: setuid to mailnull succeeded 
Jan 24 11:49:43 lexie spamd[51792]: spamd: processing message <20110124034801.E5FF83D1BDB@jjjsoftware.com> for mailnull:26 
Jan 24 11:49:47 lexie spamd[51792]: spamd: clean message (-1.0/4.0) for mailnull:26 in 4.5 seconds, 7999 bytes. 
Jan 24 11:49:47 lexie spamd[51792]: spamd: result: . -1 - ALL_TRUSTED 
scantime=4.5,size=7999,user=mailnull,uid=26,required_score=4.0,rhost=localhost,raddr=127.0.0.1,rport=/var/run/SpamAssassin.socket,mid=
<20110124034801.E5FF83D1BDB@jjjsoftware.com>,autolearn=unavailable 
Jan 24 11:49:47 lexie postfix/pickup[66559]: E708E3D1D1D: uid=65534 from=<root@jjjsoftware.com>
Jan 24 11:49:47 lexie postfix/pipe[66538]: 4988B3D1BD9: to=<jovito@jjjsoftware.com>, relay=spamassassin, delay=4.6, delays=0.11/0/0/4.5, 
dsn=2.0.0, status=sent (delivered via spamassassin service)
Jan 24 11:49:47 lexie postfix/qmgr[25768]: 4988B3D1BD9: removed
Jan 24 11:49:47 lexie postfix/cleanup[66420]: E708E3D1D1D: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:47 lexie postfix/qmgr[25768]: E708E3D1D1D: from=<root@jjjsoftware.com>, size=8262, nrcpt=1 (queue active)
Jan 24 11:49:47 lexie clamsmtpd: 10074E: accepted connection from: 192.168.0.121
Jan 24 11:49:47 lexie postfix/smtpd[66411]: connect from localhost[192.168.0.121]
Jan 24 11:49:47 lexie spamd[1059]: prefork: child states: II 
Jan 24 11:49:48 lexie postfix/smtpd[66411]: 0DACD3D1BD9: client=localhost[192.168.0.121]
Jan 24 11:49:48 lexie postfix/cleanup[66420]: 0DACD3D1BD9: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:48 lexie clamsmtpd: 10074E: from=root@jjjsoftware.com, to=jovito@jjjsoftware.com, status=CLEAN
Jan 24 11:49:48 lexie postfix/smtp[66430]: E708E3D1D1D: to=<jovito@jjjsoftware.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22, 
delays=0.01/0/0.1/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 0DACD3D1BD9)
Jan 24 11:49:48 lexie postfix/smtpd[66411]: disconnect from localhost[192.168.0.121]
Jan 24 11:49:48 lexie postfix/qmgr[25768]: 0DACD3D1BD9: from=<root@jjjsoftware.com>, size=8489, nrcpt=1 (queue active)
Jan 24 11:49:48 lexie postfix/qmgr[25768]: E708E3D1D1D: removed
Jan 24 11:49:48 lexie spamd[51792]: spamd: got connection over /var/run/SpamAssassin.socket 
Jan 24 11:49:48 lexie spamd[51792]: spamd: setuid to mailnull succeeded 
Jan 24 11:49:48 lexie spamd[51792]: spamd: processing message <20110124034801.E5FF83D1BDB@jjjsoftware.com> for mailnull:26 
Jan 24 11:49:52 lexie spamd[51792]: spamd: clean message (-1.0/4.0) for mailnull:26 in 4.5 seconds, 8335 bytes. 
Jan 24 11:49:52 lexie spamd[51792]: spamd: result: . -1 - ALL_TRUSTED 
scantime=4.5,size=8335,user=mailnull,uid=26,required_score=4.0,rhost=localhost,raddr=127.0.0.1,rport=/var/run/SpamAssassin.socket,mid=
<20110124034801.E5FF83D1BDB@jjjsoftware.com>,autolearn=unavailable 
Jan 24 11:49:52 lexie postfix/pickup[66559]: AF5BB3D1D1D: uid=65534 from=<root@jjjsoftware.com>
Jan 24 11:49:52 lexie postfix/pipe[66423]: 0DACD3D1BD9: to=<jovito@jjjsoftware.com>, relay=spamassassin, delay=4.7, delays=0.11/0/0/4.6, 
dsn=2.0.0, status=sent (delivered via spamassassin service)
Jan 24 11:49:52 lexie postfix/cleanup[66420]: AF5BB3D1D1D: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:52 lexie postfix/qmgr[25768]: 0DACD3D1BD9: removed
Jan 24 11:49:52 lexie postfix/qmgr[25768]: AF5BB3D1D1D: from=<root@jjjsoftware.com>, size=8604, nrcpt=1 (queue active)
Jan 24 11:49:52 lexie clamsmtpd: 10074F: accepted connection from: 192.168.0.121
Jan 24 11:49:52 lexie postfix/smtpd[66431]: connect from localhost[192.168.0.121]
Jan 24 11:49:52 lexie spamd[1059]: prefork: child states: II 
Jan 24 11:49:52 lexie postfix/smtpd[66431]: CA0473D1BD9: client=localhost[192.168.0.121]
Jan 24 11:49:52 lexie postfix/cleanup[66420]: CA0473D1BD9: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:52 lexie clamsmtpd: 10074F: from=root@jjjsoftware.com, to=jovito@jjjsoftware.com, status=CLEAN
Jan 24 11:49:52 lexie postfix/smtp[66430]: AF5BB3D1D1D: to=<jovito@jjjsoftware.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22, 
delays=0.01/0/0.1/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as CA0473D1BD9)
Jan 24 11:49:52 lexie postfix/smtpd[66431]: disconnect from localhost[192.168.0.121]
Jan 24 11:49:52 lexie postfix/qmgr[25768]: CA0473D1BD9: from=<root@jjjsoftware.com>, size=8831, nrcpt=1 (queue active)
