The reason why some pages do not fully load is that the router fragments IP packets if the PC MTU is misconfigured and a packet greater than 1492 bytes is sent to the router. This fragmentation does not occur on the return path through the universal access concentrator (UAC) (Cisco 6400 or 7200). When the UAC receives a packet greater than 1492 bytes, the packet is dropped, and the UAC generates and sends an Internet Control Message Protocol (ICMP) message to the web server that sent the oversized packet. The ICMP informs the web server that it sent an oversized packet and that it needs to resend the packet with a smaller MTU.

Note: For information about why the MTU size is 1492 bytes, refer to the PPPoE Baseline Architecture for the Cisco 6400 white paper.

The problem occurs because many web servers block ICMP messages, which causes the server to continuously send 1500-byte packets. These packets are dropped, and as a result, the requested web site does not load. If the web server is properly configured and ICMP messages are not blocked, the server adjusts its MTU and retransmits until the page loads completely.

A partially loaded page occurs when the initial data packets sent from the web server are under the 1492 byte maximum. However, a packet is then sent that exceeds this maximum. The server continues to retransmit this oversized packet that results in a partially loaded page and a “waiting for reply…” message in the status bar.

Bm                      A            F#m                        G
She sits in her corner, Singing herself to sleep
Bm                                   A F#m                                 G
Wrapped in all of the promises,  That no one seems to keep
Bm                                     A F#m                               G
She no longer cries to herself,  No tears left to wash away
Bm                                   A F#m                  G
Just diaries of empty pages,  Feelings gone astray
G                      A
But she will sing

[CHORUS: Ben Moody / Anastacia]
Bm G
‘Till everything burns, While everyone screams
Em A
Burning their lies,  Burning my dreams
Bm G
All of this hate, And all of this pain
Em A
I’ll burn it all down, As my anger reigns
‘Till everything burns

[ANASTACIA]
Ooh, oh

[BEN MOODY]

Bm A F#m G
Walking through life unnoticed,  Knowing that no one cares
Bm A F#m G
Too consumed in their masquerade,  No one sees her there
G A
And still she sings

[CHORUS: Ben Moody / Anastacia]
Bm G
‘Till everything burns,  While everyone screams
Em A
Burning their lies,  Burning my dreams
Bm G
All of this hate,  And all of this pain
Em A
Burn it all down,  As my anger reigns

[BEN MOODY / ANASTACIA]
‘Till everything burns
Everything burns
(Everything burns)
Everything burns
Watching it all fade away
(All fade away)
Everyone screams
Everyone screams..
(Watching it all fade away)
Oooh, ooh..
(While everyone screams)
Burning their lies
Burning my dreams
(All of this hate)
And all of this pain
I’ll burn it all down
As my anger reigns
Til everything burns
(Everything burns)
Watching it all fade away
(Oooh, ooh)
(Everything burns)
Watching it all fade away…

The proper way to increase the innodb_log_file_size:

1. shutdown mysql server
2. make backup of data and log files
3. remove InnoDB log files
4. set new value for innodb_log_file_size in my.cnf
5. start mysqld
6. check error logs to ensure everything went fine.

Also see:

Choosing proper innodb_log_file_size

from MySQL DBA blog

While $10 a month doesn’t sound like much savings it all adds up quick. If you have $10,000 in credit card debt you’d be paying $100 a month just in interest fees. Fighting to get back $10 a month in residual income is well worth it.

Cost of $1,000 debt every month:

5% APR costs $4.17 per month
6% APR costs $5.00 per month
7% APR costs $5.83 per month
8% APR costs $6.67 per month
9% APR costs $7.50 per month
10% APR costs $8.33 per month
11% APR costs $9.17 per month
12% APR costs $10.00 per month
13% APR costs $10.83 per month
14% APR costs $11.67 per month
15% APR costs $12.50 per month
16% APR costs $13.33 per month
17% APR costs $14.17 per month
18% APR costs $15.00 per month
19% APR costs $15.83 per month
20% APR costs $16.67 per month
21% APR costs $17.50 per month
22% APR costs $18.33 per month

from http://moneytipcentral.com

May 1 03:14:52 mail postfix/smtp[62798]: 23CA4BD6B40: to=, relay=none, delay=0.01, delays=0/0/0/0, dsn=5.4.6, status=bounced (mail for mail.example.com loops back to myself)

How do I fix this error?

Postfix did found a dns reply to your email server, but it hasn’t been configured to deal with address such as root@mail.example.com. In other words, your server is configured to accept user@example.com but not as user@mail.example.com. This is well known config problem with virtual domain. To fix this error either add system FQDN to mydestination or relay_domains. Postfix accepts mail for domain listed in virtual_mailbox_domains, virtual_alias_domains, and domains that resolve to IP addresses listed in inet_interfaces and proxy_interfaces. Update mydestination using postconf or by editing main.cf file:

mydestination = localhost.$mydomain, localhost, mail.example.com

Once done reload postfix:

# /usr/local/etc/rc.d/postfix reload

thanks to http://www.cyberciti.biz

Here is a long list of must know tips and tricks for the E71. You might already know a few but if you are new to S60 and the E71 in particular, I’m sure this will make for a happy start to the E71 new year!

• STICKY FUNCTION KEY – A quick double press on the bottom left ‘function’ key locks it. This is helpful in situations when you need to press a combination of keys or in applications like Gmail which can be controlled via the keypad.

• 1-800-WHATEVER – To dial 1-800-WHATEVER: type 1800, hit Fn, then Shift twice, type WHATEVER, and press the Call/Green key to dial. (The idea is to type in the alphabet mode in CAPITAL letters ONLY). The alphabets will automatically be converted to numbers.

• ONE TOUCH MUTE – You can simply mute a call by press the button between the volume keys present on the right hand side of the phone. Press it again to cancel the mute.

• REMAP THE KEYS – There are times when you feel certain keys on the E71 are being wasted when they could have come in very handy. For example, the volume keys would work wonderfully with the web browser to scroll pages or in your music player and the mute key could work as select. Make that happen.

• TIME & DATE – When the phone is in the locked state and the screen is blank, hit the Navi Button to display the time and date in a large font.

• TEXT MESSAGES – When in the standby mode, hold down left soft key to read out new text messages.

• ASSIGN SHORTCUTS -  If you have a lot of applications installed on your E71, you might want to assign additional shortcuts to different applications by definying a set of keypresses with an application called Cute Keys. Learn how here.

As a follow up to the above tips, here are a few shortcuts that you should enjoy. I have highlighted some of the lesser known ones.

GENERAL

• To get to a symbol or number hold down its key.

• Shift + Backspace deletes letters after the cursor, thus immitating the behavior of the ‘Delete’ key on the computer.

• In the Main Menu:

A B C D
E F G H
I J K L

To open A press 1, 2 for B, 3 for C, * for D, 4 for E, 5 for F and so on.

• Fn + Ctrl + C to copy.

• Fn + Ctrl + V to paste.

• Shift + Left ( or Right ) to select text.

• Ctrl + Up for page up.

• Ctrl + Down for page down.

• Ctrl + Vowels ( or n ) for accented characters like á or ñ.

CAMERA

• T to focus.

GALLERY

• Green Call to send the image.

• Fn + * for full screen.

• Fn + 7 to zoom in. Press twice for the full screen size.

• Fn + 4 to scroll left while in the zoomed image.

• Fn + 5 to zoom in.

• Fn + 3 to rotate right.

• Fn + 2 to scroll up while in the zoomed image.

• Fn + 1 to rotate left.

• Fn + 0 to zoom out.

STANDBY

• Hold * to activate/deactivate Bluetooth.

• Hold 0 to go to the web browser.

• Left Soft Key then Fn ( or * ) locks the keypad.

• Hold End/Red to disconnect all data connections.

• Hold Left Soft Key to read out new text messages.

MAIL

• Shift + Return to mark/unmark a single message.

• Shift + Down to mark multiple items.

• Fn + Spacebar in new message body to access input (predictive text, etc.) options.

MAPS

• Shift to zoom in.

• Backspace to zoom out.

• Space to go to the current position.

REAL PLAYER

• Fn + 2 for full screen.

• Hold Up for fast forward.

• Hold Down for rewind.

WEB

• 1 for bookmarks.

