Blue Flower

Bill

Bill

Monday, 06 July 2015 00:40

Understanding rcpthosts and locals

rcpthosts - domains that we accept mail for - mostly used for vpopmail virtual domains that reside in /home/vpopmail/domains

If rcpthosts does not exist, you are an open relay. If it exists and is empty and there is no "morercpthosts.cdb" file as well, then your server will reject all incoming mail.

locals - domains that we deliver locally - mostly used for local delivery /home/$USER/Maildir

What to put in rcpthosts and locals: domain names
What NOT to put in rcpthosts: IP Addresses

Taken from http://www.lifewithqmail.org

Monday, 06 July 2015 00:39

Using POP before SMTP

Just skip the jsauth smtp patch and compile vpopmail with: ./configure --enable-roaming-users

Monday, 06 July 2015 00:39

How to access the qmail manpages

To add the qmail manpages, edit the following files:

For Bash (/etc/profile)
MANPATH=/var/qmail/bin:$MANPATH

For *sh (/etc/csh.login for csh and /etc/.cshrc for tcsh)
setenv MANPATH "/var/qmail/bin:${MANPATH}

Please logout and log back in for those settings to take effect or type 'source ~/.cshrc'
if you're using tcsh

Monday, 06 July 2015 00:38

How to setup qmail graphs with MRTG

How to get the qmail graphs working with mrtg.
graphs inclue rbl, validrcptto, jgreylist, and more
By William Olson http://freebsdrocks.net http://goodcleanemail.com
------------------------------------------------------------------

# cd /path/to/stats
# fetch http://www.goodcleanemail.com/files/tarballs/qmailmrtg2.tgz
# tar zxvf qmailmrtg2.tgz

Run the following commands to start the graphs at 0

# echo "     0" > /tmp/rbl-found
# echo "     0" > /tmp/valid-found
# echo "     0" > /tmp/jgrey-found
# echo "     0" > /tmp/vir-found

Edit the following files and change the "hostname" to your host in each file at the bottom
the uptime might need to be edited to work on your box

Note: When you are editing mrtg-clam, please note the location of the log file. If you are not using
the setup for FreeBSDrocks.net, this path may need to be changed to /var/log/clamav/clamd.log

mrtg-clam
mrtg-jgrey
mrtg-rbl
mrtg-valid

Now to set the correct file permissions:

# chmod 755 mrtg-clam
# chmod 755 mrtg-jgrey
# chmod 755 mrtg-rbl
# chmod 755 mrtg-valid

Now open up qmailmrtg.cfg and change the WorkDir at the top to the folder where the qmailmrtg will be saved
Change each instance of myhostname to your mailserver name or ip or whatever. Easiest way is to do it like so:

:%s/myhostname/newhostname/g

This is just a find and replace script. What this does is it replaces all instances of myhostname with newhostname

Scroll down to the end of qmailmrtg.cfg and change the following lines:

Target[clam]: `/path/to/stats/mrtg-clam`
Target[valid]: `/path/to/stats/mrtg-valid`
Target[rbl]: `/path/to/stats/mrtg-rbl`
Target[jgrey]: `/path/to/stats/mrtg-jgrey`

run /usr/local/bin/mrtg qmailmrtg.cfg and just make sure you don't have any errors.

Now to put the stats in cron:

*/5 * * * * /usr/local/bin/mrtg /path/to/qmailmrtg.cfg > /dev/null 2>&1

After about 15-20 minutes you should start seeing graphs.

Now to clean up the install:

# cd /path/to/stats
# rm qmailmrtg2.tgz
# rm install-*

Monday, 06 July 2015 00:36

How to enable bayes autolearning

Updated 2/9/10: Updated links so they worked correctly. Removed the references for maildrop and procmail spam filtering as they are now obsoleted.

There are a few things you need to train spamassassin to do before bayes can start learning how to tell the difference between spam and non-spam. The more you train bayes, the better the learning algorithm.

Before continuing on I want to let you know about 1 thing. If you are running the freebsdrocks spamd service, you do not have to change spamd to a non-root user. The service is configured to run as user qscand. Please skip down to the section that starts First to make sure bayes can be turned on, bayes needs to be trained for 200 hams and 200 spams. Run the following command:

Before starting with Bayes, one of the things I would suggest is running SpamAssassin as a non-root account. You can do this by adding an option to the spamd.sh startup script. Edit your SpamAssassin startup script and look for the following line. I give 2 different options depends on what version of SpamAssassin you're running.