Jan 24 11:49:52 lexie postfix/qmgr[25768]: AF5BB3D1D1D: removed
Jan 24 11:49:52 lexie spamd[51792]: spamd: got connection over /var/run/SpamAssassin.socket 
Jan 24 11:49:52 lexie spamd[51792]: spamd: setuid to mailnull succeeded 
Jan 24 11:49:52 lexie spamd[51792]: spamd: processing message <20110124034801.E5FF83D1BDB@jjjsoftware.com> for mailnull:26 
Jan 24 11:49:57 lexie spamd[51792]: spamd: clean message (-1.0/4.0) for mailnull:26 in 4.5 seconds, 8671 bytes. 
Jan 24 11:49:57 lexie spamd[51792]: spamd: result: . -1 - ALL_TRUSTED 
scantime=4.5,size=8671,user=mailnull,uid=26,required_score=4.0,rhost=localhost,raddr=127.0.0.1,rport=/var/run/SpamAssassin.socket,mid=
<20110124034801.E5FF83D1BDB@jjjsoftware.com>,autolearn=unavailable 
Jan 24 11:49:57 lexie postfix/pickup[66559]: 735443D1D1D: uid=65534 from=<root@jjjsoftware.com>
Jan 24 11:49:57 lexie postfix/cleanup[66420]: 735443D1D1D: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:57 lexie postfix/pipe[66538]: CA0473D1BD9: to=<jovito@jjjsoftware.com>, relay=spamassassin, delay=4.6, delays=0.11/0/0/4.5, 
dsn=2.0.0, status=sent (delivered via spamassassin service)
Jan 24 11:49:57 lexie postfix/qmgr[25768]: CA0473D1BD9: removed
Jan 24 11:49:57 lexie postfix/qmgr[25768]: 735443D1D1D: from=<root@jjjsoftware.com>, size=8946, nrcpt=1 (queue active)
Jan 24 11:49:57 lexie clamsmtpd: 100750: accepted connection from: 192.168.0.121
Jan 24 11:49:57 lexie postfix/smtpd[66411]: connect from localhost[192.168.0.121]
Jan 24 11:49:57 lexie spamd[1059]: prefork: child states: II 
Jan 24 11:49:57 lexie postfix/smtpd[66411]: 8DF633D1BD9: client=localhost[192.168.0.121]
Jan 24 11:49:57 lexie clamsmtpd: 100750: from=root@jjjsoftware.com, to=jovito@jjjsoftware.com, status=CLEAN
Jan 24 11:49:57 lexie postfix/smtp[66430]: 735443D1D1D: to=<jovito@jjjsoftware.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22, 
delays=0.01/0/0.1/0.11, dsn=5.4.0, status=bounced (host 192.168.0.121[192.168.0.121] said: 554 5.4.0 Error: too many hops (in reply to end of DATA command))
Jan 24 11:49:57 lexie postfix/smtpd[66411]: disconnect from localhost[192.168.0.121]
Jan 24 11:49:57 lexie postfix/cleanup[66420]: A8E273D1C48: message-id=<20110124034957.A8E273D1C48@jjjsoftware.com>
Jan 24 11:49:57 lexie postfix/bounce[66593]: 735443D1D1D: sender non-delivery notification: A8E273D1C48
Jan 24 11:49:57 lexie postfix/qmgr[25768]: A8E273D1C48: from=<>, size=10799, nrcpt=1 (queue active)
Jan 24 11:49:57 lexie postfix/qmgr[25768]: 735443D1D1D: removed
Jan 24 11:49:57 lexie dovecot: auth(default): master in: USER	1	jovito@jjjsoftware.com	service=deliver
Jan 24 11:49:57 lexie dovecot: auth(default): prefetch(jovito@jjjsoftware.com): userdb lookup not possible with only userdb prefetch
Jan 24 11:49:57 lexie dovecot: auth(default): master out: NOTFOUND	1
Jan 24 11:49:57 lexie postfix/pipe[66706]: A8E273D1C48: to=<jovito@jjjsoftware.com>, orig_to=<root@jjjsoftware.com>, relay=dovecot, delay=0.05, 
delays=0/0.03/0/0.02, dsn=5.1.1, status=bounced (user unknown)
Jan 24 11:49:57 lexie postfix/qmgr[25768]: A8E273D1C48: removed
Jan 24 11:53:20 lexie postfix/anvil[66412]: statistics: max connection rate 1/60s for (smtp:74.125.83.41) at Jan 24 11:46:35
Jan 24 11:53:20 lexie postfix/anvil[66412]: statistics: max connection count 1 for (smtp:74.125.83.41) at Jan 24 11:46:35
Jan 24 11:53:20 lexie postfix/anvil[66412]: statistics: max cache size 1 at Jan 24 11:46:35
Jan 24 11:55:30 lexie postfix/qmgr[25768]: 6FFC33D1BDB: from=<>, size=11778, nrcpt=1 (queue active)
Jan 24 11:55:30 lexie postfix/qmgr[25768]: warning: connect to transport private/smtp: Connection refused
Jan 24 11:55:30 lexie postfix/error[66813]: 6FFC33D1BDB: to=<buttmanizer@gmail.com>, relay=none, delay=421, delays=421/0.03/0/0.01, dsn=4.3.0, 
status=deferred (mail transport unavailable)
```


----------



## graudeejs (Jan 24, 2011)

It's something in postfix config.
Are you using postgres? What are logs related to postgres?

I think you Should provide your entire main.cf, sql querys for tables that you created, and all postfix maps files, Also rc.conf and maybe even pg_hba.conf (from postgtres database) any of these can make problems


----------



## buttmanizer (Jan 24, 2011)

Yes I'm using PostgreSQL and it seems to work fine:

```
...
2011-01-24 20:49:56.669 PHT,"postfix","maildb",5969,"192.168.0.121:57347",4d3d7574.1751,2,"",2011-01-24 20:49:56 
PHT,5/1517,0,LOG,00000,"connection authorized: user=postfix database=maildb",,,,,,,,,""
...
```

postconf -n

```
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = scan:[192.168.0.121]:10025
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
default_privs = nobody
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
local_recipient_maps = $virtual_mailbox_maps
mail_owner = postfix
mail_spool_directory = /var/home/mail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost.$mydomain, localhost
mydomain = jjjsoftware.com
myhostname = jjjsoftware.com
mynetworks = 192.168.0.0/24, 127.0.0.0/8
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,  permit_sasl_authenticated,  reject_non_fqdn_hostname,  reject_non_fqdn_sender,  
reject_non_fqdn_recipient,  reject_unauth_destination,  reject_unauth_pipelining,  reject_invalid_hostname,  reject_rbl_client bl.spamcop.net
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_alias_maps.cf
virtual_gid_maps = static:6
virtual_mailbox_base = /mail
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_domains.cf
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:26
```

For all the postfix maps here're the connection parameters:

```
user = postfix
password = xxx
hosts = lexie
dbname = maildb
```

pgsql_virtual_alias_maps.cf

```
query = SELECT dest_username || '@' || dest_domain FROM mailbox_aliases WHERE address = '%s' AND active = true
```

pgsql_virtual_mailbox_domains.cf

```
query = SELECT domain FROM mailbox WHERE domain = '%s' AND active = true
```

pgsql_virtual_mailbox_maps.cf

```
query = SELECT domain || '/' || username FROM mailbox WHERE username = '%u' AND domain = '%d' AND active = true
```

SQL tables:

```
maildb=# \dS+  mailbox
                               Table "public.mailbox"
  Column  |          Type          |       Modifiers       | Storage  | Description 
----------+------------------------+-----------------------+----------+-------------
 username | character varying(128) | not null              | extended | 
 domain   | character varying(128) | not null              | extended | 
 password | character varying(32)  | not null              | extended | 
 quota    | integer                | not null default 1024 | plain    | 
 active   | boolean                | not null default true | plain    | 
Indexes:
    "mailbox_pkey" PRIMARY KEY, btree (username, domain)
Referenced by:
    TABLE "mailbox_aliases" CONSTRAINT "mailbox_aliases_dest_username_fkey" FOREIGN KEY (dest_username, dest_domain) REFERENCES 
mailbox(username, domain) ON DELETE CASCADE
Has OIDs: no
```


```
maildb=# \dS+  mailbox_aliases
                             Table "public.mailbox_aliases"
    Column     |          Type          |       Modifiers       | Storage  | Description 
---------------+------------------------+-----------------------+----------+-------------
 address       | character varying(256) | not null              | extended | 
 dest_username | character varying(128) | not null              | extended | 
 dest_domain   | character varying(128) | not null              | extended | 
 active        | boolean                | not null default true | plain    | 
Indexes:
    "mailbox_aliases_pkey" PRIMARY KEY, btree (address)
Foreign-key constraints:
    "mailbox_aliases_dest_username_fkey" FOREIGN KEY (dest_username, dest_domain) REFERENCES mailbox(username, domain) ON DELETE CASCADE
Has OIDs: no
```


```
maildb=# \dS+  mailbox_relay_domains
                       Table "public.mailbox_relay_domains"
 Column |          Type          |       Modifiers       | Storage  | Description 
--------+------------------------+-----------------------+----------+-------------
 domain | character varying(256) | not null              | extended | 
 active | boolean                | not null default true | plain    | 
Indexes:
    "mailbox_relay_domains_pkey" PRIMARY KEY, btree (domain)
Has OIDs: no
```

pg_hba.conf

```
# IPv4 local connections:
...
local   maildb          dovecot,postfix                         md5
...
```

/etc/rc.conf

```
hostname="lexie"
ifconfig_em0="DHCP"
keymap="us.iso"
sshd_enable="YES"
linux_enable="YES"
dbus_enable="YES"
hald_enable="YES"
polkitd_enable="YES"

#PostgreSQL
postgresql_enable="YES"
postgresql_data="/mnt/data/pg_data"
postgresql_flags="-w -s -m fast"
postgresql_initdb_flags="--encoding=utf-8 --lc-collate=C"
postgresql_class="postgres"
postgresql_user="postgres"

vboxnet_enable="YES"
apache22_enable="YES"

#Printer Settings
cupsd_enable="YES"
devfs_system_ruleset="system"

#Firewall Settings
#firewall_enable="YES"
#firewall_logging="YES"
#firewall_type="/etc/ipfw2.conf"
pf_enable="YES"
pflog_enable="YES"

#Email Settings
dovecot_enable="YES"
postfix_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

#Spamd
#obspamlogd_enable="YES"
#obspamd_enable="YES"
#obspamd_flags="-l 192.168.0.121 -h jjjsoftware.com"

#Clamav
clamsmtpd_enable="YES"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_freshclam_flags="--quiet -a 192.168.0.121 -c 24"

#SpamAssassin
spamd_enable="YES"
spamd_flags="-c --socketpath=/var/run/SpamAssassin.socket"

bsdstats_enable="YES"
```


----------



## graudeejs (Jan 24, 2011)

I think setting *mynetworks_style = host* is wrong, because you already defined *mynetworks* which contains list of addresses, that can freely relay email using your mail server. (however this is not your problem)

Check that your queries:

```
SELECT dest_username || '@' || dest_domain FROM mailbox_aliases WHERE address = '%s' AND active = true;
SELECT domain FROM mailbox WHERE domain = '%s' AND active = true;
```
Work as expected


----------



## buttmanizer (Jan 24, 2011)

*Sending an email from GMail to my mail server*

PostgreSQL seems to be fine:

```
2011-01-25 00:25:08.765 PHT,"postfix","maildb",10408,"192.168.0.121:31464",4d3da7e4.28a8,4,"",2011-01-25 00:25:08 
PHT,8/17,0,LOG,00000,"statement: SELECT domain FROM mailbox WHERE domain = 'jjjsoftware.com' AND active = true",,,,,,,,,""
2011-01-25 00:27:34.824 PHT,"dovecot","maildb",10175,"192.168.0.121:50699",4d3da73c.27bf,6,"",2011-01-25 00:22:20 
PHT,2/5,0,LOG,00000,"statement: SELECT username, domain, password, '*:bytes=' || quota || 'M' AS userdb_quota_rule FROM mailbox WHERE username 
= 'jovito' AND domain = 'jjjsoftware.com' AND active = true",,,,,,,,,""
```

mailq:

```
lexie# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
32DE43D1A40*    8680 Tue Jan 25 00:24:59  jovito@jjjsoftware.com
                                         buttmanizer@gmail.com

-- 9 Kbytes in 1 Request.
lexie# mailq
Mail queue is empty
```

spamd, clamsmtpd, and spamassasin all seem to work fine as the message gets passed between them.

However, _status=bounced (too many hops)_, _userdb lookup not possible with only userdb prefetch_, and _status=bounced (user unknown)_ are weird. And I didn't received any mail in GMail 


```
...
...
Jan 25 00:25:08 lexie postfix/pickup[10256]: B133B3D1A43: uid=65534 from=<jovito@jjjsoftware.com>
Jan 25 00:25:08 lexie postfix/pipe[10280]: EB5CC3D1A40: to=<buttmanizer@gmail.com>, relay=spamassassin, delay=4.8, delays=0.11/0/0/4.7, 
dsn=2.0.0, status=sent (delivered via spamassassin service)
Jan 25 00:25:08 lexie postfix/qmgr[10257]: EB5CC3D1A40: removed
Jan 25 00:25:08 lexie postfix/cleanup[10278]: B133B3D1A43: message-id=<20FA642C-10C0-4979-A12C-F57769D7BEFC@jjjsoftware.com>
Jan 25 00:25:08 lexie postfix/cleanup[10278]: B133B3D1A43: to=<buttmanizer@gmail.com>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.0, 
status=bounced (too many hops)
Jan 25 00:25:08 lexie postfix/cleanup[10405]: B5C083D1ABA: message-id=<20110124162508.B5C083D1ABA@jjjsoftware.com>
Jan 25 00:25:08 lexie postfix/bounce[10404]: B133B3D1A43: sender non-delivery notification: B5C083D1ABA
Jan 25 00:25:08 lexie postfix/qmgr[10257]: B5C083D1ABA: from=<>, size=10853, nrcpt=1 (queue active)
Jan 25 00:25:08 lexie spamd[1059]: prefork: child states: II 
Jan 25 00:25:08 lexie dovecot: auth(default): master in: USER	1	jovito@jjjsoftware.com	service=deliver
Jan 25 00:25:08 lexie dovecot: auth(default): prefetch(jovito@jjjsoftware.com): userdb lookup not possible with only userdb prefetch
Jan 25 00:25:08 lexie dovecot: auth(default): master out: NOTFOUND	1
Jan 25 00:25:08 lexie postfix/pipe[10409]: B5C083D1ABA: to=<jovito@jjjsoftware.com>, relay=dovecot, delay=0.04, delays=0.02/0.02/0/0, 
dsn=5.1.1, status=bounced (user unknown)
Jan 25 00:25:08 lexie postfix/qmgr[10257]: B5C083D1ABA: removed
Jan 25 00:27:34 lexie dovecot: auth(default): client in: AUTH	1	PLAIN	service=imap	secured	lip=192.168.0.121	
rip=112.201.119.168	lport=993	rport=48842	resp=AGpvdml0b0Bqampzb2Z0d2FyZS5jb20AZGFyY2luX2NvbGU=
Jan 25 00:27:34 lexie dovecot: auth(default): sql(jovito@jjjsoftware.com,112.201.119.168): query: SELECT username, domain, password, '*:bytes=' 
|| quota || 'M' AS userdb_quota_rule FROM mailbox WHERE username = 'jovito' AND domain = 'jjjsoftware.com' AND active = true
Jan 25 00:27:34 lexie dovecot: auth(default): client out: OK	1	user=jovito@jjjsoftware.com
Jan 25 00:27:34 lexie dovecot: auth(default): master in: REQUEST	3	10263	1
Jan 25 00:27:34 lexie dovecot: auth(default): prefetch(jovito@jjjsoftware.com,112.201.119.168): success
Jan 25 00:27:34 lexie dovecot: auth(default): master out: USER	3	jovito@jjjsoftware.com	quota_rule=*:bytes=1024M
Jan 25 00:27:34 lexie dovecot: imap-login: Login: user=<jovito@jjjsoftware.com>, method=PLAIN, rip=112.201.119.168, lip=192.168.0.121, TLS
Jan 25 00:27:35 lexie dovecot: auth(default): new auth connection: pid=10436
```


----------



## buttmanizer (Jan 24, 2011)

*GMail gets blocked, booohooo!*

How can I unblock my GMail?


```
Jan 25 00:50:16 lexie dovecot: imap-login: Login: user=<jovito@jjjsoftware.com>, method=PLAIN, rip=112.201.119.168, lip=192.168.0.121, TLS
Jan 25 00:50:17 lexie dovecot: auth(default): new auth connection: pid=10754
Jan 25 00:52:53 lexie postfix/smtpd[10789]: connect from mail-gx0-f169.google.com[209.85.161.169]
Jan 25 00:52:53 lexie dovecot: auth(default): new auth connection: pid=10789
Jan 25 00:52:56 lexie postfix/smtpd[10789]: NOQUEUE: reject: RCPT from mail-gx0-f169.google.com[209.85.161.169]: 554 5.7.1 Service unavailable; 
Client host [209.85.161.169] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?209.85.161.169; from=
<buttmanizer@gmail.com> to=<jovito@jjjsoftware.com> proto=ESMTP helo=<mail-gx0-f169.google.com>
Jan 25 00:52:57 lexie postfix/smtpd[10789]: disconnect from mail-gx0-f169.google.com[209.85.161.169]
```


----------



## graudeejs (Jan 24, 2011)

Hmm, why in your config I don't see 
	
	



```
relay_domains = $mydestination
```
 (This is default value, don't modify, set it like it is)?
Set it, reload postfix, and test... (ugh... I hate debugging mail servers )

Also I tried to send mail to you using telnet... Server seems to have accepted my message.


----------



## buttmanizer (Jan 24, 2011)

I put relay_domains = $mydestination in main.cf and restarted postfix.

Still can't receive any mails, even yours:

```
Jan 25 01:33:30 lexie postfix/pickup[1274]: 0E1913D1A42: uid=65534 from=<aldis@bsdroot.lv>
Jan 25 01:33:30 lexie postfix/qmgr[1275]: 5DE703D1A3B: removed
Jan 25 01:33:30 lexie postfix/cleanup[1742]: 0E1913D1A42: message-id=<20110124173132.E25B63D1A42@jjjsoftware.com>
Jan 25 01:33:30 lexie postfix/cleanup[1742]: 0E1913D1A42: to=<jovito@jjjsoftware.com>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.0, 
status=bounced (too many hops)
Jan 25 01:33:30 lexie postfix/cleanup[1866]: 120843D1A43: message-id=<20110124173330.120843D1A43@jjjsoftware.com>
Jan 25 01:33:30 lexie postfix/bounce[1865]: 0E1913D1A42: sender non-delivery notification: 120843D1A43
Jan 25 01:33:30 lexie postfix/qmgr[1275]: 120843D1A43: from=<>, size=12308, nrcpt=1 (queue active)
Jan 25 01:33:30 lexie spamd[1098]: prefork: child states: II 
Jan 25 01:33:46 lexie postfix/anvil[1573]: statistics: max connection rate 1/60s for (smtp:112.201.119.168) at Jan 25 01:23:44
Jan 25 01:33:46 lexie postfix/anvil[1573]: statistics: max connection count 1 for (smtp:112.201.119.168) at Jan 25 01:23:44
Jan 25 01:33:46 lexie postfix/anvil[1573]: statistics: max cache size 2 at Jan 25 01:28:51
Jan 25 01:34:00 lexie postfix/smtp[1870]: connect to mx.bsdroot.lv[83.241.11.155]:25: Operation timed out
Jan 25 01:34:00 lexie postfix/smtp[1870]: 120843D1A43: to=<aldis@bsdroot.lv>, relay=none, delay=31, delays=0.02/0.02/31/0, dsn=4.4.1, 
status=deferred (connect to mx.bsdroot.lv[83.241.11.155]:25: Operation timed out)
```

Email verification at network-tools.com for my MX records seems fine:

```
Validation results
canonical address: <jovito@jjjsoftware.com>
MX records
preference	exchange	IP address (if included)
10	mail.jjjsoftware.com	[112.201.119.168]
SMTP session
[Contacting mail.jjjsoftware.com [112.201.119.168]...]
[Connected]
220 jjjsoftware.com ESMTP Postfix (2.7.2)
EHLO Network-Tools.com
250-jjjsoftware.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
VRFY jovito
504 5.5.2 <jovito>: Recipient address rejected: need fully-qualified address
RSET
250 2.0.0 Ok
EXPN jovito
502 5.5.2 Error: command not recognized
RSET
250 2.0.0 Ok
MAIL FROM:<admin@Network-Tools.com>
250 2.1.0 Ok
RCPT TO:<jovito@jjjsoftware.com>
250 2.1.5 Ok
RSET
250 2.0.0 Ok
QUIT
221 2.0.0 Bye
[Connection closed]
```


----------



## graudeejs (Feb 17, 2011)

I'm trying to rewrite (write better) this HOWTO at http://wiki.bsdroot.lv/freebsd:mailserver
Probably it will be much more up to date


----------



## kenyloveg (Feb 23, 2011)

Hi, killasmurf86

Since 8.2 is released, would you update your scenario along with other updates like Postgresql 9.0.3?


----------



## graudeejs (Feb 23, 2011)

kenyloveg said:
			
		

> Hi, killasmurf86
> 
> Since 8.2 is released, would you update your scenario along with other updates like Postgresql 9.0.3?



Nothing (that I'm aware of) except version number change in this matter.


----------



## kenyloveg (Feb 24, 2011)

Hi, killasmurf86

Thanks anyway.

My problem is failed to install Postgresql90-server, steps are below. Fresh install 8.2 release, choose minimal install 

```
portsnap fetch
portsnap extract
cd /usr/port/database/postgresql90-server
make clean install
```

At last I get 
	
	



```
error code 1
```
 say something like open-sasl install failed/Postgresql client 8.4 failed.

Now I'm installing binary not compiling from port, looks everything all right now, but need to go on your rest scenario.


----------



## kenyloveg (Feb 24, 2011)

And another question is regarding certification. I've already get class 1 cert from StartSSL, which is a .p12 file, how can i using this file as SSL/TLS cert? PS: I don't wanner get popup in Outlook client, saying should i trust this or not...
Thanks.


----------



## graudeejs (Feb 24, 2011)

kenyloveg said:
			
		

> Hi, killasmurf86
> Thanks anyway.
> My problem is failed to install Postgresql90-server, steps are below
> Fresh install 8.2 release, choose minimal install, "portsnap fetch", "portsnap extract", "cd /usr/port/database/postgresql90-server", "make clean install", at last i get "error code 1", say something like open-sasl install failed/Postgresql client 8.4 failed.


This is your specific problem (don't know why it won't build for you), I had no problem installing PostgreSQL server/client 



			
				kenyloveg said:
			
		

> Excuse me for bad English, and replied by using quick reply...
> Have a good day.


Your English fine 



			
				kenyloveg said:
			
		

> And another question is regarding certification. I've already get class 1 cert from StartSSL, which is a .p12 file, how can i using this file as SSL/TLS cert? PS: I don't wanner get popup in Outlook client, saying should i trust this or not...
> Thanks.


see *CONVERTING CERTIFICATE TO/FROM PKCS #12 FORMAT* at http://forums.freebsd.org/showthread.php?t=6490
I think that's the answer


----------



## kenyloveg (Feb 24, 2011)

Hi, killasmurf86
 Thanks for your reply.
Could you let me know what is your exact step to install Postgresql90-server from scratch?
The problem should be build scripts for Postgresql90-server, cuz I've no idea why would it need postgresql84 client to be installed...
And one thing for newbies like me, you need to install portmaster first then reboot, then portmaster should work.


----------



## graudeejs (Feb 24, 2011)

