Blue Flower

Qmail 2.0

Qmail 2.0 (27)

Sunday, 19 July 2015 02:03

Installing Qmail - No Qmail Port

Written by

Originally when I first started modifying the qmailrocks documentation for FreeBSD my goal was to use all the qmail ports to simplify the installation. Since then the qmail port has changed to support netqmail which causes a conflict with qmail. Starting on 2/7/17 I have modified this guide so you are no longer required to install this port. This allows a much cleaner and simplified way to install qmail directly from source.

Lets start with creating groups. users, groups and needed directories:


# pw groupadd nofiles
# pw groupadd vchkpw -g 89
# pw groupadd qscand
# pw useradd vpopmail -u 89 -g vchkpw -m -d /usr/home/vpopmail -s /sbin/nologin
# pw groupadd qnofiles -g 81
# pw groupadd qmail -g 82
# pw useradd qmaild -u 82 -g 81 -m -d /var/qmail -s /nonexistent
# pw useradd alias -u 81 -g 81 -m -d /var/qmail/alias -s /nonexistent
# pw useradd qmaill -u 83 -g 82 -m -d /var/qmail -s /nonexistent
# pw useradd qmailp -u 84 -g 81 -m -d /var/qmail -s /nonexistent
# pw useradd qmailq -u 85 -g 82 -m -d /var/qmail -s /nonexistent
# pw useradd qmailr -u 86 -g 82 -m -d /var/qmail -s /nonexistent
# pw useradd qmails -u 87 -g 82 -m -d /var/qmail -s /nonexistent
# pw useradd qscand -s /sbin/nologin -d /tmp
# mkdir /var/log/qmail
# mkdir /var/log/qmail/qmail-send /var/log/qmail/dovecot /var/log/qmail/qmail-smtpd /var/log/qmail/qmail-smtpd-ssl /var/log/qmail/qmail-smtpd-tls /var/log/qmail/qmail-scanner
# chown -R qmaill:wheel /var/log/qmail
# chmod -R 750 /var/log/qmail
# mkdir -p /var/qmail/supervise
# mkdir /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd-ssl /var/qmail/supervise/qmail-smtpd-ssl/log/ /var/qmail/supervise/dovecot /var/qmail/supervise/qmail-smtpd/log /var/qmail/supervise/qmail-send/log /var/qmail/supervise/qmail-smtpd-tls /var/qmail/supervise/qmail-smtpd-tls/log/
# chmod +t /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd-ssl /var/qmail/supervise/qmail-smtpd-tls /var/qmail/supervise/dovecot

Now download the qmail source so we can patch it:


# cd ~root
# fetch http://www.freebsdrocks.net/qmail2/qmail2-1.03.tar.gz
# tar zxvf qmail2-1.03.tar.gz

This guide has been updated to include the two patches and qmail amd64 hotfix. These are not included in the path directory. John Simpson's site is located at https://qmail.jms1.net/patches/combined-details.shtml . I am including this link because this guide includes his patches but his site has not been updated for quite some time now. Now let's patch qmail with John's patch:


# cd qmail-1.03
# patch < patches/qmail-1.03-jms1.7.08.patch

You will get an output of files that it patched. As long as it says done at the end with no errors you can continue.

Starting with FreeBSD 9.0 the user accounting database has been changed which resulted in an incompatible change to the data structure of the database. The utmp.h header file referenced by qbiff.c no longer exists since it's been replaced by utmpx.h.

http://www.freebsd.org/releases/9.0R/relnotes.html

Since it would take more time or interest than I have to change qbiff to be compatible with the change, I just removed all references to qbiff in hier.c, install-big.c, and the make file. The loss of qbiff functionality isn't significant for me since it is just for mail notifications for local system users. The following commands fixes this accounting issue:


# tar zxvf patches/qmail_fix2.tgz

If you are running FreeBSD 10.3 or 11.0 on AMD64 run the following. Everyone else skip this step:


# patch < patches/qmail64patch

Now run the following commands:


# make man
# make setup check

Lets get qmail setup for your local hostname. If your local hostname is bsd.localhost, use the following:


# ./config-fast bsd.localhost

You will get a output saying it is going to add that hostname to specific qmail control files. If you would like more information as to what these specific files control, please take a look at http://www.lifewithqmail.org/lwq.html#config-files

Now we need to run a few more qmail fixes:


# cd ~root
# mkdir qmail
# cd qmail
# fetch http://freebsdrocks.net/qmail2/scripts4.tgz
# tar zxvf scripts4.tgz
# rm scripts4.tgz
# cd /var/qmail/bin
# tar zxvf ~root/qmail/qmail_bin.tgz
# cd /var/qmail/queue
# touch /var/qmail/queue/lock/sendmutex
# chown qmails:qmail /var/qmail/queue/lock/sendmutex

At this point I would not recommend deleting any of the qmail files. They really don't take up a lot of room but if you ever delete anything by accident or need to rebuild you queue, you can stop qmail and then run make setup check and then start qmail again. This by any means won't fix everything but leaving the qmail files there won't hurt a bit.

One last thing to recommend is going into /var/qmail/control/locals and making sure that file is empty. If you need a good explanation as to why to do this:

rcpthosts is used for domains that we accept mail for - mostly used for vpopmail virtual domains that reside in /home/vpopmail/domains

If rcpthosts does not exist, you are an open relay. If it exists and is empty and there is no "morercpthosts.cdb" file as well, then your server will reject all incoming mail.

locals - domains that we deliver locally - mostly used for local delivery /home/$USER/Maildir

Wednesday, 08 June 2016 20:03

Qmail Changes

Written by

This will be an up-to-date list of all changes to the qmail install. This is effective 2/12/2017:

2/12/2017: Originally when I first started modifying the qmailrocks documentation for FreeBSD, my goal was to use all the qmail ports to simplify the installation. Since then the qmail port has changed to support netqmail which causes a conflict with qmail. Starting on 2/7/17 I have modified this guide so you are no longer required to install this port. This allows a much cleaner and simplified way to install qmail directly from source.

2/6/2017: At 23:59 UTC, December 31, 2016, FreeBSD 9.3, 10.1 and 10.2 will reach end-of-life and will no longer be supported by the FreeBSD Security Officers Team.  Users of FreeBSD 9.3, 10.1 and 10.2 are strongly encouraged to
upgrade to a newer release as soon as possible. This guide supports 10.3 and 11.0.

10/17/2016: On the configuring validrcptto page I have changed the fetch mkvalidrcptto location to now be included in the scripts4.tgz file. I am unsure how long John Simpsons site will be up and have attemtped to relocate anything that was on his site to mine. I plan on supporting qmail until it completely breaks.

7/13/16: Updated the Roundcube docs to support php 5.6

6/21/16: I updated the qmail-smtpd/run file to include the following changes:

* included a section for spamdyke within the run file
* Removed the qmail-scanner-queue.pl line as it's no longer being used
* Updated the RBL Listing
* Changed the MFCHECK line to 0 from 1
* Enabled the SMTP greeting by default

Special thanks to Steve Donohue for getting spamdyke working before I could.

6/8/16: Removed the reference of qmail-scanner-queue.pl from the qmail_smtpd_run file. I also added a log directory for qmail-scanner in /var/log/qmail and added the default log directory in the qmail-scanner documentation. This is to maintain consistency.

5/14/16: The qmail installation method has been heavily modified because of a few reasons. When installing the qmail port it actually installs netqmail not qmail. Also this causes a conflict with the /var/qmail/queue and also the files within          /var/qmail/bin. I have modified the documentation to reflect these changes.

This was the first post about qmail 2.0

Hello,

As of May 16, 2016 after about 50+ qmail installations I am happy to report that the qmail guide supports TLS on port 587. Many people may not realize this but port 587 is required for most apple devices. This guide fully supports secure POP3 on port 995 (dovecot), Secure SSL on port 465 (qmail) and secure TLS on port 587 (qmail). Once your qmail system is setup you can follow my optimization techniques to help thwart spam from arriving in your user's inbox.

I am planning on adding more spam related services to the qmail guide as a secondary expansion. Think of it as optimizing qmail part 2. This will include guide for razor, pryzor, adding even more rules to spamassassin and a new guide for enabling spamdyke.

Enjoy and as always please consider a donation to keep the site going.

 

Tuesday, 17 May 2016 16:08

Setting up the TLS Service

Written by

Setting up the TLS Service on port 587 is not absolutely necessary but a lot of apple devices require this. The folders and run files are in place so all we need to do is setup the IP and then setup the service. I have also created a new qmailctl script that can handle the TLS service.