Option 1: spamd_flags=${spamd_flags:-"-d -x -r ${spamd_pidfile} "}
Option 2: : ${spamd_flags="-c  "}

Add the -u qscand to make SpamAssassin run as user qscand:

Option 1: spamd_flags=${spamd_flags:-"-u qscand -d -x -r ${spamd_pidfile} "}
Option 2: : ${spamd_flags="-c -u qscand "}

The path or flags file may vary from system to system. When you are done, save and exit and restart spamd. All your spamd processes should now run as qscand.

First to make sure bayes can be turned on, bayes needs to be trained for 200 hams and 200 spams. Run the following command:

# sa-learn --dump magic

0.000 0 5752 0 non-token data: nspam
0.000 0 1702 0 non-token data: nham

As you can see from the above example, I have 5752 spams and 1702 hams
The spam and ham totals must be at least 200 each.

The nspam total is the total amount of spams Bayes has learned.
The nham total is the total amount of hams Bayes has learned.

Here is how to train SpamAssassin hams and spams.

There are a few ways to feed sa-learn spams and hams. The easiest way is
by running the command right from console. Lets just say that you have a
folder in ~vpopmail/domains/domain.ext/test/Maildir/spam. Run the sa-learn
command like so. Replace domain.ext with your domain andreplace user with the actual user on your system :

# sa-learn --spam ~vpopmail/domains/domain.ext/user/Maildir/.Spam/new

To learn hams in ~vpopmail/domains/domain.ext/user/Maildir/new, run

# sa-learn --ham ~vpopmail/domains/domain.ext/user/Maildir/new

You'll get an output similar to the following in wither either case. Actual messages numbers may vary.

Learned from 30 message(s) (30 message(s) examined).

This tells you that out of 30 messages in the new folder, 30 were learned. If you run sa-learn --dump magic, your nspam total will have 30 more new messages learned as spam.

You basically need 200 hams and 200 spams before you can enable bayes autolearning. Once you have done that, add the following lines to your local.cf

# The line below needs to point to the users bayes_path that spamassassin runs as. In this case, the qscand home folder is /tmp
bayes_path /tmp/.spamassassin/bayes
use_bayes 1
bayes_auto_learn 1
bayes_file_mode 0770

The first line tells the bayes path to tell bayes where to store the bayes database. The next line enables bayes. The next line after that enables autolearning. and the next line just forces a chmod of 770 on the bayes database for security reasons.

Restart spamd and within a day or so you will see autolearn appear in your headers. I am not sure why it takes so long for it to come into the header part of the emails. It just does for some reason.

How to install Dcc:

# echo "WITHOUT_SENDMAIL=yes" >> /etc/make.conf
# cd /usr/ports/mail/dcc-dccd
# make install clean

Now lets install Pyzor

# cd /usr/ports/mail/pyzor
# make install clean

When the popup box comes up, Hit Tab and hit Enter on the Keyboard.

And last we need to install Razor Agents

# cd /usr/ports/mail/razor-agents
# make install clean

You will now need to create a config file for razor using a non-root
account. Substitute test with a real non-root user on your system:

# su test
# razor-admin -create (It should just drop to the next line)
# exit

We now need to register razor with the Razor servers. Replace the test
user with the actual username you used above to create the razor
account. Type in a password and hit enter.

# razor-admin -register -user=test -pass yourpass -home=/home/test/.razor

If successful, it should say:

Register successful. Identity stored in /home/user/.razor/identity-user

You can now integrate razor with SpamAssassin. Lets backup your local.cf first:

# cd /usr/local/etc/mail/spamassassin
# cp local.cf baklocal.cf

Now add/modfy the following to local.cf . Again, Replace the test user with
the actual username you used above to create the razor account.

loadplugin Mail::SpamAssassin::Plugin::DCC
dcc_path /usr/local/bin/dccproc
score PYZOR_CHECK 1

We now need to create the /var/dcc folder

# mkdir /var/dcc
# chown qscand:qscand /var/dcc
# chmod 755 /var/dcc

Just to make sure everything is running correctly, run:

# spamassassin --lint

And fix any errors that come up!

We're done!

