Blue Flower

Sunday, 05 July 2015 13:26

Installing vpopmail with onchange

Written by

This documentation will attempt to take you through a step-by-step installation of John Simpson's qmail-updater service with vpopmail. If you don't know what this service does please visit the qmail-updater site here.

The qmail-updater service is actually very easy to install. The instructions given by John Simpson on his site are very easy to follow. The problem is the services won't work once you have all the right pieces in place. For convenience, I have transposed John Simpson's documentation to this documentation with his permission and also a special thanks to Jason King for the modified documentation he wrote specifically for FreeBSD.

For convenience, I have transposed John Simpson's documentation to this documentation with his permission and also a special thanks to Jason King for the modified documentation he wrote specifically for FreeBSD.

Let's get things started:

One of the first things we need to do is fetch the tarball which contains the vpopmail skel(eton) files. Why do we need this you say? In layman's terms, rather than having vpopmail make a basic Maildir with new, cur and tmp in it, we are going to replace that with a completely customized Maildir. The next few commands will fetch the tarball, extract it in the correct place and then chown and chmod it.

# cd ~vpopmail
# fetch
# tar zxvf skel4.tgz
# chown -R vpopmail:vchkpw skel/
# chmod -R 700 skel/
# rm skel4.tgz

We now need to change where vpopmail is located in FreeBSD. The location where ports will try to install it is /usr/local/vpopmail so we're going to delete that folder and symlink it to ~vpopmail. Please change the section /home/vpopmail below if you have changed the default location of the vpopmail home directory. If you didn't or you're not sure it will be ok to proceed with the command below. Otherwise edit to taste :-)

# cd /usr/local
# ln -s /home/vpopmail /usr/local/vpopmail

You will need to set the service up to run under daemontools. This process is very painless. Just copy
and paste commands into the command line and everything will be fine. (Steps copied from

# cd /var/qmail/supervise
# mkdir -m 1755 qmail-updater
# mkdir -m 755 qmail-updater/log
# mkdir /var/log/qmail/qmail-updater
# cd qmail-updater/log
# fetch
# mv service-any-log-run run
# chmod 755 run
# vi run

Change this line (2nd from the bottom) in the run file:

multilog t n1024 s1048576 ./main

To this:

multilog t n1024 s1048576 /var/log/qmail/qmail-updater

# cd /var/qmail/supervise/qmail-updater
# fetch
# fetch
# fetch
# mv service-qmail-updater-run run
# chmod 755 pipe-watcher update-qmail run

The pipe-watcher script has some variables you can adjust for your own purposes. I found no reason to change anything on my installation so you can keep them the way they are if you wish.

The last step is to simply link the qmail-updater directory in the /service directory so daemontools can run it.

# ln -s /var/qmail/supervise/qmail-updater /service/

Wait a few seconds then run:

# svstat /service/qmail-updater /service/qmail-updater/log

You should see output similar to the following:

/service/qmail-updater: up (pid 5087) 6 seconds
/service/qmail-updater/log: up (pid 5087) 6 seconds

After you've finished linking the service into daemontools, you're done. The service is running and you are ready to test it.

The qmail-updater service works by watching a file for data, once the service sees data on that file, it runs a script which updates the validrcptto database. To test you will need to open two sessions into your server so you can watch a log file and perform an action on a file at the same time. Next, We need to install fakeroot and then go to the vpopmail port and then enable onchange and logging and then install vpopmail!

# cd /usr/ports/security/fakeroot
# make install clean
# cd /usr/ports/mail/vpopmail
# make CONFIGURE_ARGS="--enable-logging=p --enable-onchange-script"

When the options box pops up make sure the following boxes are checked:


Now lets install the vpopmail port:

# make install clean

If that runs without errors, vpopmail is configured and installed. At this point I would add a domain and make sure it adds it okay.

Your users will be very happy they will have the ability to turn on or off their spam protection, change their passwords and all kinds of other fun stuff.

Now that you have the qmail-updater service running, that means you should be able to add a user through qmailadmin or even the command line and the validrcptto database should updated automagically right? Nope, not yet. You don't have anyway of automatically writing data to that watched file yet. That is where the onchange script comes into play. Vpopmail is the program you use to add/del users and domains, but vpopmail doesn't have a hook in that qmail-updater service you just installed so adding a user doesn't write data to that watched file yet. Plus, if you don't have the version of vpopmail that knows to invoke the "onchange" script, it still will not work.

What you here is what we need to do to invoke the onchange script

# cd ~vpopmail/etc
# fetch
# mv onchange-skel onchange

This is the script that vpopmail will execute when a user/domain has been added/deleted from the system. Once you have created this file set the permissions on it:

# chown vpopmail:vchkpw ~vpopmail/etc/onchange
# chmod 750 ~vpopmail/etc/onchange
# chmod +x ~vpopmail/etc/onchange

This last command gives execute permissions to everyone on the file because I've not found a way to get this to work through qmailadmin otherwise.

Now that your onchange script is in place, go ahead and tail the qmail-updater log file again and open up another session to your server:

# tail -f /var/log/qmail/qmail-updater/current | tai64nlocal

Now try adding a domain through the command line and watch your log file to see if stuff appears in it:

# cd ~vpopmail/bin
# ./vadddomain password

If the log file fills up with stuff after you add this domain, congratulations, you are all done with the qmail-updater process. You may also keep the log session open and try to add a user with qmailadmin just to make sure, but it should work fine from there so long as the permission have been set.

If the log file doesn't move, that means your version of vpopmail does not have the onchange patch in it. Read more about the onchange patch at John Simpsons website at .