• 2 to find something on a page.

• 3 to return to the previous page.

• 5 to tab open windows.

• * to zoom in.

• # to zoom out.

• 8 for page overview.

• 9 to go to a different web page.

• 0 to got to the homepage.

• Hit the Backspace key to close the current window.

from http://thesymbianblog.com

First, I would like to thank DrkShdw, Worth, and Fr0zen from ##FreeBSD on FreeNode for their time and ideas when it came down to me writing this tutorial/guide. So, thanks a ton, fellas! Now, on with it!

I wrote this tutorial because of the many, MANY times I’ve been asked about how to set up Postfix on a FreeBSD system. There are many great tutorials out there that can guide people through a Postfix setup. However, none of them are related to FreeBSD. So, I’ve decided to give it a go and here it is.

Note: Please be aware that there will be a lot more installed than actually concentrated on due to this tutorial utilizing the FreeBSD Ports System and installing any dependencies that a port may require to run efficiently.

Any questions or comments can be sent to the PHO Postfix Mailing Lists. Standard comments are welcome here on the site. However, there will be no replies via the comment pages. Also, it just seems more useful for others to be able to read questions and answers on the mailing lists. You can also join us for whatever reason you see fit on our PHO IRC Server. So, enjoy and please, please, PLEASE let me know if you run into any problems. How the hell am I to fix something if no one reports errors?

With the above being stated and you having still read to here, I’ll go ahead and assume that you’re going to follow this tutorial/guide. If so, please keep in mind that anything writen in BOLD, RED TEXT will be something that needs to be edited. Also, you should be sure that your FreeBSD Ports Tree is up-to-date. So, let’s get started, shall we? Use the links below to begin.

Base MTA Setup:

1 – MySQL Install
2 – Dovecot Install
3 – Postfix Install
4 – Apache Install
5 – PHP Install
6 – Postfixadmin Install
8 – SpamAssassin Install
9 – FuzzyOCR Install
10 – Clam Anti-Virus Install
11 – PEAR Install
12 – Maia-Mailguard Install

Optional Applications:

13 – SquirrelMail Install
14 – Mailman Install
15 – Mailgraph Install
16 – Roundcube Install

1 – MySQL Install

MySQL is a database application that is very fast and very reliable. You can read more about it by visiting http://www.mysql.com.

This tutorial installs version 5.0.51a.

Install MySQL via ports:

#cd /usr/ports/databases/mysql50-server
#make all install clean

Add mysqld to system startup:

#echo 'mysql_enable="YES"' >> /etc/rc.conf

Start MySQL:

#/usr/local/etc/rc.d/mysql-server start

Secure MySQL root user account and delete nameless user(s):

#mysql -u root mysql
>UPDATE user SET Password=PASSWORD('mysql_root_password') WHERE User='root';
>DELETE FROM user WHERE User='';
>FLUSH PRIVILEGES;
>quit;

Copy my.cnf for MySQL:

#cp /usr/local/share/mysql/my-medium.cnf /var/db/mysql/my.cnf

Edit /var/db/mysql/my.cnf file:
This is to allow MySQL to process files up to 10 Megabytes in size and also keep the INNODB files from getting too large. Find and edit the RED TEXT.

...
[mysqld]
port            = 3306
socket          = /tmp/mysql.sock
skip-locking
key_buffer = 16M
max_allowed_packet = 10M
table_cache = 64
sort_buffer_size = 512K
...
# Uncomment the following if you are using InnoDB tables
innodb_data_home_dir = /var/db/mysql/
innodb_data_file_path = ibdata1:10M:autoextend
innodb_log_group_home_dir = /var/db/mysql/
innodb_log_arch_dir = /var/db/mysql/
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
innodb_buffer_pool_size = 16M
innodb_additional_mem_pool_size = 2M
# Set .._log_file_size to 25 % of buffer pool size
innodb_log_file_size = 5M
innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
...

Restart MySQL for new changes:

#/usr/local/etc/rc.d/mysql-server restart

2 – Dovecot Install

Dovecot is a very fast, very reliable, and easily configured POP3/IMAP server application. You can read more about it by visiting their website at http://www.dovecot.org.

This tutorial installs version 1.1.2_1.

Install Dovecot via ports:

#cd /usr/ports/mail/dovecot
#make all install clean
(Be sure "SSL", "IPV6", "POP3", and "MYSQL" are selected in the menu)

Edit /etc/rc.conf so Dovecot starts at boot:

#echo 'dovecot_enable="YES"' >> /etc/rc.conf

Copy Dovecot configuration files:

#cp /usr/local/share/examples/dovecot/dovecot.conf /usr/local/etc/dovecot.conf
#cp /usr/local/share/examples/dovecot/dovecot-sql.conf /usr/local/etc/dovecot-sql.conf

Create SSL/TLS certificate for secure connections:

#mkdir -p /etc/ssl/dovecot
#cd /etc/ssl/dovecot
#openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 365

Edit /usr/local/etc/dovecot.conf file:
Find and edit the red text.

protocols = imap imaps pop3 pop3s
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/dovecot/cert.pem
ssl_key_file = /etc/ssl/dovecot/key.pem
login_greeting = ISP Mail Server Ready.
mail_location = maildir:/usr/local/virtual/%d/%n
first_valid_uid = 125
last_valid_uid = 125
first_valid_gid = 125
last_valid_gid = 125
protocol imap {
   mail_plugins = quota imap_quota
}
protocol pop3 {
   mail_plugins = quota
}
protocol lda {
   postmaster_address = postmaster@domain.tld
}
auth default {
   mechanisms = plain login
   # passdb pam {
   # }
   passdb sql {
      args = /usr/local/etc/dovecot-sql.conf
   }
   # userdb passwd {
   # }
   userdb sql {
      args = /usr/local/etc/dovecot-sql.conf
   }
   socket listen {
      client {
         path = /var/spool/postfix/private/auth
         mode = 0660
         user = postfix
         group = postfix
      }
   }
}

NOTE:

There is a temporary issue with the latest release of Dovecot’s configuration file that leaves the “auth_username_format = %Lu” line uncommented. If this line is indeed uncommented, be sure you comment it out to avoid Dovecot deprecating the “@domain.tld” part of your username for authentication. This WILL be fixed in the next port update (hopefully) so this should only be a temporary issue…

Edit /usr/local/etc/dovecot-sql.conf file:
You can either copy this file or edit your own file to match.

driver = mysql
connect = host=localhost dbname=postfix user=postfix password=postfix_mysql_password
default_pass_scheme = MD5
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 125 AS uid, 125 AS gid, CONCAT('maildir:storage=', FLOOR( quota / 1024 ) ) AS quota FROM mailbox WHERE username = '%u' AND active = '1'

IMPORTANT NOTE:

Be sure that ALL the previous changes remain on a sinlge line. Also, the user_query line contains a bit in the query to allow Dovecot to return quota usage. If you don’t want or don’t need quota usage returned, you can just remove that bit from the query…

3 – Postfix Install

Postfix is by far an MTA favorite amongst anyone who has every been a mail server administrator. It’s ease of use and stability is second to none. You can read more about it by visiting their website at http://www.postfix.org.

This tutorial installs version 2.5.1_2,1.

Install Postfix via ports:

#cd /usr/ports/mail/postfix
#make all install clean
(Be sure “DOVECOT“, “TLS“, “BDB“, “MySQL“, and “VDA” are selected in the menu)

Note:

After the Postfix application is finished building and preparing to be finished installing, it will prompt you with a question similar to: Would you like to activate Postfix in /etc/mail/mailer.conf [n]? Press “y” and then continue with the install.

Shut down Sendmail:

#/etc/rc.d/sendmail forcestop

NOTE:
If the above command doesn’t not shut down Sendmail, you’ll have to manually kill the PIDs. You can either find the PIDs and kill them (2) individually or you can run the following command:

#sh
#for i in `ps auxwww|grep sendmail|awk '{print $2}'`;do kill $i;done && exit

Edit /etc/rc.conf to disable Sendmail and start Postfix at boot:
Add these lines to the bottom of the file:

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
postfix_enable="YES"

Create and edit /etc/periodic.conf file:
Add these lines to the file:

daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

Create and secure the SMTP SSL certificate:

#mkdir -p /etc/ssl/postfix
#cd /etc/ssl/postfix
#openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
#chmod 640 /etc/ssl/postfix/smtpd.pem
#chgrp -R postfix /etc/ssl/postfix

Edit /usr/local/etc/postfix/main.cf file:
Find and edit the RED TEXT.