# cd /var/qmail/supervise/qmail-smtpd-tls
# vi run

You should set the following value:

IP=1.2.3.4 Substitute your own IP address. Do not leave this set to 0 without a good reason.

Save and then create the TLS Service by running the following command:


# ln -s /var/qmail/supervise/qmail-smtpd-tls /service/

Then check the service


# svstat /service/qmail-smtpd-tls/ /service/qmail-smtpd-tls/log/
/service/qmail-smtpd-tls/: up (pid 37035) 9 seconds
/service/qmail-smtpd-tls/log/: up (pid 37036) 9 seconds


it is important to note that if you use Microsoft Outlook to send mail via TLS you set the port to 587 but then under the section "Use the following type of encrypted connecttion" set this to AUTO.

If you want the qmailctl file to handle the TLS service copy this file:


# cd /var/qmail/bin
# cp qmailctl_tls qmailctl

When you run qmailctl it should now show the tls service.

Sunday, 05 July 2015 13:15

Upgrading and Maintaining the Qmail System

Written by

Upgrading your ports and maintaining them are pretty easy. The first thing I would recommend is installing portupgrade from /usr/ports/sysutils/portupgrade. Once that is installed, you can run man portupgrade or just run portupgrade -r name. The -r switch means to upgrade everything recursively. Recurvisly meaning all of it's dependancies, or more simply, anything the program requires. You can do this for anything else not related to qmail or any of its programs. So for instance portupgrade -r kde, it will upgrade kde and all it's dependancies.

Another thing I would recommend using is portaudit. If you have your system setup correctly, You will get portaudit reports in your daily security logs. This will give you any warnings about any obsolete packages and/or any security warnings in regards to anything being installed.

What I am going to suggest in the next few pages is the recommended way to upgrade programs from ports. Mostly we will be running through backing up .conf files and running portupgrade and then making sure everything is chmodded or chowned correctly.

Qmail - Qmail doesn't require any type of upgrades. Qmail hasn't been upgraded since 1997 or 1998 but it is very stable and very secure.

UCSPI-TCP - Pretty much the same as qmail. I don't think has changed at all. Quite honestly, I have never upgraded it and I haven't ever had a problem with running any old/previous versions.

Daemontools - Again, Pretty much the same as qmail or UCSPI-TCP.

Ezmlm-idx - This can change from time to time. I would first backup your list which resides in ~vpopmail/domains/domain.xxx/listname before upgrading the port. Then, run portupgrade -r ezmlm-idx and then check to make sure your list is intact before deleting your backup.

Qmail-Autoresponder - As of 8/7/14 you need to create a symlink for delivermail as follows if you have not already. Just run the following command: ln -s /usr/local/bin/maildrop-deliverquota /usr/local/bin/deliverquota. otherwise This can be upgraded when new versions come out. A simple portupgrade -r qmail-autoresponder works fine in most cases.

Vpopmail -

At this point where the skel patch is no more, It is fairly easy to upgrade vpopmail from one version to the next. If your security run output or portaudit commands tell you that vpopmail need to be upgraded, run the following commands:

# cd /usr/ports/mail/vpopmail
# make CONFIGURE_ARGS="--enable-logging=p --enable-onchange-script"
# make deinstall
# make reinstall

Please make sure to run the following after upgrading vpopmail to make sure it works ok with TLS/SSL:

# cd ~vpopmail/bin
# chmod 6711 vchkpw
# chown vpopmail:vchkpw vchkpw

SpamAssassin - When I have run portupgrades with Spamassassin in the past, I usually don't run into any issues except the upgrade from 2.6x to 3.0.1. There were quite a few changes from version to version including some of the required modules that were new, like the SPF addon for it and such. If you do run a portupgrade on Spamassassin, I would go to Spamassassins website http://www.spamassassin.org and read the README files under the download section of the site. There it will tell you any changes/modifications that have been done since the previos version. I would also check the rules under /usr/local/etc/mail/spamassassin file, specifically local.cf, to see if any additions or deletions were made.

Restart Spamassassin and then we will need to update the qmail-scanner database by running the following commands:

# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -p (If you're running qms 2.x)

This will update the header info and the qmail-scanner database and keep everything up to date.