```
# cd /usr/ports/databases/postgresql90-server
# make install clean
```

or if you have portmaster installed

```
portmaster databases/postgresql90-server
```

That's it

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html


----------



## kenyloveg (Feb 24, 2011)

Hi, killasmurf86

Excuse me if I had so many noob questions. As configuration in dovecot.conf need both cert.pem and key.pem, after putting this [cmd=]openssl pkcs12 -in mycert.p12 -out cert.pem -nodes -clcerts[/cmd] I still need key.pem which I've no idea how to get this.

Thank you.


----------



## DutchDaemon (Feb 24, 2011)

kenyloveg said:
			
		

> And one thing for newbies like me, you need to install portmaster first then reboot, then portmaster should work.



Nonsense, this is not Windows. Just run [cmd=]hash -r[/cmd] or [cmd=]rehash[/cmd] after installing a port/package.


----------



## kenyloveg (Feb 24, 2011)

DutchDaemon said:
			
		

> Nonsense, this is not Windows. Just run [cmd=]hash -r[/cmd] or [cmd=]rehash[/cmd] after installing a port/package.



Hi, DutchDaemon
 Thanks for your information. Just because after I installed portmaster, I still got 
	
	



```
command not found
```
 Thought reboot may fix it. But never thought heard about "hash -r".

BTW, how do I check binary package information on ftp site like port?


----------



## graudeejs (Feb 24, 2011)

kenyloveg said:
			
		

> Hi, killasmurf86
> 
> Excuse me if I had so many noob questions. As configuration in dovecot.conf need both cert.pem and key.pem, after putting this [cmd=]openssl pkcs12 -in mycert.p12 -out cert.pem -nodes -clcerts[/cmd] I still need key.pem which I've no idea how to get this.
> 
> Thank you.



Depends on your certificate. If you have only one file, then you probably have everything in one file, in this case point all necessary parameters to your only ssl key


----------



## IrishWristwatch (Mar 10, 2011)

Where is the UserDB in this setup?  My logs keep showing that the user is not found every time I send a message to the server.


```
to=<test@fakeurl.com>, relay=dovecot, delay=0.24, delays=0.16/0.01/0/0.06, dsn=5.1.1, status=bounced (user unknown)
```


----------



## IrishWristwatch (Mar 10, 2011)

IrishWristwatch said:
			
		

> Where is the UserDB in this setup?  My logs keep showing that the user is not found every time I send a message to the server.
> 
> 
> ```
> ...



Fixed it.  I added 


```
passdb sql {
    args = /usr/local/etc/dovecot-sql.conf
  }

  userdb prefetch {
    # keep this, otherwise quota won't work
  }

  userdb static {
    args = uid=mailnull gid=mail home=/mail/%d/%n
    # keep this, otherwise quota won't work
  }
```


----------



## graudeejs (Mar 10, 2011)

On my setup I don't use userdb, I get info about user from passdb, this way I save 1 SQL call


----------



## IrishWristwatch (Mar 10, 2011)

killasmurf86 said:
			
		

> On my setup I don't use userdb, I get info about user from passdb, this way I save 1 SQL call



Strange, it couldn't find the user by just using a passdb SQL call (as shown in the log in my first post).  It worked after I added that "userdb static" call into the file.


----------



## graudeejs (Mar 10, 2011)

IrishWristwatch said:
			
		

> Strange, it couldn't find the user by just using a passdb SQL call (as shown in the log in my first post).  It worked after I added that "userdb static" call into the file.



Howto may contain some errors, because I wrote it off my memory.
I hope to fix these, next time I reinstall my server


----------



## IrishWristwatch (Mar 13, 2011)

killasmurf86 said:
			
		

> Howto may contain some errors, because I wrote it off my memory.
> I hope to fix these, next time I reinstall my server



Do you know how virtual mailbox forwarding would be done on this setup?  For instance, if I wanted joe@example.com to go to the mailbox joe, but also to joe@gmail.com.  I know how to do this with the /etc/aliases file, but I'm not too sure with virtual mailboxes in postgresql.


----------



## graudeejs (Mar 13, 2011)

IrishWristwatch said:
			
		

> Do you know how virtual mailbox forwarding would be done on this setup?  For instance, if I wanted joe@example.com to go to the mailbox joe, but also to joe@gmail.com.  I know how to do this with the /etc/aliases file, but I'm not too sure with virtual mailboxes in postgresql.



Sorry, I've no clue (never needed such feature)


----------



## henrixd (Jun 2, 2012)

*Thanks!*

This was great tutorial. I got things running, with almost no problems. Here is few things I did differently.

RoundCube uses fsockopen, so why not use unix sockets. First disable inet_listener and add unix socket for imaps.

dovecot config:

```
inet_listener imaps {
    port = 0
}
unix_listener imaps {
    mode = 0666
}
```

RounCube main config:

```
$rcmail_config['default_host'] = 'unix:///var/run/dovecot/imaps';
$rcmail_config['default_port'] = -1;
```

This is part from my nginx.conf. We start with default deny all and move towards to allowing. Only PHP script that needs fcgi_pass is index.php and rest is just static files.

There is so much crap and exposed files in roundcube dirs, that I won*'*t let them open nor want I keep checking them too often.

nginx config:

```
root   /usr/local/www/roundcube;

        include        fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

        ## Only allow these request methods
        if ($request_method !~ ^(GET|HEAD|POST)$ ) {
                return 444;
        }

        location / { deny all; }
        location = / { index  index.php; }

        location = /index.php {
                fastcgi_pass   unix:/var/run/spawn_fcgi.socket;
        }

        location = /program/blank.gif {}
        location = /program/blocked.gif {}

        location ~ ^/program/js/.*\.js$ {}
        location ~ ^/skins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
        location ~ ^/plugins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
```

Here is my test code for nginx.conf (in case someone wants to validate).
First in server run this:
[cmd=]find /usr/local/www/roundcube -true > ./check.list[/cmd]

Run check.list file with this.