...
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing.  When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
soft_bounce = no
# SASL CONFIG
#
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# TLS CONFIG
#
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# MySQL Configuration
#
virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 125
virtual_transport = virtual
virtual_uid_maps = static:125
# Additional for quota support
#
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
$virtual_mailbox_limit_maps
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later.
virtual_overquota_bounce = yes
...
myhostname = host.domain.tld
...
mydomain = domain.tld
...
mydestination = localhost.$mydomain, localhost
...
relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
...

Edit /usr/local/etc/postfix/master.cf file:
Find and edit the RED TEXT.

...
smtps     inet  n       -       n       -       -       smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
...

Create and edit
/usr/local/etc/postfix/mysql_virtual_alias_maps.cf file:

user = postfix
password = postfix_sql_password
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

Create and edit
/usr/local/etc/postfix/mysql_virtual_domains_maps.cf file:

user = postfix
password = postfix_sql_password
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1'

Create and edit
/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf file:

user = postfix
password = postfix_sql_password
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

Create and edit
/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf file:

user = postfix
password = postfix_sql_password
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s'

Create and edit
/usr/local/etc/postfix/mysql_relay_domains_maps.cf file:

user = postfix
password = postfix_sql_password
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'

Secure Postfix’s MySQL files:

#chmod 640 /usr/local/etc/postfix/mysql_*
#chgrp postfix /usr/local/etc/postfix/mysql_*

Update the transport map database:

#postmap /usr/local/etc/postfix/transport

Edit /etc/aliases file:

Change “root” to an email address you want system messages to be mailed to:
root: you@your-domain.tld

Create aliases.db file:

#/usr/bin/newaliases

Create our virtual mail directories:

#mkdir /usr/local/virtual
#chown -R postfix:postfix /usr/local/virtual
#chmod -R 700 /usr/local/virtual

4 – Apache Install

Apache is a very robust, nice, and easily configurable web server application. I’ve been using it for many years and its always been kind to me. You can read more about Apache by visiting http://www.apache.org.

This tutorial installs version 2.2.9.

Install Apache via ports:

#cd /usr/ports/www/apache22
#make all install clean
(Menu defaults are fine)

Edit /usr/local/etc/apache22/httpd.conf file:

Find and edit the RED TEXT.

...
ServerAdmin webmaster@domain.tld
...
ServerName www.domain.tld:80
...
# Various default settings
Include etc/apache22/extra/httpd-default.conf
# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf
...

Create SSL certificate for Apache:

#mkdir -p /etc/ssl/apache
#cd /etc/ssl/apache
#openssl genrsa -des3 -out server.key 1024
#openssl req -new -key server.key -out server.csr
#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
#chmod 0400 /etc/ssl/apache/server.key
#chmod 0400 /etc/ssl/apache/server.crt

Remove SSL passphrase:
(This is entirely optional. I just had a lot of requests for this)

#cd /etc/ssl/apache
#cp server.key server.key.orig
#openssl rsa -in server.key.orig -out server.key

Protect our Apache key files:

#chmod 400 /etc/ssl/apache/*

Edit /usr/local/etc/apache22/extra/httpd-default.conf file:

Find and edit the RED TEXT.

...
ServerTokens Prod
...
ServerSignature Off
...
HostnameLookups Off
...

Edit /usr/local/etc/apache22/extra/httpd-ssl.conf file:

...
ServerName www.domain.tld:443
...
ServerAdmin webmaster@domain.tld
...
SSLCertificateFile "/etc/ssl/apache/server.crt"
...
SSLCertificateKeyFile "/etc/ssl/apache/server.key"
...

Install Apache startup script and start it:

#echo 'apache22_enable="YES"' >> /etc/rc.conf
#/usr/local/etc/rc.d/apache22 start

Test:

Visiting either “http://domain.tld/” or “http://YOUR_IP/” should now bring up your machine’s default Apache web page (Something along the lines of “It Works!“. Then, visit either “https://domain.tld/” or “https://YOUR_IP/” to test the SSL/TLS. If you see both pages, you’re ready to rock. If not, browse to the top of this Apache Install page and try again. Also, be sure to check your logs to find out if there are any errors. The logs will be located in “/var/log/httpd-*” by default. Seriously, I cannot stress checking logs enough…

5 – PHP Install

PHP is a very powerful language used mostly for web applications. Hence the reason we are installing it. Each application that is accessible via the web in this tutorial depends on PHP to work properly. You can check out more on PHP by visiting their web site at http://www.php.net.

This tutorial installs version 5.2.6.

Install PHP via ports:

#cd /usr/ports/lang/php5
#make all install clean (Be sure “APACHE” is selected in the menu)

Install PHP extentions:

#cd /usr/ports/lang/php5-extensions
#make all install clean
(Be sure “BCMATH“, “GETTEXT“, “IMAP“, “MCRYPT“, “MYSQL“, “MYSQLI“, “SESSION“, “SOCKETS“, and “WDDX” are selected in the menu)

Prepare /usr/local/etc/php.ini file:

#cp /usr/local/etc/php.ini-recommended /usr/local/etc/php.ini

Edit /usr/local/etc/php.ini file:

Find and edit the RED TEXT.

...
;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
; UNIX: "/path1:/path2"
include_path = "."
;
; Windows: "\path1;\path2"
;include_path = ".;c:\php\includes"
...

Edit /usr/local/etc/apache22/httpd.conf file:

Find and edit the RED TEXT.

...
<IfModule dir_module>
DirectoryIndex index.html index.php index.php5
</IfModule>
...
...
<IfModule mime_module>
TypesConfig etc/apache22/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>

Restart Apache:

#apachectl restart

6 – Postfixadmin Install

PostfixAdmin is a great application to edit your e-mail domains and users. It has plenty of options and makes things very easy. You can check it out by visiting their website at http://sourceforge.net/projects/postfixadmin.

This tutorial installs version 2.2.1.1.

Install Postfixadmin via ports:

#cd /usr/ports/mail/postfixadmin
#make all install clean
(Be sure “MYSQLI” is selected in the menu.)

Create PostfixAdmin database:

Execute adjusting the RED TEXT.

#mysql -u root -p
(Enter MySQL root password)
>CREATE DATABASE postfix;
>CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'postfix_sql_password';
>GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost';
>FLUSH PRIVILEGES;

Secure PostfixAdmin files:

#cd /usr/local/www/postfixadmin
#find . -type f -exec chmod 640 {} \;
#find . -type d -exec chmod 750 {} \;

Edit /usr/local/www/postfixadmin/config.inc.php file:

Find and edit the RED TEXT.

$CONF['configured'] = true;
$CONF['postfix_admin_url'] = 'https://www.domain.tld/postfixadmin/';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfix_sql_password';
$CONF['database_name'] = 'postfix';
$CONF['database_prefix'] = '';
$CONF['admin_email'] = 'postmaster@domain.tld';
$CONF['default_aliases'] = array (
   'abuse' => 'abuse@domain.tld',
   'hostmaster' => 'hostmaster@domain.tld',
   'postmaster' => 'postmaster@domain.tld',
   'webmaster' => 'webmaster@domain.tld'
);
$CONF['generate_password'] = 'NO';
$CONF['page_size'] = '20';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['aliases'] = '50';
$CONF['mailboxes'] = '50';
$CONF['maxquota'] = '1024';
$CONF['quota'] = 'YES';
$CONF['quota_multiplier'] = '1048576';
$CONF['transport'] = 'NO';
$CONF['vacation'] = 'YES';
$CONF['vacation_domain'] = 'autoreply.domain.tld';
$CONF['alias_control_admin'] = 'YES';
$CONF['special_alias_control'] = 'YES';
$CONF['show_header_text'] = 'YES';
$CONF['header_text'] = ':: Postfix Admin ::';
$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = 'Return to domain.tld';
$CONF['user_footer_link'] = 'http://www.domain.tld/';
$CONF['welcome_text'] = <<<EOM
Hello,

Welcome to your new email account!
For questions or comments regarding your mail account,
please feel free to send an email to support@domain.tld.
Likewise, any other inqueries regarding ISP NAME or their
affiliates can be sent to the same address.