ClamAV - ClamAV is probably the worst one out of all of them all but I make it easy for you, ClamAV changes almost every three months, possibly sooner. I would recommend backing up the clamd.conf and freshclam.conf in /usr/local/etc and then run portupgrade -r clamav. Then chown the following folders:

# chown -R qscand:qscand /var/log/clamav
# chown -R qscand:qscand /var/run/clamav/
# chown qscand:qscand /var/db/clamav/

I would then copy the backups of clamd.conf and freshclam.conf back to /usr/local/etc and then run freshclam to make sure evrything is working perfectly. Restart clamd and then we will need to update the qmail-scanner database by running the following commands:

# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -p (If you're running qms 2.x)

This will update the header info and the qmail-scanner database and keep everything up to date.

You will want to restart ClamAV.

Qmail-scanner - At the time of this writing, I would NOT recommend doing a portupgrade of qmail-scanner. There are a few reasons why. First, It does not even reqister with the packages system as we run the configure commands manually. Second we manually patch it with the qms-analog patch to get the nifty qmail-analog reports. So if a new vesion of qmail-scanner is released, I will update the documentation within a few days of it being released.

Qmailadmin - This is something else I wouldn't recommend doing a portupgrade on. When the new version comes out just make deinstall on the port and run through the guide as normal only using the newest version from ports. It just can't get any easier than that!

vqAdmin - Nothing needs to be backed up here. Just make deinstall the port and then follow the guide when the the new version comes out.

Dovecot - A simple portupgrade and a restart shouldn't be an issue at all.

Squirrelmail - This one is a rarity but every so often a squirrelmail upgrade does come up and if it does, backup your squirrelmail folder and then run a portupgrade -r squirrelmail and then double-check to make sure your conf files are setup correctly as they might change.

Logs

it probably wouldn't be a bad idea to rotate the qmail-scanner logs as they can get huge. These logs are stored in /var/spool/qmailscan and I would suggest adding the following to your /etc/newsyslog.conf:

/var/spool/qmailscan/qmail-queue.log qscand:qscand 600 5 256 * JC
/var/spool/qmailscan/qms-events.log qscand:qscand 600 5 256 * JC
/var/spool/qmailscan/quarantine.log qscand:qscand 660 7 * @T00 JC

If you would like a description of what each section does, do this:

# man 5 newsyslog.conf

The /var/log/mallog file is already rotated in newsyslog.conf once a day.

Saturday, 24 October 2015 16:08

Enabling Client-Side filters

Written by

If you would like your users to be ble to setup their own custom rules, you can do this with managesieve as shown below.


# cd /usr/ports/mail/dovecot-managesieve
# make install clean

You can enable the managesieve service in dovecot by adding managesieve to the protocols in dovecot.conf


# vi /usr/local/etc/dovecot.conf

add managesieve to the protocols setting. Save and then restart dovecot:


# svc -t /service/dovecot

Next we need to check what port managesieve is running on. Run sockstat -l4 and look for the following:


dovecot  managesiev 23920 4  tcp4   *:2000                *:*
dovecot  managesiev 23919 4  tcp4   *:2000                *:*

This is telling you that managesieve is running on port 2000. I have marked the relevant sections above in red. Now lets copy a few things:


# cd /usr/local/www/roundcube/plugins/managesieve/
# cp config.inc.php.dist config.inc.php
# vi config.inc.php

And at the top we need to match the port number with the port we found when running sockstat -l4.


$config['managesieve_port'] = 2000;

Save, exit and run the following:


# cd /usr/local/www/roundcube/config/
# vi config.inc.php

and add managesieve to the plugins section:


   'managesieve'

Save and exit. You should now have the filter enabled and working on roundcube. Further information on configuration can be found at:

http://Wiki.Dovecot.org/ManageSieve

Sunday, 27 September 2015 03:20

Troubleshooting

Written by

Alternate AMD64 installation

I  have had trouble with the AMD installation from time to time. If you have trouble sending or receiving please try this alternate method:

# cd ~root
# fetch http://freebsdrocks.net/qmail2/netqmail-valid.tgz
# cd netqmail-1.06
# qmailctl stop
# make man
# make setup check

Now lets reinstall qmail

# cd /usr/ports/mail/qmail
# make reinstall

Once you're finished lets start qmail

# qmailctl start

Sending or Receiving issues

If you are having issues sending or receiving please check the following logs:

qmail-send logs

# tail -f /var/log/qmail/qmail-send/current | tai64nlocal

qmail-smtpd logs

# tail -f /var/log/qmail/qmail-smtpd/current | tai64nlocal

qmail-smtpd-ssl (Port 465)