In order for complete email and headers to be send to someone you must forward the email as an attachment rather than just inline text. Outlook Express and previous versions of Outlook allow you to "Forward As Attachment" by either right clicking on the message or opening the message and choosing that option from one of the menu's at the top. However in their infinite wisdom, Microsoft decided no one needed that option any more, so you now have to either save the file and then attach it to the email OR you can use this method which seems to work in all versions of Outlook (NOT OUTLOOK EXPRESS - it has "Forward As Attachment"):

1 - Create a new email message and type the email address to send it to
2 - minimize your new message window or move it out of the way
3 - click on the spam message and drag it to the new message window
4 - drop the spam message onto the Attachments Icon (normally a paper clip)

You should see the email message in the attachments list and can attach more spam or just send the email.

Special thanks to Cavin Greer

Sunday, 05 July 2015 23:59

How to Setup Courier POP3D-SSL

There are some people out there that want added security for POP users. This document will walk you through configuring POP3DSSL. This will make a nice addition for your freebsdrocks.net site as you already have smtp using TLS or SSL for your users sending mail. The only requirement here is to make sure Courier-Imap 4.x is installed.

First, We create the POP3DSSL Directory and log folders.

# cd /var/qmail/supervise
# mkdir -m 1755 courier-pop3dssl
# cd courier-pop3dssl
# fetch http://freebsdrocks.net/files/courier-pop3dssl-run
# mv courier-pop3dssl-run run
# chmod 755 run
# mkdir -m 755 log
# cd log
# fetch http://freebsdrocks.net/files/service-any-log-run
# mv service-any-log-run run
# chmod 755 run

And now to make a pop3d and a pop3d-ssl conf file and also change a few settings in the pop3d-ssl file

cd /usr/local/etc/courier-imap/

# cp pop3d.cnf.dist pop3d.cnf
# vi pop3d.cnf

make changes to reflect your server information in pop3d.cnf.
Make sure CN=mail.yourserver.com
And change the email address to your address

# cp pop3d-ssl.dist pop3d-ssl

Change the SSLADDRESS to the IP of the server you're running it on.

if you use SSLADDRESS=0, the resulting server will try to listen on that port number (usually 143 or 993) for EVERY IP ADDRESS ON THE SYSTEM. If any other program (such as another instance of the service) is listening on a specific IP with the same port, the SSLADDRESS=0 server will refuse to start... and if the SSLADDRESS=0 service is already running, the other one (with the specific IP) will refuse to start.

Change the POP3DSSLSTART=NO to

POP3DSSLSTART=YES

Now below that section we need to add

MAXDAEMONS=40

Now to make the pop3dssl cert...

# /usr/local/share/courier-imap/mkpop3dcert

Now to start the daemon

# ln -s /var/qmail/supervise/courier-pop3dssl /service/

Now to check the service run

# svstat /service/courier-pop3dssl /service/courier-pop3dssl/log

If both items have been up for more than 1 second, Courier-pop3dssl is installed!

This requires that you are running SquirrelMail 1.4.x or above and Apache 2.2 or higher.

Download the following related files into your squirrelmail plugins folder:

# cd /usr/local/www/squirrelmail/plugins << For FreeBSD (Other systems may vary)
# fetch http://www.goodcleanemail.com/files/tarballs/spam_buttons-2.3-1.4.0.tar.gz
# fetch http://www.goodcleanemail.com/files/tarballs/compatibility-2.0.14-1.0.tar.gz

What we want to do now is create 2 email addresses for vpopmail. We want to create one for ham and one for spam reporting. You can do this as follows:

# ~vpopmail/bin/vadduser thisisspam @ domain.com password
# ~vpopmail/bin/vadduser thisisham @ domain.com password

Make sure password in the 2 examples above are not the actual password. Just create random ones if you like.

Now lets unzip them

# tar zxvf spam_buttons-2.3-1.4.0.tar.gz
# tar zxvf compatibility-2.0.14-1.0.tar.gz

Now to configure spam buttons:

# cd spam_buttons
# cp config_example.php config.php
# vi config.php

The first section under General Options is, well, optional. When you get to the section that says // REPORT-BY-EMAIL OPTIONS, this is where you change a few things:

# $is_spam_resend_destination = ' This email address is being protected from spambots. You need JavaScript enabled to view it.';
# $is_not_spam_resend_destination = ' This email address is being protected from spambots. You need JavaScript enabled to view it.';

Verify the following is set:

//$spam_report_email_method = 'bounce';
$spam_report_email_method = 'attachment';
//$is_spam_subject_prefix = 'SPAM';
//$is_not_spam_subject_prefix = 'HAM';

If you are using my freebsdrocks.net setup, make sure to remove the .qmail files and mailfilter from the vpopmail directory like so

# rm ~vpopmail/domains/domain.com/thisisspam/.qmail
# rm ~vpopmail/domains/domain.com/thisisspam/mailfilter
# rm ~vpopmail/domains/domain.com/thisisham/.qmail
# rm ~vpopmail/domains/domain.com/thisisham/mailfilter

Also, In the config.php and you're using my freebsdrocks setup, You can change the 2 following sections in config.php

$sb_report_spam_by_move_to_folder = 'Inbox.Spam';
$sb_report_not_spam_by_move_to_folder = 'Inbox';

You should now exit and save the file. This script successfully reports and process each message.
However, It does not delete the message when it is being reported.

If you are running Squirrelmail 5.x, Skip the following patch section.

Patch SquirrelMail 1.4.x to enable button display on the message list page. The patch should be run from the spam_buttons directory.

patch -p0 < patches/spam_buttons-squirrelmail-1.4.4.diff

You will now want to enable the plugin by doing the following:

# cd /usr/local/www/squirrelmail/plugins/config
# ./conf.pl

Go to

8. Plugins

Look under Available Plugins: and look for spam_buttons which is usually the last one at the bottom. The number to the left of it is the number you want to type in to enable it. Do that and hit enter and

then you should see it under Installed Plugins. Also enable the Compatability plugin as well before you continue. Press S and hit enter to save the data and hit Q to quit and hit enter. The squirrelmail plugin is now enabled and functional.

The startup scripts I just put in my bin directory in my ~home drive.

# cd ~user
# mkdir bin
# cd bin
# fetch http://www.goodcleanemail.com/files/tarballs/autolearn2.tgz
# tar zxvf
autolearn2.tgz


Edit spamauto.sh and hamauto.sh and change the sections that say:

DOMAIN="domain.com"
SPAMUSER="thisis*am"
MAILDIR="/home/vpopmail/domains/$DOMAIN/$SPAMUSER/Maildir/new"
SA_LEARN_LOG="/var/log/spamlearn.log"

Now you can put hamauto.sh and spamauto.sh in crontab like so:

0 1,13 * * * ~user/bin/hamauto.sh > /dev/null 2>&1
0 1,13 * * * ~user/bin/spamauto.sh > /dev/null 2>&1

This will tell crontab to run both scripts at 1PM and 1AM every day. Change at your discretion.

When this is completed, Users will now be able to report ham and spam. :-)

The most common cause of this error is a problem with the ClamAV installation. First check to make sure it's running by running the following:

# ps -auxw | grep clam

and you should get an output similar to

user 673 0.0 4.5 25320 21628 ?? Is 13Nov06 1:50.16 /usr/local/sbin/clamd

The user above can be anything. I personally use user qscand to run clamav as well as SpamAssassin.

Check the freshclam logs and check for errors. If you see any It could be due to the ownership/permissions on /var/db/clamav.

Most of these issues can be resolved by cleaning out the entire clamav installation. I would remove the following folders/files and then doing a clean install of clamav. Please also note that if you do not have these types of paths/files on your system, they may vary from distro to distro:

Files:
/usr/local/etc/rc.d/clamav-clamd (could also be startup scripts in /etc/rc.d or /etc/init.d in other systems)
/usr/local/etc/rc.d/clamav-freshclam (could also be startup scripts in /etc/rc.d or /etc/init.d in other systems)

Folders:
/usr/local/share/doc/clamav
/var/db/clamav
/var/log/clamav
/var/mail/clamav
/var/run/clamav

References:
For FreeBSD users, remove all the clamav references from /etc/rc.conf
Take freshclam out of crontab This may not exist if you are running clamav from daemontools.

If you are running the non-setuid install, run the following commands and then run the test_install.sh -doit script:

cd /var/qmail/bin

For setuid installs:

chmod 4755 qmail-scanner-queue.pl
chown qscand:qscand qmail-scanner-queue.pl

For NON-setuid installs:

chmod 4755 qmail-scanner-queue
chown qscand:qscand qmail-scanner-queue

vi qmail-scanner-queue.pl

Please note: If you are using the NON-SETUID version of qmail-scanner, your QMAILQUEUE variable will not have a .pl at the end. So instead of having

QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"; export QMAILQUEUE

you will have

QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"; export QMAILQUEUE

The first thing you will want to troubleshoot when getting this error is to find out if this is a qmail related problem or a qmail-scanner issue. In most cases, it's either qmail-scanner, clamav or spamassassin causing the problem.