```
#!/bin/sh

while read url; do
        echo -n "${url}: "
        curl -o /dev/null --silent --head --write-out '%{http_code}\n' ${url}
done < check.list
```

Remember to put security/sshguard to check mail.info too, to have a little extra security for the web login form. Keep in mind that max-src-conn-rate type of filter rules might lock you out (I didn't).

There, hope this helps secure someone*'*s web-mail.


----------



## henrixd (Jun 2, 2012)

IrishWristwatch said:
			
		

> Do you know how virtual mailbox forwarding would be done on this setup?  For instance, if I wanted joe@example.com to go to the mailbox joe, but also to joe@gmail.com.  I know how to do this with the /etc/aliases file, but I'm not too sure with virtual mailboxes in postgresql.



Postfix to Database Mappings

Find virtual_alias_maps from somewhat middle of the page.


----------



## graudeejs (Jun 3, 2012)

henrixd said:
			
		

> This was great tutorial. I got things running, with almost no problems. Here is few things I did differently.
> 
> RoundCube uses fsockopen, so why not use unix sockets. First disable inet_listener and add unix socket for imaps.
> 
> ...



BTW, later I discovered www/hastymail2 (http://www.hastymail.org/)
I really like it much more than RoundCube. It has much more advanced features.
However hastymail in ports and doesn't work very well for multiple domains.

Unfortunately I don't have my own server any more, so I haven't updated hastymail (yet).
I should probably give Hastymail to the pool....
(hope to get new server some day, soon [few months maybe])


----------



## henrixd (Jun 4, 2012)

Little bug fix.

I should have validate*d* my own config better, this is what you get when you set up your box with minimum sleep.


```
location ~ ^/program/js/.*\.js|jpg|jpeg|gif|png|html|htm|css$ {}
location ~ ^/skins/.*\.js|jpg|jpeg|gif|png|html|htm|css$ {}
location ~ ^/plugins/.*\.js|jpg|jpeg|gif|png|html|htm|css$ {}
```

I m*u*st say, that www/hastymail2 looks really nice, I'll go give it a try immediately.


----------



## makdaddy8888 (Jun 21, 2012)

*I* think you mean:



> -- create virtual domain
> -- currently virtual domains doesn't work for me
> INSERT INTO domains_relay_domains VALUES ('example.com');



to say 
	
	



```
INSERT INTO mailbox_relay_domains VALUES etc
```


----------



## makdaddy8888 (Jun 21, 2012)

*C*an you please expand on this?



> also for db security I suggest you change password for pgsql user and set password authentication for everything and everyone form anywhere



*T*hanks.


----------



## NuLL3rr0r (Aug 16, 2012)

Hi,

Tnx for such a great tutorial, this is exactly the one I needed.

I did setup my VPS using your tutorial, and now I can send messages out.
But when I send a message from gmail to one of mailboxes on my VPS I got


```
Aug 16 03:16:00 3rr0r postfix/pickup[1607]: 42B72B87E: uid=80 from=<www>
Aug 16 03:16:00 3rr0r postfix/cleanup[5049]: 42B72B87E: message-id=<20120816031600.42B72B87E@babaei.net>
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 42B72B87E: from=<www@babaei.net>, size=501, nrcpt=1 (queue active)
Aug 16 03:16:00 3rr0r dovecot: auth(default): prefetch(www@babaei.net): userdb lookup not possible with only userdb prefetch
Aug 16 03:16:00 3rr0r postfix/pipe[5057]: 42B72B87E: to=<www@babaei.net>, orig_to=<www>, relay=dovecot, delay=0.03, 
delays=0.01/0.01/0/0, dsn=5.1.1, status=bounced (user unknown)
Aug 16 03:16:00 3rr0r postfix/cleanup[1690]: 4892DB93B: message-id=<20120816031600.4892DB93B@babaei.net>
Aug 16 03:16:00 3rr0r postfix/bounce[5059]: 42B72B87E: sender non-delivery notification: 4892DB93B
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 4892DB93B: from=<>, size=2164, nrcpt=1 (queue active)
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 42B72B87E: removed
Aug 16 03:16:00 3rr0r dovecot: auth(default): prefetch(www@babaei.net): userdb lookup not possible with only userdb prefetch
Aug 16 03:16:00 3rr0r postfix/pipe[2400]: 4892DB93B: to=<www@babaei.net>, relay=dovecot, delay=0.53, delays=0.53/0/0/0,
 dsn=5.1.1, status=bounced (user unknown)
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 4892DB93B: removed
```

The only reason I found http://comments.gmane.org/gmane.mail.postfix.user/83221


> The user with the UID 80 (www?) injects a mail using the sendmail
> command.



I really don't know what's wrong??


Also when I start postfix manually I see a bunch of warnings:

```
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
postfix/postfix-script: stopping the Postfix mail system
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
postfix/postfix-script: starting the Postfix mail system
```

I found this one: http://sourceforge.net/mailarchive/forum.php?thread_name=4FAC07D5.3030908%40quip.cz&forum_name=vda-users


----------



## graudeejs (Aug 16, 2012)

Do you have user (or alias) www in database?


----------



## NuLL3rr0r (Aug 17, 2012)

graudeejs said:
			
		

> Do you have user (or alias) www in database?



Nope. this is my only user with two aliases

```
-- create user
INSERT INTO mailbox VALUES ('3rr0r','babaei.net','{#############################}');

-- create virtual aliases
INSERT INTO mailbox_aliases VALUES ('postmaster@babaei.net', '3rr0r', 'babaei.net');
INSERT INTO mailbox_aliases VALUES ('root@babaei.net', '3rr0r', 'babaei.net');
```


----------



## NuLL3rr0r (Aug 17, 2012)

Delivery failure report by gmail


```
This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

     root@babaei.net

Message will be retried for 2 more day(s)

Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at 
http://support.google.com/mail/bin/answer.py?answer=7720
[(10) mx.babaei.net. [199.48.133.134]:25: Connection dropped]
[(10) mail.babaei.net. [199.48.133.134]:25: Connection dropped]
```


----------



## graudeejs (Aug 17, 2012)

NuLL3rr0r said:
			
		

> Nope. this is my only user with two aliases
> 
> ```
> -- create user
> ...



I think you need to