Also, don't forget to check your mail settings via Maia-
Mailguard located at https://www.domain.tld/maia-mailguard/.
Simply log into your account using your email address
and password. That's it! From Maia-Mailguard, you can
adjust your spam, virus, malware, whitelists, blacklists,
etc... This will put you in full control of your email so
you never miss anything important.

Thank you for using ISP NAME and enjoy your new email
account!

Regards,
ISP NAME Staff
support@domain.tld
EOM;
?>

Create Vacation user and group accounts:

#pw groupadd vacation
#pw useradd vacation -c Virtual\ Vacation -d /nonexistent -g vacation -s /sbin/nologin

Create, populate and secure vacation directory:

#mkdir /var/spool/vacation
#cp /usr/local/www/postfixadmin/VIRTUAL_VACATION/vacation.pl /var/spool/vacation/
#chown -R vacation:vacation /var/spool/vacation/
#chmod 700 /var/spool/vacation/
#chmod 750 /var/spool/vacation/vacation.pl
#touch /var/log/vacation.log /var/log/vacation-debug.log
#chown vacation:vacation /var/log/vacation*

Edit /var/spool/vacation/vacation.pl script:

Find and edit the RED TEXT.

my $db_type = 'mysql';
my $db_host = 'localhost';
my $db_user = 'postfix';
my $db_pass = 'postfix_sql_password';
my $db_name = 'postfix';
my $sendmail = "/usr/sbin/sendmail";
my $logfile = "/var/log/vacation.log";    # specify a file name here for example: vacation.log
my $debugfile = "/var/log/vacation-debug.log";  # sepcify a file name here for example: vacation.debug
my $syslog = 1;   # 1 if log entries should be sent to syslog
...

Edit /usr/local/etc/postfix/master.cf for vacation filter:
Add this to the bottom of the file.

vacation  unix  -       n       n       -       -       pipe
   flags=DRhu user=vacation argv=/var/spool/vacation/vacation.pl

Edit /usr/local/etc/postfix/main.cf for vacation transport:

Find and edit the RED TEXT.

...
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
transport_maps = hash:/usr/local/etc/postfix/transport
vacation_destination_recipient_limit = 1
...

Add proper lines to /usr/local/etc/postfix/transport file:

#echo 'autoreply.domain.tld vacation:' >> /usr/local/etc/postfix/transport

Create our transport map database for Postfix:

#postmap /usr/local/etc/postfix/transport

Create and edit /usr/local/etc/apache22/Includes/postfixadmin.conf file:

Alias /postfixadmin/ "/usr/local/www/postfixadmin/"
<Directory "/usr/local/www/postfixadmin/">
   Options Indexes
   AllowOverride AuthConfig
   Order allow,deny
   Allow from all
</Directory>

Reload Apache configuration:

#apachectl configtest
#apachectl graceful

Run all startup scripts:

#/usr/local/etc/rc.d/mysql-server start (Should already be running?)
#/usr/local/etc/rc.d/dovecot start
#/usr/local/etc/rc.d/postfix start

Note:

Check your /var/log/maillog and /var/log/messages to make sure there are no errors.

Post Note:

If you are receiving errors in your logs about $mydestination, be sure that _ANY_ ‘virtual’ domain you are hosting is _NOT_ listed in your /etc/hosts file. Apparently this causes a problem being as Postfix cannot determine if the domain is virtual or not. (Thanks Valentin)

Test and setup PFA admin:

Visit “http://domain.tld/postfixadmin/. Click the “setup” link in the text and read through the output to make sure there are no problems. Toward the bottom, you should be prompted for an e-mail address and password for an ‘Administror’ account in PostfixAdmin. You can use whatever e-mail address and password you would like here. Be sure to choose something you plan on actually adding to PostfixAdmin later though as you may end up getting messages from PFA later. After you add the ‘Administrator’ account, you should see “Everything seems fine… you are ready to rock & roll!” toward the bottom of the setup.php page. If so, delete /usr/local/www/postfixadmin/setup.php (Or move it. Your choice)

Add a domain and user to Postfix:

Visit “http://domain.tld/postfixadmin/”

Enter the admin username and password you created during the PostfixAdmin setup. Click “Domain List” then “New Domain“and fill in the requested fields. Next, click “Virtual List” followed by “Add Mailbox“and again, fill in the requested fields.

Telnet to localhost on port 25:

#telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.domain.tld.
Escape character is ‘^]’.
220 test.domain.tld ESMTP Postfix
EHLO test.com
250-test.domain.tld
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS
quit
quit

Telnet to localhost on port 465:

#telnet localhost 465
Trying 127.0.0.1…
Connected to host.domain.tld.
Escape character is ‘^]’.
quit
quit

Note:

You won’t see anything besides the above on port 465 as it requires SSL and you’re not using it right now. So, if the connection is successful, you should be fine. You can test this later with a mail client using an SSL connection for SMTP.

Telnet to localhost on port 110:

#telnet localhost 110
Connected to host.domain.tld.
Escape character is ‘^]’.
+OK ISP Mail Server Ready.
user user@domain.tld (Use the account you created via the web interface)
+OK
pass password (Use password you just created for above user)
+OK Logged in.
list
+OK 1 messages:
1 844
.
quit
+OK Logging out
Connection closed by foreign host.

Check your /var/log/maillog for errors. If there are none, congratulations. You now have a complete Postfix+Virtual-Users/Domains installation.

7 – SpamAssassin Install

SpamAssassin is a great tool for detecting spam. Although it may be a bit ‘bloated’ and resource hungry, I still like to use it. Whether or not you want to use it is up to you. I’ve heard of others trading this step out for spamd but I haven’t gotten around to integrating it properly. So, SpamAssassin it is! You can read more about SpamAssassin by visiting their web site at http://spamassassin.apache.org.

This tutorial installs version 3.2.5.

Install SpamAssassin via ports:

#cd /usr/ports/mail/p5-Mail-SpamAssassin
#make all install clean
(Be sure “SPAMC” is NOT selected and “GNUPG“, “MYSQL“, and “RAZOR” are selected in the menu)

Create user “vscan”:

#pw groupadd vscan
#pw useradd -n vscan -c Amavisd\ User -d /var/amavisd -g vscan -m
#passwd vscan
(Enter password twice)

Create and edit /usr/local/etc/mail/spamassassin/local.cf file:

use_bayes 1
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn DBI:mysql:maia
bayes_sql_username vscan
bayes_sql_password vscan_password
auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList
user_awl_dsn DBI:mysql:maia
user_awl_sql_username vscan
user_awl_sql_password vscan_password
bayes_auto_expire 0

# Change 192.168.1.* to your actual internal/external address(es).

internal_networks 192.168.1.0/24
trusted_networks 192.168.1/24

Configure RAZOR for reporting:

#su - vscan
#razor-admin -discover
#razor-admin -create
#razor-admin -register -l -user=username@domain.tld -pass=some_password
#exit

NOTE:

The above user should be an actual email address you check. The password can be any password you’d like. It’s only needed by razor2 to identify and report and spam.

8 – FuzzyOCR Install

FuzzyOCR is a tool that detects spam inside of images. This tool works wonderfully and I would highly recommend using it. You can find out more by visiting the FuzzyOCR web site at http://fuzzyocr.own-hero.net.

This tutorial installs version 3.4.2_2.

Install FuzzyOCR via ports:

#cd /usr/ports/mail/p5-FuzzyOcr-devel
#make all install clean

Copy FuzzyOcr files to SpamAssassin configuration directory:

#cp /usr/local/share/examples/FuzzyOcr/FuzzyOcr.* /usr/local/etc/mail/spamassassin

9 – Clam Anti-Virus Install

Clam Anti-Virus is a free virus scanning utility that works like a charm. Thus far I haven’t had any issues with it. You can also install many other AV scanners that Maia-Mailguard can use. You are not limited to one. You can read more about ClamAV by visiting the web site at http://www.clamav.net.

This tutorial installs version 0.93.3.