We need to now make a slight modification to the vchkpw file to make SMTP with SSL work correctly:

# cd ~vpopmail/bin
# chmod 6711 vchkpw
# chown vpopmail:vchkpw vchkpw

If you would like to specify a default username modify or create /var/qmail/control/defaultdomain and /home/vpopmail/etc/defaultdomain to specify your default domain. This will allow your users to just use their username to login rather than their entire email address.

Sunday, 05 July 2015 13:28

Installing Autorespond

Written by

Autorespond is a program that allows you to setup responders for forwarding and mailing robots in qmailadmin.

Installing from ports just can't get any easier than this:

# cd /usr/ports/mail/autorespond
# make install clean

Autorespond is installed!

Sunday, 05 July 2015 13:28

Installing EZMLM

Written by

Ezmlm-idx is a mailing list addon. It is the best (In my opinion) mailing list option out there. It works quite well with qmailadmin, which we will install later in the guide, and works seamlessly with qmail. For more information, Please see

Now to install the port:

# cd /usr/ports/mail/ezmlm-idx
# make install clean

If this runs without errors, We will proceed to the next step.

Before you can use the programs, you should copy the "ezmlmglrc.sample", "ezmlmrc.sample" and "ezmlmsubrc.sample" files in /usr/local/etc/ezmlm to "ezmlmglrc", "ezmlmrc" and "ezmlmsubrc" respectively.

# cp /usr/local/etc/ezmlm/ezmlmglrc.sample /usr/local/etc/ezmlm/ezmlmglrc
# cp /usr/local/etc/ezmlm/ezmlmrc.sample /usr/local/etc/ezmlm/ezmlmrc
# cp /usr/local/etc/ezmlm/ezmlmsubrc.sample /usr/local/etc/ezmlm/ezmlmsubrc

When that is done, ezmlm is installed!

Sunday, 05 July 2015 13:50

Installing UCSPI-TCP

Written by

UCSPI-TCP is a set of command-line tools for building TCP-based client/server applications. They are compliant to UCSPI, the UNIX Client-Server Program Interface. UCSPI tools are available for several different types of networks. For more information, please see

Installing ucspi-tcp is pretty straighforward:

# cd /usr/ports/sysutils/ucspi-tcp
# make install clean

Please make sure the SSL Protocol support box is checked.

When you run that command, you have 4 options. I would highly suggest installing the man pages. If you would like to use rblsmtp with uscpi, that is completely up to you. By experience alone, I can tell you enabling rbls will dramatically decrease the amount of spams you get. If you have or plan to have a large email server, this will definitely help in the long run.

Sunday, 05 July 2015 13:51

Installing Daemontools

Written by

Daemontools is a small set of very useful utilities, from Dan Bernstein. They are mainly used for controlling processes, and maintaining logfiles. For more information, please see

# cd /usr/ports/sysutils/daemontools
# make install clean

If you get a pop-up window when you do this, Just hit TAB and then click OK.

We now need to create the /service directory to get svscan running. We do that by:

# mkdir /service

You will now want to start the svscan server by running:

# csh -cf '/usr/local/bin/svscanboot &'

If you run ps -auxw | grep svscan, you will or should see something like this:

root 384 0.0 0.0 1652 8 con- I 16Jul05 0:00.01 /bin/sh /command/svscanboot
root 404 0.0 0.0 1244 140 con- S 16Jul05 9:04.68 svscan /service

We now need to tell FreeBSD to start daemontools on startup. Here is the command that tells freebsd to do that:

# echo "csh -cf '/usr/local/bin/svscanboot &'" >> /etc/rc.local

Before we continue on, we want to delete the startup script thats created when we installed daemontools:

# rm /usr/local/etc/rc.d/svscan

Sunday, 19 July 2015 01:41

Preinstallation Checklist

Written by

Qmail 2.0 will give you the best possible installation for a secure Mail Transfer Agent. This guide will provide the following services

POP3D-SSL (Port 995)
SMTP-SSL (Port 465)
SMTP-TLS (Port 587)
SMTP (Incoming only Port 25)
Secure Webmail running on Apache 2.4 and Roundcube for Webmail

There are two requirements for this guide:

At 23:59 UTC, December 31, 2016, FreeBSD 9.3, 10.1 and 10.2 will reach
end-of-life and will no longer be supported by the FreeBSD Security Officers
Team.  Users of FreeBSD 9.3, 10.1 and 10.2 are strongly encouraged to
upgrade to a newer release as soon as possible.

The guide supports 10.3 and 11.0

You will need to make sure your ports system is up-to-date.

If you are using IPv4 and not IPv6 you can disable the IPv6 checkmark from any port by running the following command:

# echo 'OPTIONS_UNSET=IPV6' >> /etc/make.conf

The following ports will need to be installed:

Curl - /usr/ports/ftp/curl
Perl 5.24 - /usr/ports/lang/perl5.24
Bash Shell - /usr/ports/shells/bash
Gmake – /usr/ports/devel/gmake
Unzip - /usr/ports/archivers/unzip
Wget - /usr/ports/ftp/wget
Bind Tools - /usr/ports/dns/bind-tools/

The following ports will need to be installed if you want to enable webmail on your server:

Apache 2.4 or better with SSL (SSL is HIGHLY recommended)
Mysql Server 5.6 or Higher

If you would like to create a queuing server please check out the following link:

A few of John Simpson's scripts use a link to perl which doesn't exist on FreeBSD so we need to create a symlink to it as follows:

# cd /usr/bin
# mv perl bak_perl
# ln -s /usr/local/bin/perl perl

Page 7 of 23