======================================= freebsd sendmail ======================================= Example setup of a sendmail server to host email for multiple domains. If your isp blocks port 25 then you are out of luck. - sendmail - mailscanner - clamav - spamassassin - opendkim - saslauthd - dovecot - apache - certbot - php - mysql - logrotate - roundcube - ipfw - fail2ban - bind9 LAN: 192.168.99.100 dog WAN: 97.98.99.100 mail.example.com ======================================= /etc/rc.conf --------------------------------------- hostname="dog" ifconfig_igb0="inet 192.168.99.100 netmask 255.255.255.0" ifconfig_igb1="inet 97.98.99.100 netmask 255.255.255.248" ======================================= /etc/hosts --------------------------------------- 192.168.99.100 dog.example.com dog 97.98.99.100 mail.example.com mail ======================================= /etc/resolv.conf --------------------------------------- https://www.genunix.com/o1/fix_sendmail_spamhaus_dnsbl.txt --------------------------------------- nameserver 9.9.9.9 nameserver 208.67.222.222 ======================================= prepare the mail server --------------------------------------- freebsd-version -kru freebsd-update fetch freebsd-update install shutdown -r now pkg update pkg upgrade zpool create -f -m /export -o autoexpand=off -O compression=lz4 -O checksum=sha512 -O atime=on tank raidz1 da0 da1 da2 da3 da4 da5 zfs create tank/email zfs destroy zroot/var/mail zfs create -o mountpoint=/var/mail tank/mail zfs list ::: NAME USED AVAIL REFER MOUNTPOINT tank 652K 45.3T 32.9K /export tank/email 32.9K 45.3T 32.9K /export/email tank/mail 32.9K 45.3T 32.9K /var/mail zroot 688M 98.8G 24K /zroot zroot/ROOT 680M 98.8G 24K none zroot/ROOT/default 680M 98.8G 680M / zroot/tmp 24K 98.8G 26K /tmp zroot/usr 72K 98.8G 24K /usr zroot/usr/home 24K 98.8G 24K /usr/home zroot/var 275K 98.8G 24K /var zroot/var/audit 24K 98.8G 24K /var/audit zroot/var/crash 24K 98.8G 24K /var/crash zroot/var/log 179K 98.8G 179K /var/log zroot/var/tmp 24K 98.8G 24K /var/tmp ::: chmod 775 /var/mail chgrp mail /var/mail pw groupadd -n email -g 4000 ======================================= install complete web stack --------------------------------------- Create a site for https://mail.example.com working with a letsencrypt certificate. https://www.genunix.com/o1/freebsd_apache_mysql_php_letsencrypt.txt ======================================= switch to sendmail --------------------------------------- As of FreeBSD 14 the default mta is DragonFly so additional steps must be taken to switch it to sendmail. Note that on FreeBSD 13 pkg install sendmail is required because the sendmail included in base is built without SASLv2. ======================================= /etc/periodic.conf --------------------------------------- daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO" ======================================= install sendmail --------------------------------------- root@dog:~ # pkg install sendmail-8.18.1_1 Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. The following 3 package(s) will be affected (of 0 checked): New packages to be INSTALLED: cyrus-sasl: 2.1.28_5 cyrus-sasl-saslauthd: 2.1.28_2 sendmail: 8.18.1_1 Number of packages to be installed: 3 The process will require 13 MiB more space. 