Install Clam Anti-Virus via ports:

#cd /usr/ports/security/clamav
#make all install clean CLAMAVUSER=vscan CLAMAVGROUP=vscan
(Menu defaults should be fine.)

Add build options to /etc/make.conf file:

This will keep you from having to use those build options every time you upgrade your ClamAV port.

#echo 'CLAMAVUSER=vscan' >> /etc/make.conf
#echo 'CLAMAVGROUP=vscan' >> /etc/make.conf

Enable ClamAV at boot time:

#echo 'clamav_freshclam_enable="YES"' >> /etc/rc.conf
#echo 'clamav_clamd_enable="YES"' >> /etc/rc.conf

Start FreshClam as well as the ClamAV daemon:

#/usr/local/etc/rc.d/clamav-clamd start
#/usr/local/etc/rc.d/clamav-freshclam start

10 – PEAR Install

PEAR stands for “PHP Extension and Application Repository” which describes it perfectly. It comes in very handy when dealing with web applications. You can read more about PEAR at http://pear.php.net.

This tutorial installs version 1.7.2.

Install PEAR via ports:

#cd /usr/ports/devel/pear
#make all install clean

Edit /usr/local/etc/php.ini file:

Find and edit the RED TEXT

...
;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
; UNIX: "/path1:/path2"
include_path = ".:/usr/local/share/pear"
;
; Windows: "\path1;\path2"
;include_path = ".;c:\php\includes"
...

11 – Maia-Mailguard Install

Maia-Mailguard is by far the best open source spam/virus configuration utility I have ever used. It allows users to adjust their own settings for spam and viruses leaving the Mail Admin a little breathing room which makes it a great piece of software. You can read more about it at http://www.maiamailguard.com.

This tutorial installs version 1.0.2a_1.

Install Maia-Mailguard via ports:

#cd /usr/ports/security/maia
#make all install clean
(Menu defaults will be fine. However, feel free to add more apps for the scanner. It can’t hurt)

Create and populate Maia-Mailguard database:

#mysql -u root -p mysql
(Enter MySQL root password)
>CREATE DATABASE maia;
>GRANT ALL PRIVILEGES ON maia.* TO vscan@localhost IDENTIFIED BY ‘vscan_password‘;
>FLUSH PRIVILEGES;
>quit
#cd /usr/local/share/doc/maia
#mysql -u root -p maia < maia-mysql.sql

Edit /usr/local/etc/maia.conf file:

Find and edit the RED TEXT

…
# Your Maia database user’s login name
$username = “vscan“;
# Your Maia database user’s password
$password = “vscan_password“;
# The directory where Maia’s Perl scripts can be found.
$script_dir = “/var/amavisd/maia/scripts“;
…
# The directory where SpamAssassin’s local.cf file can be found.
$local_cf_dir = “/usr/local/etc/mail/spamassassin“; # default: let the script find it
…
# The directory where SpamAssassin’s core rules can be found.
$system_rules_dir = “/usr/local/share/spamassassin“; # default: let the script find it
…
# The directory where your amavis user’s user_prefs file can be found.
$user_rules_dir = “/var/amavisd/.spamassassin“; # default: let the script find it
…
# Location of your encryption key file, or undef to disable
#$key_file = “/var/amavisd/maia.key”;
…
# Base URL to Maia’s PHP scripts
$base_url = “https://www.domain.tld/maia/“;

Run configtest.pl executable:

#/var/amavisd/maia/scripts/configtest.pl

Note:

There is a known issue with the ‘file()’ utility in the configtest check. Don’t worry about this as Maia will still find and use file() even if the configtest says it is not installed. This will be fixed in the next Maia release. Otherwise, PLEASE let me know if something in the port is not working correctly.

Allow ‘vscan’ access to Maia’s files:

#cd /usr/local/etc
#chgrp vscan maia.conf amavisd.conf

Load SpamAssassin rules:

#su - vscan
#/var/amavisd/maia/scripts/load-sa-rules.pl --debug
#exit

Install Smarty Engine Template via ports:

#cd /usr/ports/www/smarty
#make all install clean

Edit /usr/local/etc/php.ini file:

Find and edit the RED TEXT

…
;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
; UNIX: “/path1:/path2″
include_path = “.:/usr/local/share/pear:/usr/local/share/smarty”
;
; Windows: “\path1;\path2″
;include_path = “.;c:\php\includes”
…

Reload Apache’s configuration files:

#apachectl graceful

Edit /usr/local/www/maia/config.php file:

Find and edit the RED TEXT.

…
$maia_sql_dsn = “mysql://vscan:vscan_password@unix(/tmp/mysql.sock)/maia“;
…
$address_rewriting_type = 4;
…
$auth_method = “sql“;
…
// Database connection string to use for authentication.
$auth_sql_dsn = “mysql://postfix:postfix_sql_password@unix(/tmp/mysql.sock)/postfix“;
…
// Name of the table that contains the user’s authentication info
$auth_sql_table = “mailbox“;
…
// Name of the column that contains the user’s name
$auth_sql_username_column = “username“;
…
// Name of the column that contains the user’s password
$auth_sql_password_column = “password“;
…
// Name of the column that contains the user’s e-mail address
$auth_sql_email_column = “username“;
…
// Password encryption type:
$auth_sql_password_type = “crypt“;
…

Create and edit /usr/local/etc/apache22/Includes/maia.conf file:

Alias /maia/ "/usr/local/www/maia/"
<Directory "/usr/local/www/maia/">
   AllowOverride None
   Options None
   Order allow,deny
   Allow from all
</Directory>

Reload Apache:

#apachectl graceful

Test:

Visit “https://domain.tld/maia/admin/configtest.php“.

You’ll see we’re still missing plenty of PEAR modules. So, let’s go a head and install those. Of course, all “optional” modules are your decision.

Install PEAR::Mail_Mime via ports:

#cd /usr/ports/mail/pear-Mail_Mime
#make all install clean

Install PEAR::Mail_mimeDecode via ports:

#cd /usr/ports/mail/pear-Mail_mimeDecode
#make all install clean

Install PEAR::DB via ports:

#cd /usr/ports/databases/pear-DB
#make all install clean

Install PEAR::Pager via ports:

#cd /usr/ports/devel/pear-Pager
#make all install clean

Install PEAR::Net_Socket via ports:

#cd /usr/ports/net/pear-Net_Socket
#make all install clean

Install PEAR::Net_SMTP via ports:

#cd /usr/ports/net/pear-Net_SMTP
#make all install clean
(Be sure “PEAR_AUTH_SASL” is selected from the menu)

Install PEAR::Log via ports:

#cd /usr/ports/sysutils/pear-Log
#make all install clean
(Be sure “Pear_DB” is selected from the menu)

NOTE:

If you would like to have the image graph utilities available in Maia, you can find all the modules you need in /usr/ports/graphics and /usr/ports/textproc.

(As of this writing):
PEAR::Image_Color
PEAR::Image_Canvas
PEAR::Image_Graph
PEAR::Numbers_Roman
PEAR::Numbers_Words

So, go for it if you want to. These, however, are in no way required.

Patch pear-Net_IMAP:

NOTE: This is only for those of you who chose to install the graphical imaging software with PEAR. IF YOU DID NOT INSTALL GRAPHS, SKIP THIS STEP.

#cd /usr/local/share/pear
#fetch http://www.purplehat.org/downloads/postfix_guide/Pie.php.diff
#patch -p0 < Pie.php.diff

Reload Apache Configuration:

#apachectl graceful

Edit /usr/local/etc/amavisd.conf file:

Find and edit the RED TEXT.

...
$max_servers = 2;             # number of pre-forked children (2..15 is common)
...
$mydomain = 'domain.tld';
...
#$key_file = "$MYHOME/maia.key";
...
$DO_SYSLOG = 1;
...
@lookup_sql_dsn = ( ['DBI:mysql:maia:localhost', 'vscan', 'vscan_password'] );
...
$unrar = ['rar', 'unrar'];
...
$myhostname = 'host.domain.tld';
...
$X_HEADER_LINE = "Maia Mailguard";
...
### http://www.clamav.net/
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
...