# tail -f /var/log/qmail/qmail-smtpd-ssl/current | tai64nlocal

dovecot

# tail -f /var/log/qmail/dovecot/current | tai64nlocal

spamd

# tail -f /var/log/qmail/qspamd/current | tai64nlocal

clamav

# tail -f /var/log/qmail/clamav/current | tai64nlocal

451 qq Temporary problem

if you get the dreaded 451 qq temporary problem click here

 

 

Sunday, 27 September 2015 03:01

Adding Junk/Not Junk Features to Roundcube

Written by

In this walkthrough we will add the Junk/Not Junk buttons to the Roundcube interface. This will allow users to report spam and also report non-spam. There is also an included variable; Once the users have read the Junk mail you will be able to see the files in a predetermined spam box. This is completely optional but will give you more control over what users report.

First lets download the plugin and install it.


# cd /usr/local/www/roundcube/plugins
# fetch https://github.com/JohnDoh/Roundcube-Plugin-Mark-as-Junk-2/archive/master.zip
# unzip master.zip
# mv Roundcube-Plugin-Mark-as-Junk-2-master markasjunk2
# cd /usr/local/www/roundcube/config
# vi config.inc.php

look for plugins array:

$config['plugins'] = array(
    'archive',
    'zipdownload',
    'managesieve',
    'jqueryui',
    'recipient_to_contact',

add

    'markasjunk2'

Looks like

 'archive',
    'zipdownload',
    'managesieve',
    'jqueryui',
    'recipient_to_contact',
    'markasjunk2'

Save and Exit. Now copy the default config.inc.php so this will work properly.


# cd /usr/local/www/roundcube/plugins/markasjunk2
# cp config.inc.php.dist config.inc.php

The defaults are fine. No changes are needed. When you mark an email as Spam it will try to move it to a Junk folder which will not exist. To make this seamless for your users we will need to create a symbolic link for .Junk to point to spam. We can do this in the ~vpopmail/skel folder as follows:


# cd ~vpopmail/skel/Maildir
# ln -s .Spam/ .Junk

The following section is optional. If you would like to see users' read Spam messages you can direct the read messages to a master spambox or just put this in a postmaster mailbox. It's entirely up to you.

Lets add This email address is being protected from spambots. You need JavaScript enabled to view it. first


# ~vpopmail/bin/vadduser This email address is being protected from spambots. You need JavaScript enabled to view it.

Now lets create a symbolic link to the spambox Junk folder.


# cd ~vpopmail/skel/Maildir/.Junk
# rm -R cur

change spambox to the sa-learn catchall user for all domains


# ln -s /usr/home/vpopmail/domains/testdomain.com/spambox/Maildir/cur cur

Special thanks to Steve Donohue

Tuesday, 11 August 2015 18:14

Installing Qmailadmin

Written by

QmailAdmin is a cgi program for administering Qmail with vchkpw. It provides a web interface to create users, aliases, install ezmlm lists and also configure mailing robots. For more information, Please see http://www.inter7.com/qmailadmin/

We need to enable the cgi setting in the httpd.conf file as follows:


# vi /usr/local/etc/apache24/httpd.conf

Uncomment this line:


LoadModule cgi_module libexec/apache24/mod_cgi.so

Now restart apache:


# /usr/local/etc/rc.d/apache24 restart

We will want to extract qmailadmin and apply John Simpsons onchange patch. Since qmailadmin doesn't support onchange out of the box, We need to add support for it:


# cd ~root
# fetch http://freebsdrocks.net/qmail2/qmailadmin-1.2.16.tar.gz
# tar zxvf qmailadmin-1.2.16.tar.gz
# cd qmailadmin-1.2.16
# fetch http://freebsdrocks.net/qmail2/qmailadmin-1.2.12-onchange.3.patch
# patch < qmailadmin-1.2.12-onchange.3.patch

Don't be too concerned about the version conflicts. The patch applies cleanly without errors. You should get a fairly short output.

We now want run the configure command for qmailadmin. Please change the sections cgibindir, htmldir and imagedir to the cgi, html and image paths on your system.

Please type the make CONFIGURE_ARGS line in as ONE COMPLETE LINE!!!