```
INSERT INTO mailbox_aliases VALUES ('www@babaei.net', '3rr0r', 'babaei.net');
```

P.S. I'm rusty on this. I don't have my own server for about year or so


----------



## NuLL3rr0r (Aug 18, 2012)

Hi graudeejs,

tnx for the answer. I added *www* to *mailbox_aliases*. To check if it's added:
[CMD=""]SELECT * FROM mailbox_aliases;[/CMD]

```
address        | dest_username | dest_domain | active
-----------------------+---------------+-------------+--------
 postmaster@babaei.net | 3rr0r         | babaei.net  | t
 root@babaei.net       | 3rr0r         | babaei.net  | t
 www@babaei.net        | 3rr0r         | babaei.net  | t
(3 rows)
```

Still *www* is unknown user:

```
Aug 18 20:13:12 3rr0r postfix/smtpd[1543]: connect from mail-bk0-
f44.google.com[209.85.214.44]
Aug 18 20:14:00 3rr0r postfix/pickup[99224]: 1726BBA48: uid=80 from=<www>
Aug 18 20:14:00 3rr0r postfix/cleanup[85682]: 1726BBA48: message-id=<20120818201400.1726BBA48@babaei.net>
Aug 18 20:14:00 3rr0r postfix/qmgr[30223]: 1726BBA48: from=<www@babaei.net>, size=501, 
nrcpt=1 (queue active)
Aug 18 20:14:00 3rr0r dovecot: auth(default): prefetch(3rr0r@babaei.net): userdb lookup not 
possible with only userdb prefetch
Aug 18 20:14:00 3rr0r postfix/pipe[69649]: 1726BBA48: to=<3rr0r@babaei.net>, orig_to=<www>, 
relay=dovecot, delay=0.03, delays=0.01/0.01/0/0, dsn=5.1.1, status=bounced (user unknown)
Aug 18 20:14:00 3rr0r postfix/cleanup[95668]: 1CD9BBACA: message-id=
<20120818201400.1CD9BBACA@babaei.net>
Aug 18 20:14:00 3rr0r postfix/bounce[99157]: 1726BBA48: sender non-delivery notification: 
1CD9BBACA
Aug 18 20:14:00 3rr0r postfix/qmgr[30223]: 1CD9BBACA: from=<>, size=2168, nrcpt=1 (queue 
active)
Aug 18 20:14:00 3rr0r postfix/qmgr[30223]: 1726BBA48: removed
Aug 18 20:14:00 3rr0r dovecot: auth(default): prefetch(3rr0r@babaei.net): userdb lookup not 
possible with only userdb prefetch
Aug 18 20:14:00 3rr0r postfix/pipe[69652]: 1CD9BBACA: to=<3rr0r@babaei.net>, orig_to=
<www@babaei.net>, relay=dovecot, delay=0.01, delays=0.01/0/0/0, dsn=5.1.1, status=bounced 
(user unknown)
Aug 18 20:14:00 3rr0r postfix/qmgr[30223]: 1CD9BBACA: removed
```

Maybe I did something wrong. I'll try to do it from the begging to see what happens.


----------



## Cthulhux (Apr 9, 2013)

Not sure if I made some mistake...

I own the mail address root@_somedomain_.org which runs on FreeBSD 9.1. I copied and pasted the commands to create the cert.pem and key.pem files and entered somedomain.org when it asked for "my name". Then I added the cert.pem certificate to my MUA.

Still it fails to fetch mails:


```
Apr  9 22:06:59 [i]servername[/i] dovecot: imap-login: Disconnected (no auth attempts): rip=91.11.9.88, lip=46.38.239.230, TLS handshaking: SSL_accept() failed: error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied
```

According to my MUA log, the domain does not match.

What has gone wrong here?


----------



## graudeejs (Apr 11, 2013)

I haven't done this for quite a while now, But depending on your config, perhaps you needed to type


```
*.somedomain.org
```

just a guess.
If I remember correctly, this allows you to have subdomains, which you probably have (main.somedomain.org ?)


----------



## Cthulhux (Apr 11, 2013)

No, I don't.

My Dovecot/Postfix entirely listen(s) to the _somedomain.org_ domain, no subdomains of it.


----------



## cr4sh (Jun 24, 2013)

If anyone needs to add BCC incoming/outgoing mails in this system.
main.cf

```
recipient_bcc_maps = pgsql:/usr/local/etc/postfix/pgsql_recipient_bcc_maps.cf
```

/usr/local/etc/postfix/pgsql_recipient_bcc_maps.cf

```
user = postfix
password = passsffffooorrrttt 
hosts = /tmp:5433
dbname = mail
query = SELECT address_bcc FROM mailbox_bcc WHERE address_to = '%s' AND active = true;
```

PostgreSQL code:


```
CREATE TABLE mailbox_bcc (
address_to VARCHAR(128) NOT NULL,
address_bcc VARCHAR(128) NOT NULL,
active BOOLEAN DEFAULT true NOT NULL
);

GRANT SELECT ON mailbox_bcc TO postfix;
```

address_to - mail address person that we want to forward mails
address_bcc - mail address where copy will be sent
Use only real accounts, not aliases.


----------



## Cthulhux (Aug 11, 2013)

You'll need to remove the comma before the ) though.


----------



## cbrace (Oct 26, 2013)

@cr4sh: I'd be happy to help out with dspam. My configuration is pretty standard:

This line in /usr/local/etc/postfix/master.cf:

```
smtp      inet  n       -       n       -       -       smtpd
           -o content_filter=lmtp:unix:/var/run/dspam.sock
```
How far have you gotten? What seems to be the problem?


----------



## cr4sh (Oct 26, 2013)

cbrace said:
			
		

> @cr4sh: I'd be happy to help out with dspam. My configuration is pretty standard:
> 
> This line in /usr/local/etc/postfix/master.cf:
> 
> ...



Thanks for fast reply. Can you add your dspam configuration? I have problems with adding dspam to configuration from this topic.

Best regards.


----------