Set Maia-Mailguard to start at boot and start it now:

#echo 'maia_enable="YES"' >> /etc/rc.conf
#/usr/local/etc/rc.d/maia start

Test:

Visit “https://domain.tld/maia/“. You should be greeted with a login screen. If so, great! Let’s log in and acquire admin privileges…

Instead of “https://domain.tld/maia/login.php” (The default), visit “https://domain.tld/maia/login.php?super=register” and log in with any currently existing virtual user (Most likely the user you added with Postfixadmin earlier). Be sure to use a full email address to log into Maia-Mailguard. IE: username@domain.tld. That user will now have admin privs via Maia (So, be careful which user you choose).

Now, that you’re logged into Maia-Mailguard as an administrator, click the “Admin” link at the top of the page (Key-shaped icon). From the “Administration Menu” click “System Configuration“. Each mail server will want different settings for their setup. However, there are some things you should be aware of:

1. Make sure that *ANY* file name (With the exception of the logo image) listed for any option is listed with it’s *FULL PATH*.

2. The “Mail size limit” setting should not be higher than what you set your MySQL’s max_allowed_packet to (10M in my example) in /var/db/mysql/my.cnf. Remember that this setting is in bytes. So, 10*1024*1024 would give you 1048576 (10M).

IMPORTANT:

For each domain you create using Postfixadmin or any other way you may create it, Maia needs to know about it in order to create users. This might seem like a redundant issue, but it really makes a difference and here’s why… When Maia recieves mail for a user that doesn’t exist, it uses the default domain’s (@.) settings. This is fine. However, if it considers that mail to be spam when it is not, the user cannot retrieve that message later being as the default settings don’t house mail for a non-existant user. So, be sure to add any domain you add via PostfixAdmin to Maia-Mailguard as well.

Edit /usr/local/etc/postfix/main.cf file:

Find and edit the RED TEXT.

…
# Maia-Mailguard
#
content_filter=smtp-amavis:[127.0.0.1]:10024
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
…

Edit /usr/local/etc/postfix/master.cf file:

Add RED TEXT to bottom of file.

smtp-amavis unix - - n - 2 smtp
   -o smtp_data_done_timeout=2400
   -o smtp_send_xforward_command=yes
   -o disable_dns_lookups=yes
   -o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_delay_reject=no
   -o smtpd_client_restrictions=permit_mynetworks,reject
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks_style=host
   -o mynetworks=127.0.0.0/8
   -o strict_rfc821_envelopes=yes
   -o smtpd_error_sleep_time=0
   -o smtpd_soft_error_limit=1001
   -o smtpd_hard_error_limit=1000
   -o smtpd_client_connection_count_limit=0
   -o smtpd_client_connection_rate_limit=0
   -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

Reload Postfix:

#postfix reload

Edit the “vscan” user’s cron jobs:

#crontab -u vscan -e

Copy and paste into user vscan’s crontab.

#Load new rules and store into Maia database.
30 4 * * * /var/amavisd/maia/scripts/load-sa-rules.pl > /dev/null

#Train Spam Assassin.
0 * * * * /var/amavisd/maia/scripts/process-quarantine.pl --learn --report > /dev/null

#Take a snapshot of the stats at the start of every hour.
0 * * * * /var/amavisd/maia/scripts/stats-snapshot.pl > /dev/null

#Purge mail that has not been confirmed.
0 23 * * * /var/amavisd/maia/scripts/expire-quarantine-cache.pl > /dev/null

#Send quarantine reminders.
0 15 * * * /var/amavisd/maia/scripts/send-quarantine-reminders.pl > /dev/null

#Send quarantine digests.
0 15 * * * /var/amavisd/maia/scripts/send-quarantine-digests.pl > /dev/null

#Force bayesian auto-expiry during off-peak hours.
25 2 * * * /usr/local/bin/sa-learn --sync --force-expire > /dev/null

12 – SquirrelMail Install

SquirrelMail is a very actively developed, fun, and easy to use webmail application. I prefer SquirrelMail mostly because of the broad list of plugins available for it. You can read more about it by visiting http://www.squirrelmail.org.

This tutorial installs version 1.4.15_1.

Install SquirrelMail via ports:

#cd /usr/ports/mail/squirrelmail
#make all install clean

SquirrelMail configuration:

#cd /usr/local/www/squirrelmail
#./configure

SquirrelMail Options:

1. Choose option “2. Server Settings“.

2. Choose option “1. Domain” and change it to your domain name.

3. Choose option “A. Update IMAP Settings” then option “5. IMAP Port” and change it to “993“.

4. Choose option “7. Secure IMAP (TLS)” and change it to “true” by pressing “y“.

5. Choose option “8. Server software” then type”dovecot” followed by the “ENTER” to set it.

6. Press “s” followed by the “ENTER” key to save.

7. Press “q” followed by the “ENTER” key to quit.

Edit /usr/local/etc/apache22/Includes/squirrelmail.conf file:

Alias /squirrelmail/ "/usr/local/www/squirrelmail/"
<Directory "/usr/local/www/squirrelmail">
   AllowOverride None
   Options None
   Order allow,deny
   Allow from all
</Directory>

Reload Apache configuration:

#apachectl graceful

Test:

SquirrelMail should now be installed and working. Visit “https://domain.tld/squirrelmail/src/configtest.php” to make sure all is well. If there are no errors, great! Click the “Login now” link at the bottom and proceed to log in.

Note:

If you are having trouble logging into SquirrelMail even though you know you’re using the correct login information, verify that “file_uploads” is set to “On” in your /usr/local/etc/php.ini file.

Once logged in, go a head and send an email to either yourself or someone else and make sure everything is working properly. If you or the third party recieved the email, you’re finished with the SquirrelMail install.

After you are sure everything is functioning as it should, continue on and begin installing some plugins for SquirrelMail. These plugins will make your life much easier as an adminitrator…

Install Quota Usage plugin via ports:

#cd /usr/ports/mail/squirrelmail-quota_usage-plugin
#make all install clean
#cd /usr/local/www/squirrelmail/plugins/check_quota
#cp config.sample.php config.php

Edit /usr/local/www/squirrelmail/plugins/check_quota/config.php file:

Find and edit the RED TEXT.

…
$settings['quota_type'] = 1;
…

NOTE:

If you would like the quota usage to display the amount AND percentage used (Like I do…), you can use the patch I made like so:

#cd /usr/local/www/squirrelmail/plugins/check_quota
#fetch http://www.purplehat.org/downloads/postfix_guide/check_quota.diff
#patch -p0<check_quota.diff
#rm -rf check_quota.diff

Install Secure Login plugin via ports:

#cd /usr/ports/mail/squirrelmail-secure_login-plugin
#make all install clean
#cd /usr/local/www/squirrelmail/plugins/secure_login/
#cp config.sample.php config.php

Install Timeout plugin via ports:

#cd /usr/ports/mail/squirrelmail-timeout_user-plugin
#make all install clean

Activate the plugins:

#cd /usr/local/www/squirrelmail
#./configure

SquirrelMail Options:

1. Choose option “8. Plugins“.

2. To install a plugin, just press its number.

3. I recommend installing the following plugins: “squirrelspell“, “filters“, “calendar“, “compatibility“, “check_quota “,”secure_login“, and “timeout_user“.

4. Press “s” then “ENTER” to save and “q” to quit.

Note:

The “filters” plugin is used to filter out mail which Maia-Mailguard has modified the subject with “***SPAM*** “. If you choose to load this plugin, be sure you edit the “setup.php” file in the plugin’s directory to turn “$AllowSpamFilters = true;” to “$AllowSpamFilters = false;“. Of course, if you are going to use the spam filters, disregard this note.

SquirrelMail should now be 100% functional. Be sure to let users know to “purge” their “Trash” directory on occassion so their quota doesn’t max out. That’s bad.

If you would like to automatically purge mail directories in any way, shape or form, check out the SquirrelMail web site and dig through their stuff. They have tons of it…

13 – MailMan Install

Mailman is a very nice and very well supported Mailing List application. So, if you’d like to host mailing lists, this would be my recommended software. You can read more about it by visiting http://www.gnu.org/software/mailman/index.html.

This tutorial installs version 2.1.10.