./configure --enable-modify-spam=Y --enable-spam-command='|preline -f /usr/local/bin/maildrop mailfilter' --enable-htmldir=/usr/local/www/apache24/data --enable-cgibindir=/usr/local/www/apache24/cgi-bin --enable-imagedir=/usr/local/www/apache24/data/images --enable-qmaildir=/var/qmail --enable-vpopuser=vpopmail --enable-vpopgroup=vchkpw --enable-autoresponder-path=/usr/local/bin --enable-ezmlmdir=/usr/local/bin/ezmlm --enable-modify-quota --disable-ezmlm-mysql

Run the following to install qmailadmin:


# make
# make install-strip

If that compiles with no errors, qmailadmin is installed.

Copying image files

We need to copy the image files so they appear on the qmailadmin page:


# mkdir /usr/local/www/apache24/data/images /usr/local/www/apache24/data/images/qmailadmin/ (You may or may not need to run this command)
# cp -Rp /root/qmailadmin-1.2.16/images/* /usr/local/www/apache24/data/images/qmailadmin/

Configuring qmailadmin

When we add new users via qmailadmin, we want Spam Fighting turned on by default. Edit the following:


# vi /usr/local/share/qmailadmin/html/add_user.html

and then do a search for

<input type="checkbox" name="spamcheck">

and change it to

<input type="checkbox" name="spamcheck" checked>

This allows the "Spam Detection" box in the users email-account to automatically be checked when each user in qmailadmin is created.

That is it for configuring qmailadmin! If you go to http://www.domain.xxx/cgi-bin/qmailadmin you should see the logon screen. You can create some mailboxes for your domain if you like. If you need to add a domain, I would use the command line tool at ~vpopmail/bin/vadddomain

Sunday, 05 July 2015 13:17

Installing Roundcube

Written by

Requirements:

Apache 2.4+, Mysql Server 5.1+ and php5.6. Anything that depends on php5 not already installed the port will install for you.

The Roundcube webmail software is available in FreeBSD ports. If you want to learn more about FreeBSD packages and ports, please read The FreeBSD Handbook, chapter 4.

The ports for Roundcube webmail is available in /usr/ports/mail/roundcube. To install roundcube, you will need to type the following:


# cd /usr/ports/mail/roundcube
# make install clean

Make sure the following options are checked:

[X] DOCS
[X] SSL
[X] MYSQL

You will also want to install the following ports if they are not installed already.


# cd /usr/ports/graphics/php56-exif
# make install clean
# cd /usr/ports/security/php56-openssl
# make install clean
# cd /usr/ports/security/php56-mcrypt
# make install clean
# cd /usr/ports/sysutils/php56-fileinfo
# make install clean

By default, roundcube is installed in /usr/local/www/roundcube/

Now, I’m going to symlink the roundcube folder as follows:


# cd /usr/local/www/apache24/data
# ln -s /usr/local/www/roundcube/ .

To create a database in mysql do the following:


# mysql -u root -p

Type in your password at the prompt. Then lets create the roundcube database.


# create database Roundcube;

Now we need to run the following 3 commands:


GRANT select,insert,update,delete,create,drop ON Roundcube.* TO myusername@localhost IDENTIFIED BY 'mypassword';
FLUSH PRIVILEGES;
quit

Now lets copy the default dovecot configuration file:


# cd /usr/local/www/roundcube/config
# cp /root/qmail/rc.config.inc.php.sample config.inc.php

Now we will want to open config.inc.php and change the following settings:

$config['dbdsnw'] = 'mysql://username:secretpass@localhost/database';

$config['default_host'] = 'localhost';

$config['smtp_port'] = 465;

Now lets edit some of the roundcube defaults to make things easier for new users:


# cd /usr/local/www/roundcube/config
# vi defaults.inc.php

Now we will want to open defaults.inc.php and change the following settings:

$config['show_images'] = 1;

$config['preview_pane'] = true;

Now, you need to import the database structure into your roundcube database. You can copy and paste them into phpMyAdmin or you can use the following command:


# cd /usr/local/www/roundcube/SQL
# mysql -u user -p database < mysql.initial.sql

All done, congratulations! You have installed roundcube on your server. You can access your roundcube webmail on

http://localhost/roundcube/ (You can change your localhost to your hostname).

You can now login with your username and password on your IMAP server.

This plugin is HIGHLY RECOMMENDED!!