Go to /var/qmail/supervise/qmail-smtpd/run and comment out the following line so it looks like this:

#QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"; export QMAILQUEUE

Restart qmail and then try sending a test message. If it goes through, We can proceed with the next step. Skip the next paragraph and continue with the next.

If you don't get your test message, it is a qmail delivery problem. What you will want to run is qmailctl stat and make sure ALL SERVICES are up FOR MORE than one second. If something is running around 0-1 seconds consistantly, Something is wrong with that service. Take a look at the logs for that service and troubleshoot from there. If you need more help, Join us on the IRC Freenode Server in channel #qmr, search the qmr mailing list archives , or try searching Google or the qmr forums.

Now we know that it's qmail-scanner related issue. Lets take a quick look at the QMAILQUEUE line in /var/qmail/supervise/qmail-smtpd/run:

QMAILQUEUE= "/var/qmail/bin/qmail-scanner-queue.pl"; export QMAILQUEUE

The Major hint here is to make sure you used quotation marks ( " ) and not an Apostrophe ( ' )

Now to check perl dependancies. Run the following command as a NON-ROOT USER:

/downloads/qmailrocks/scripts/util/check_perlmods.script

It is very important that the Perl versions are the same. So if one perl module is 5.8.5 and the rest are 5.8.8, It would be in your best interest to update that perl module to 5.8.8 as well. Please refer to step 14 of the guide for instructions on how to reinstall those modules.

Another thing we will check is to make sure clamav and spamd are running.

The way to check this is by running

ps -auxw | grep clamd and
ps -auxw | grep spamd

You should get an output similar to the ones below:

Please note: On some systems, You way want to run the ps aux | grep command without the - in it on the next 2 commands.

# ps -auxw | grep spamd

qscand 27003 0.0 9.6 38460 36392 ?? I 7:00AM 0:02.13 spamd child (perl)
qscand 27002 0.0 9.0 36044 34128 ?? Is 7:00AM 0:02.48
/usr/local/bin/spamd -u qscand -d -x -r /var/run/spamd/spamd.pid (perl 5.8.6)

# ps -auxw | grep clamd

qscand 191 0.0 2.7 11772 10328 ?? Ss Thu09AM 0:20.11 /usr/local/sbin/clamd

The spamd processes will vary from system to system. The default is 5 child processes.

Make sure your softlimit in /var/qmail/supervise/qmail-smtpd/run is 40MB (40000000) or more (If you are using the original qmail-rocks qmail-smtpd-run file)

One other thing that will cause this is if a file system is mounted with the
nosuid option. Take a look at /etc/fstab nosuid option. I found the entry in
/etc/fstab that was causing the problem.

Check to see if you are running perl with setuid. Click on the link below for the setuid related issues with perl and qmail-scanner.

http://freebsdrocks.net/index.php/16-useful-qmail-utilities/spamassassin/45-correcting-spamassassin-and-qmail-scanner-problems

Suse has a setuid problem. Click the following link for more information.

http://freebsdrocks.net/index.php/13-useful-qmail-utilities/43-setuid-on-suse

You can also check the log files at the following locations to look for a more descriptive error:

/var/log/maillog
/var/spool/qmailscan/qmail-queue.log
/var/log/qmail/qmail-smtpd/current

Also try chmod 4755 /var/qmail/bin/qmail-scanner-queue.pl

See Disabling SpamAssassin or Clamav from qmail-scanner below:

http://freebsdrocks.net/index.php/13-useful-qmail-utilities/44-how-to-disable-enable-sa-clam-av-or-both-in-qmail-scanner

If you use the clamav ownership, rather than qscand, the perl wrapper ends up
owned as qscand, rather than clamav.

Also check out John Simpsons post about getting qmail-scanner to work with clamav.

https://qmail.jms1.net/clamav/qmail-scanner.shtml

Make sure that /var/spool/qmailscan/quarantine-attachments.db is being owned by qscand:qscand. Running /var/qmail/bin/qmail-scanner-queue.pl -g as root (w/o setuidgid) will change the db ownership

Page 10 of 14