Install Mailman via ports:

#cd /usr/ports/mail/mailman
#make all install clean
(Be sure the “POSTFIX” option is selected from the menu)

Enable mailman to start at boot:

#echo 'mailman_enable="YES"' >> /etc/rc.conf

Get Postfix-To-Mailman script

#cd /usr/local/mailman
#fetch http://www.gurulabs.com/downloads/postfix-to-mailman-2.1.py
#mv postfix-to-mailman-2.1.py postfix-to-mailman.py
#chmod 750 postfix-to-mailman.py
#chown mailman:mailman postfix-to-mailman.py

Edit /usr/local/mailman/postfix-to-mailman.py file:

Find and edit the RED TEXT.

#! /usr/local/bin/python
…
# Configuration variables - Change these for your site if necessary.
MailmanHome = “/usr/local/mailman“; # Mailman home directory.
MailmanOwner = “postmaster@domain.tld“; # Postmaster and abuse mail recipient.
…

Edit /usr/local/etc/postfix/main.cf file:

Find and edit the RED TEXT.

...
relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf lists.domain.tld
...
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
transport_maps = hash:/usr/local/etc/postfix/transport
vacation_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
...

Add transport for list to /usr/local/etc/postfix/transport file:

#echo 'lists.domain.tld mailman:' >> /usr/local/etc/postfix/transport

Edit /usr/local/etc/postfix/master.cf file:

Add RED TEXT to end of file.

mailman unix - n n - - pipe
   flags=FR user=mailman:mailman
   argv=/usr/local/mailman/postfix-to-mailman.py ${nexthop} ${user}

Create Postfix transport database:

#postmap /usr/local/etc/postfix/transport

Reload Postfix:

#postfix reload

Edit /usr/local/etc/apache22/extra/httpd-vhosts.conf file:

Add RED TEXT directly under “NameVirtualHost *:80″ line.

NameVirtualHost *:80
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any  block.
#
# Default domain on this server
#
<Virtualhost *:80>
   ServerAdmin webmaster@domain.tld
   DocumentRoot "/usr/local/www/apache22/data"
   ServerName www.domain.tld
   ServerAlias domain.tld www.domain.tld
   <Directory "/usr/local/www/apache22/data">
      AllowOverride None
      Options None
      Order allow,deny
      Allow from all
   </Directory>
   ErrorLog /var/log/httpd-error.log
   CustomLog /var/log/httpd-access.log combined
</Virtualhost>
# Mailman mailing list domain.
#
<Virtualhost *:80>
   ServerAdmin webmaster@domain.tld
   DocumentRoot "/usr/local/mailman"
   ServerName lists.domain.tld
   ServerAlias lists.domain.tld
   ScriptAlias /cgi-bin/ "/usr/local/mailman/cgi-bin/"
   ScriptAlias /mailman/ "/usr/local/mailman/cgi-bin/"
   Alias /pipermail "/usr/local/mailman/archives/public"
   Alias /icons "/usr/local/mailman/icons"
   <Directory "/usr/local/mailman">
      AllowOverride All
      Options FollowSymlinks
      Order allow,deny
      Allow from all
   </Directory>
   ErrorLog /var/log/httpd-error.log
   CustomLog /var/log/httpd-access.log combined
</Virtualhost>

NOTE:

Notice the addition of the default HTTP directory. The reason for this is due to the fact that once virtual hosting is enabled, the default directory used by Apache is the first VirtualHost listed in the httpd-vhosts.conf file. So, make sure that what ever site you plan on using as the default site for that machine comes first in the list of virtual hosts in the httpd-vhosts.conf file.

After adding the above VirtualHost directive, you can delete or comment out the remaining lines in the httpd-vhosts.conf file being as they’re just the default examples and pretty much useless.

Edit /usr/local/etc/apache22/httpd.conf to include vhosts:

Find and edit the RED TEXT.

…
# Virtual hosts
Include etc/apache22/extra/httpd-vhosts.conf
…

Reload Apache configuration:

#apachectl graceful

Test:

Visit “http://lists.domain.tld/mailman/listinfo” and you should see the mailing list information page. If not, restart with the MailMan install. Otherwise, you’ll notice that the ‘Powered by FreeBSD’ logo is missing. “OH NO!”. This, of course, can NOT continue… So, let’s go a head and copy our FBSD logo into proper directory…

Copy FBSD logo so Mailman sees it:

#cd /usr/local/mailman/icons
#cp /usr/local/www/icons/powerlogo.gif ./
Yep! Beastie!

Set site password:

#cd /usr/local/mailman
#bin/mmsitepass
New site password: mailman_password
Again to confirm password: mailman_password

Create Mailman list:

#bin/newlist
Enter the name of the list: mailman
Enter the email of the person running the list: you@domain.tld
Initial mailman password: list_password

You’ll then see instructions to add aliases for the mailing list. We need not worry about that because everything is virtual. So, proceeding… Hit enter to notify mailman owner… ENTER

Add list to Mailman configuration file:

# echo "add_virtualhost('lists.domain.tld','lists.domain.tld')" >> /usr/local/mailman/Mailman/mm_cfg.py

Start Mailman:

#/usr/local/etc/rc.d/mailman start

Test:

Visit “http://lists.domain.tld/ again. Once the page loads, click the “the list admin overview page” link. Then, click the “create a new mailing list” link.
Fill in the blanks:
Name of list: test
Initial list owner address: you@domain.tld
Enter list passwords…
List creator’s (authentication) password: site_password
Click “Create List” button.

IMPORTANT!

Something that has been lingering in the back of mind for a long time and was just recently brought to my attention by my buddy Zbigniew (Thanks!) is the fact that Mailman handling virtual mailing lists will accept *ANY* mail addressed to lists.domain.tld (Or any other list you host). This will produce a surreal amount of backscatter if there were ever a dictionary spam attack on your mailing list. So, in order to fix this we must create a separate map of legitimate mailing list addresses for each mailing list you create. Yes, I know this can be a royal pain in the rear, but I haven’t figured out a good automated process for this yet. So, let’s do this now, shall we?

Find all available mailing list addresses:

#cd /usr/local/mailman
#bin/genaliases

Create and edit /usr/local/etc/postfix/relay_recipients file:

Add every address Postfix should accept mail for for Mailman along with the domains (Using the output from the previous command). Also, follow each address with an “OK”. In other words, if you had a mailing list called ‘users@lists.domain.tld’, your file would look something like this (by default):

users@lists.domain.tld OK
users-admin@lists.domain.tld OK
users-bounces@lists.domain.tld OK
users-confirm@lists.domain.tld OK
users-join@lists.domain.tld OK
users-leave@lists.domain.tld OK
users-owner@lists.domain.tld OK
users-request@lists.domain.tld OK
users-subscribe@lists.domain.tld OK
users-unsubscribe@lists.domain.tld OK

Create map for Postfix:

#postmap /usr/local/etc/postfix/relay_recipients

Note:

You MUST do the above for every mailing list you create in Mailman. Otherwise, Postfix will reject the e-mail. Of course, all addresses can be added to the same file. Also, don’t forget to re-run the ‘postmap’ command and reload Postfix after each edit of the ‘relay_recipients’ file.

Edit /usr/local/etc/postfix/main.cf file:

This will tell Postfix to accept mail for virtual users as well as our mailing list addresses.

...
relay_recipient_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf, hash:/usr/local/etc/postfix/relay_recipients
...

Reload Postfix’s configuration:

#postfix reload

Subscribe to the test mailing list:

Visit “http://lists.domain.tld/mailman/listinfo

Click the name of the new list you’ve created (You might have to reload/refresh the page if nothing shows up). Fill in the blanks in the section labeled “Subscribing to listname” and submit.

Check your email and confirm your subscription.

Send an email to “listname@lists.domain.tld“.

If everything goes correctly, the mail should be submitted without a problem. Again, check the /var/log/maillog for any errors that may occur.

If there are no errors, visit “http://lists.domain.tld/pipermail/listname” to view your submitted mails.

Note:

Also, don’t forget to add a “mailman@domain.tld” alias to point to a legit user on your mail server. Otherwise, you’ll see errors in your maillog.

Adding more lists to MailMan

Add a new list to Mailman:

#cd /usr/local/mailman
#bin/newlist -u lists.domain2.tld -e lists.domain2.tld listname

Add new list to Mailman configuration file:

#echo "add_virtualhost('lists.domain2.tld','lists.domain2.tld')" >> /usr/local/mailman/Mailman/mm_cfg.py

Edit /usr/local/etc/postfix/main.cf file:

Find and edit the RED TEXT.