The antiBruteForce Plugin is to prevent brute force user and pass attempts on Rouncube Webmail - Autoban feature with White List feature.


# cd /usr/local/www/roundcube/plugins
# fetch http://freebsdrocks.net/qmail2/antiBruteForce_v2.0.tar.gz
# tar zxvf antiBruteForce_v2.0.tar.gz
# cd /usr/local/www/roundcube/config
# vi config.inc.php

Under plugins add the antibruteforce plugin line:

'antiBruteForce',

Now your plugins should look like:

    'archive',
    'zipdownload',
    'managesieve',
    'antiBruteForce',

Now let's restart apache for good measure:


# /usr/local/etc/rc.d/apache24 restart

Enabling the Roundcube Recipient To Contact Plugin

Recipient To Contact is a plugin to quickly add new contacts to address books. When sending an email to recipients that aren't in the address book, this plugin displays a form to quickly save these contacts. Inspired by Automatic Addressbook plugin.

We need to enable the jqueryui plugin first and then download the Recipient-To-Contact plugin and then enable both plugins.


# cd /usr/local/www/roundcube/plugins/jqueryui
# cp config.inc.php.dist config.inc.php
# cd ~root
# fetch http://freebsdrocks.net/qmail2/Recipient-To-Contact-master.zip
# unzip Recipient-To-Contact-master.zip
# cd Roundcube-Plugin-Recipient-To-Contact-master/
# mv recipient_to_contact/ /usr/local/www/roundcube/plugins/
# cd /usr/local/www/roundcube/config
# vi config.inc.php

Now under the '// List of active plugins (in plugins/ directory)' section of the config.inc.php add the two sections below:


    'jqueryui',
    'recipient_to_contact',

It should now appear like the following:


// List of active plugins (in plugins/ directory)
$config['plugins'] = array(
    'archive',
    'zipdownload',
    'jqueryui',
    'recipient_to_contact',
    'managesieve',
);

If you log out and log back into roundcube it should work fine.

You can find additional roundcube plugins here http://trac.roundcube.net/wiki/Plugin_Repository

Sunday, 05 July 2015 13:18

Installing Dovecot

Written by

Dovecot Server Information

Before we continue let me say that I have tried for about a month to get Roundcube to communicate with Dovecot via SSL with lots of failures. Using the standard IMAP part it works fine but 8/10 times it wouldn't work with SSL. For the time being this will be an unsecure connection. Having said that if Roundcube is communicating with Dovecot locally I don't believe this is a security issue.

Dovecot is an open-source IMAP, IMAP-SSL and POP3 server. It was written with security as one of its primary goals, and is flexible enough to work with just about any kind of back-end mailbox storage system, including vpopmail's folder structure. It also works with a large number of authentication back-ends, again including vpopmail. In this walkthrough we are only going to configure Dovecot 2 with IMAP-SSL and POP3-SSL and managesieve.

The first step is to install Dovecot 2 from ports.


# cd /usr/ports/mail/dovecot
# make install

When you run make install it will give you the various configure options available. Make sure the following options are checked:

DOCS
KQUEUE
MANAGESIEVE
SSL
VPOPMAIL

Configuring Dovecot

Dovecot itself uses the dovecot.conf for the main configuration file. What I am going to do here is provide a working dovecot.conf that has all options configured for you that use POP3D-SSL and also IMAPD-SSL for the most secure setup possible. Managesieve is enabled for filtering. Feel free to take a look at dovecot.conf before enabling dovecot.


# cd /usr/local/etc
# mv dovecot.conf bak_dovecot.conf
# cp /root/qmail/dovecot.conf.sample dovecot.conf
# mkdir /var/qmail/supervise/dovecot/log
# cd /var/qmail/supervise/dovecot/log
# fetch https://freebsdrocks.net/qmail2/service-any-log-run
# mv service-any-log-run run
# chmod 0755 run
# vi run

In the run file change the second-to-last line to match the following:

multilog t n1024 s1048576 /var/log/qmail/dovecot \


# cd /var/qmail/supervise/dovecot/
# fetch http://freebsdrocks.net/qmail2/dovecot-run
# mv dovecot-run run
# chmod 0755 run

Now lets start the dovecot service:


# ln -s /var/qmail/supervise/dovecot /service/

Wait about ten seconds and then run the following command to make sure there are no issues:


# svstat /service/dovecot /service/dovecot/log

Page 1 of 2