...
relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf lists.domain.tld lists.domain2.tld
...

Add transport to Postfix:

#echo 'lists.domain2.tld mailman:' >> /usr/local/etc/postfix/transport

Rebuild Postfix’s transport database:

#postmap /usr/local/etc/postfix/transport

Reload Postfix for changes:

#postfix reload

Edit /usr/local/etc/apache22/extra/httpd-vhosts.conf file:

<VirtualHost *:80>
   ServerAdmin webmaster@domain2.tld
   DocumentRoot "/usr/local/mailman"
   ServerName lists.domain2.tld
   ServerAlias lists.domain2.tld
   ScriptAlias /cgi-bin/ "/usr/local/mailman/cgi-bin/"
   ScriptAlias /mailman/ "/usr/local/mailman/cgi-bin/"
   Alias /pipermail "/usr/local/mailman/archives/public"
   Alias /icons "/usr/local/mailman/icons"
   <Directory /usr/local/mailman>
      AllowOverride All
      Options FollowSymlinks
      Order allow,deny
      Allow from all
   </Directory>
   ErrorLog /var/log/httpd-error.log
   CustomLog /var/log/httpd-access.log combined
</VirtualHost>

Reload Apache configuration:

#apachectl graceful

That’s about it. Now, just visit “http://lists.domain2.tld/mailman/listinfo“. Edit, subscribe, etc… and you’re all set.

14 – Mailgraph Install

Mailgraph is a nice little statistics CGI script for your mail server. You can read more about it by visiting http://mailgraph.schweikert.ch.

This tutorial installs version 1.14_2.

Install RRDTool:

#cd /usr/ports/databases/rrdtool
#make all install clean (Menu defaults are fine)

Patch and install Mailgraph:

(Many thanks to DrkShdw for this patch and many other helpful things…)

#cd /usr/ports/mail/mailgraph
#make extract
#fetch http://www.purplehat.org/downloads/postfix_guide/mailgraph-1.14-postfix.diff
#patch -p0 < mailgraph-1.14-postfix.diff
#make all install clean

Add Mailgraph to system startup:

#echo 'mailgraph_enable="YES"' >> /etc/rc.conf

Start Mailgraph application:

#/usr/local/etc/rc.d/mailgraph start

NOTE:

If you are using a different Apache layout than this tutorial/guide has set up and you aren’t able to access the mailgraph.cgi script via http://www.domain.tld/cgi-bin/mailgraph.cgi, you can fix this easily by copying the mailgraph.cgi script to your preffered cgi-bin by issuing a command similar to the following:

#cp /usr/local/www/cgi-bin/mailgraph.cgi /path/to/your/cgi-bin/mailgraph.cgi

Changing the /path/to/your/cgi-bin/, of course.

You’ll also need to copy the ‘mailgraph’ directory located in /usr/local/www/data to your base directory in order to use the mailgraph CSS information. This is also very simple to do. Just issue something like so:

#cp -Rp /usr/local/www/data/mailgraph/ /path/to/your/data/mailgraph/

Again, changing the /path/to/your/data/.

15 – Roundcube Install

Roundcube is a great webmail application that has been coming along quite nicely. As I’d mentioned before, I prefer Squirrelmail due to plugins and more support. But, Roundcube looks very nice and beginning to ‘bloom’. So, feel free to play with it. A lot of users will prefer this over SquirrelMail. You can check out more about Roundcube by visiting http://roundcube.net.

This tutorial installs version 0.1.1_1,1.

Install Roundcube via ports:

#cd /usr/ports/mail/roundcube
#make install clean
(Be sure “MySQL” and “SPELLCHECK” are selected from the menu.)

Create MySQL database and user for Roundcube:

#mysql -u root -p mysql
>CREATE DATABASE roundcube;
>GRANT ALL PRIVILEGES ON roundcube.* TO roundcube@localhost
>IDENTIFIED BY 'roundcube_password';
>quit;

Populate the Roundcube database:

#cd /usr/local/www/roundcube/SQL
#mysql -u roundcube -p roundcube < mysql5.initial.sql
(Enter Roundcube’s SQL password)

Edit /usr/local/www/roundcube/config/db.inc.php file:

Find and edit the RED TEXT.

...
$rcmail_config['db_dsnw'] = 'mysql://roundcube:roundcube_sql_password@unix(/tmp/mysql.sock)/roundcube';
...

Edit /usr/local/www/roundcube/config/main.inc.php file:

Find and edit the RED TEXT.

…
 $rcmail_config['default_host'] = ‘ssl://localhost:993‘;
 …
 $rcmail_config['default_port'] = 993;
 …
 $rcmail_config[’useragent’] = ‘RoundCube Webmail’;
 …

Secure Roundcube configuration files:

#chmod 600 /usr/local/www/roundcube/config/*

Edit /usr/local/etc/apache22/Includes/roundcube.conf file:

Alias /roundcube "/usr/local/www/roundcube/"
<Directory "/usr/local/www/roundcube">
   Options Indexes FollowSymLinks
   AllowOverride All
   Order allow,deny
   Allow from all
</Directory>

Reload Apache’s configuration:

#apachectl graceful

Test:

Visit “https://www.domain.tld/roundcube/” and login to roundcube using your full email address and password. You should now be able to use Roundcube as a webmail client. If you’re having any problems, be sure to check your Roundcube logs located in “/usr/local/www/roundcube/logs“.

from PURPLEHAT ORGANIZATION

Twenty-three to complain to -current about the lights being out;

Four to claim that it is a configuration problem, and that such matters really belong on -questions;

Three to submit PRs about it, one of which is misfiled under doc and consists only of “it’s dark”;

One to commit an untested lightbulb which breaks buildworld, then back it out five minutes later;

Eight to flame the PR originators for not including patches in their PRs;

Five to complain about buildworld being broken;

Thirty-one to answer that it works for them, and they must have cvsupped at a bad time;

One to post a patch for a new lightbulb to -hackers;

One to complain that he had patches for this three years ago, but when he sent them to -current they were just ignored, and he has had bad experiences with the PR system; besides, the proposed new lightbulb is non-reflexive;

Thirty-seven to scream that lightbulbs do not belong in the base system, that committers have no right to do things like this without consulting the Community, and WHAT IS -CORE DOING ABOUT IT!?

Two hundred to complain about the color of the bicycle shed;

Three to point out that the patch breaks style(9);

Seventeen to complain that the proposed new lightbulb is under GPL;

Five hundred and eighty-six to engage in a flame war about the comparative advantages of the GPL, the BSD license, the MIT license, the NPL, and the personal hygiene of unnamed FSF founders;

Seven to move various portions of the thread to -chat and -advocacy;

One to commit the suggested lightbulb, even though it shines dimmer than the old one;

Two to back it out with a furious flame of a commit message, arguing that FreeBSD is better off in the dark than with a dim lightbulb;

Forty-six to argue vociferously about the backing out of the dim lightbulb and demanding a statement from -core;

Eleven to request a smaller lightbulb so it will fit their Tamagotchi if we ever decide to port FreeBSD to that platform;

Seventy-three to complain about the SNR on -hackers and -chat and unsubscribe in protest;

Thirteen to post “unsubscribe”, “How do I unsubscribe?”, or “Please remove me from the list”, followed by the usual footer;

One to commit a working lightbulb while everybody is too busy flaming everybody else to notice;

Thirty-one to point out that the new lightbulb would shine 0.364% brighter if compiled with TenDRA (although it will have to be reshaped into a cube), and that FreeBSD should therefore switch to TenDRA instead of EGCS;

One to complain that the new lightbulb lacks fairings;

Nine (including the PR originators) to ask “what is MFC?”;

Fifty-seven to complain about the lights being out two weeks after the bulb has been changed.

Nik Clayton adds:

I was laughing quite hard at this.

And then I thought, “Hang on, shouldn’t there be ‘1 to document it.’ in that list somewhere?”

And then I was enlightened

Thomas Abthorpe says: “None, real FreeBSD hackers are not afraid of the dark!”

from The FreeBSD Funnies