2 MiB to be downloaded. Proceed with this action? [y/N]: y [1/3] Fetching cyrus-sasl-2.1.28_5.pkg: 100% 1 MiB 1.1MB/s 00:01 [2/3] Fetching cyrus-sasl-saslauthd-2.1.28_2.pkg: 100% 44 KiB 45.5kB/s 00:01 [3/3] Fetching sendmail-8.18.1_1.pkg: 100% 1 MiB 1.3MB/s 00:01 Checking integrity... done (0 conflicting) [1/3] Installing cyrus-sasl-2.1.28_5... *** Added group `cyrus' (id 60) *** Added user `cyrus' (id 60) [1/3] Extracting cyrus-sasl-2.1.28_5: 100% [2/3] Installing cyrus-sasl-saslauthd-2.1.28_2... [2/3] Extracting cyrus-sasl-saslauthd-2.1.28_2: 100% [3/3] Installing sendmail-8.18.1_1... ===> Creating groups Using existing group 'smmsp' ===> Creating users Using existing user 'smmsp' ===> Creating homedir(s) [3/3] Extracting sendmail-8.18.1_1: 100% ===== Message from cyrus-sasl-2.1.28_5: -- You can use sasldb2 for authentication, to add users use: saslpasswd2 -c username If you want to enable SMTP AUTH with the system Sendmail, read Sendmail.README NOTE: This port has been compiled with a default pwcheck_method of auxprop. If you want to authenticate your user by /etc/passwd, PAM or LDAP, install ports/security/cyrus-sasl2-saslauthd and set sasl_pwcheck_method to saslauthd after installing the Cyrus-IMAPd 2.X port. You should also check the /usr/local/lib/sasl2/*.conf files for the correct pwcheck_method. If you want to use GSSAPI mechanism, install ports/security/cyrus-sasl2-gssapi. If you want to use SRP mechanism, install ports/security/cyrus-sasl2-srp. If you want to use LDAP auxprop plugin, install ports/security/cyrus-sasl2-ldapdb. ===== Message from cyrus-sasl-saslauthd-2.1.28_2: -- To run saslauthd from startup, add saslauthd_enable="YES" in your /etc/rc.conf. ===== Message from sendmail-8.18.1_1: -- you should add in /etc/make.conf: SENDMAIL_CF_DIR= /usr/local/share/sendmail/cf To deliver all local mail to your mailhub, edit the last line of submit.mc: FEATURE(`msp','[mailhub.do.main]`)dnl To update your configuration look at /usr/local/share/sendmail/cf/README. --------------------------------------------------- To use the binaries supplied by the port you should add the following lines to your sendmail.mc file before any mailer or feature definition: define(`confEBINDIR', `/usr/local/libexec')dnl define(`UUCP_MAILER_PATH', `/usr/local/bin/uux')dnl --------------------------------------------------- To activate sendmail as your default mailer, run: $ cd /usr/local/etc/mail && cp mailer.conf.sendmail mailer.conf Your '/usr/local/etc/mail/mailer.conf' should look like this: # # Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail # sendmail /usr/local/sbin/sendmail send-mail /usr/local/sbin/sendmail mailq /usr/local/sbin/sendmail newaliases /usr/local/sbin/sendmail hoststat /usr/local/sbin/sendmail purgestat /usr/local/sbin/sendmail You may also need to update /etc/rc.conf. ======================================= /etc/rc.conf --------------------------------------- sendmail_enable="YES" ======================================= /usr/local/lib/sasl2/Sendmail.conf --------------------------------------- pwcheck_method: saslauthd --------------------------------------- cp /usr/local/etc/mail/mailer.conf.sendmail /usr/local/etc/mail/mailer.conf rm /etc/periodic.conf shutdown -r now sendmail -d0 Creating groups Using existing group 'unbound' ===> Creating users Using existing user 'unbound' [2/4] Extracting unbound-1.22.0_1: 100% [3/4] Installing lua54-5.4.7... [3/4] Extracting lua54-5.4.7: 100% [4/4] Installing opendkim-2.10.3_20... [4/4] Extracting opendkim-2.10.3_20: 100% ===== Message from opendkim-2.10.3_20: -- In order to run this port, write your opendkim.conf and: if you use sendmail, add the milter socket `socketspec' in /etc/mail/.mc: INPUT_MAIL_FILTER(`dkim-filter', `S=_YOUR_SOCKET_SPEC_, F=T, T=R:2m') or if you use postfix write your milter socket `socketspec' in /usr/local/etc/postfix/main.cf: smtpd_milters = _YOUR_SOCKET_SPEC_ And to run the milter from startup, add milteropendkim_enable="YES" in your /etc/rc.conf. Extra options can be found in startup script. Note: milter sockets must be accessible from postfix/smtpd; using inet sockets might be preferred. ======================================= /etc/rc.conf --------------------------------------- # opendkim milteropendkim_enable="YES" milteropendkim_uid="mailnull" ======================================= /usr/local/etc/mail/opendkim.conf --------------------------------------- Domain example.com ExternalIgnoreList refile:/usr/local/etc/mail/opendkim.trustedhosts InternalHosts refile:/usr/local/etc/mail/opendkim.trustedhosts KeyFile /var/db/dkim/example.private KeyTable refile:/usr/local/etc/mail/opendkim.keytable PidFile /var/run/opendkim/opendkim.pid Selector dog SigningTable refile:/usr/local/etc/mail/opendkim.signingtable Socket inet:8891@localhost Syslog Yes ======================================= /usr/local/etc/mail/opendkim.trustedhosts --------------------------------------- 127.0.0.1 localhost ======================================= /usr/local/etc/mail/opendkim.signingtable --------------------------------------- # *@[a-z0-9]*.example.com default._domainkey.example.com ======================================= create opendkim keys --------------------------------------- Create keys for each hosted domain and add it to their dns zone file. --------------------------------------- mkdir /usr/local/etc/mail/opendkim.keys mkdir /usr/local/etc/mail/opendkim.keys/example.com opendkim-genkey -D /usr/local/etc/mail/opendkim.keys/example.com -d example.com -s default echo example.com >> /usr/local/etc/mail/opendkim.trustedhosts echo "*@example.com default._domainkey.example.com" >> /usr/local/etc/mail/opendkim.signingtable echo "default._domainkey.example.com example.com:default:/usr/local/etc/mail/opendkim.keys/example.com/default.private" >> /usr/local/etc/mail/opendkim.keytable chown -R mailnull:mailnull /usr/local/etc/mail/opendkim.keys/*/* service milter-opendkim restart cat /usr/local/etc/mail/opendkim.keys/example.com/default.txt ======================================= dns server /usr/local/etc/namedb/primary/db.example.com --------------------------------------- https://www.genunix.com/o1/freebsd_bind9.txt Plan ahead and set the $TTL to 5 minutes or less while you work and set it back to something reasonable like 3D when finished. --------------------------------------- $TTL 5m @ MX 10 mail.example.com. @ TXT "v=spf1 a mx ip4:97.98.99.96/29 ~all" mail TXT "v=spf1 a mx ip4:97.98.99.96/29 ~all" _dmarc TXT "v=DMARC1; p=quarantine" default._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; " "p=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" ) ; ----- DKIM key default for example.com mail A 97.98.99.100 ======================================= dns server /usr/local/etc/namedb/primary/db.99.98.97 --------------------------------------- Setting up an active reverse PTR record might be controlled by your ISP. --------------------------------------- 100 PTR mail.example.com. ======================================= /etc/mail/certs/revoke.crl --------------------------------------- curl -o /etc/mail/certs/revoke.crl http://crl.cacert.org/revoke.crl ======================================= /etc/mail/access --------------------------------------- Connect:127 RELAY GreetPause:127 0 ClientRate:127 0 ClientConn:127 0 Connect:IPv6:::1 RELAY GreetPause:IPv6:::1 0 ClientRate:IPv6:::1 0 ClientConn:IPv6:::1 0 Connect:192.168 RELAY GreetPause:192.168 0 ClientRate:192.168 0 ClientConn:192.168 0 Connect:97.98.99 RELAY GreetPause:97.98.99 0 ClientRate:97.98.99 0 ClientConn:97.98.99 0 GreetPause: 6000 ClientRate: 10 ClientConn: 3 Spam:postmaster@ FRIEND Spam:abuse@ FRIEND Spam:spam@ FRIEND Connect:169.254 REJECT Connect:192.0.2 REJECT Connect:224 REJECT Connect:255 REJECT # domains GreetPause:example.com 0 ClientRate:example.com 0 ClientConn:example.com 0 example.com OK GreetPause:domain.com 0 ClientRate:domain.com 0 ClientConn:domain.com 0 domain.com OK GreetPause:domain.ca 0 ClientRate:domain.ca 0 ClientConn:domain.ca 0 domain.ca OK # freebsd.org ClientRate:96.47.72.81 0 # system Srv_Features: V # reject # https://data.iana.org/TLD/tlds-alpha-by-domain.txt friend@evilplace.com OK evilplace.com REJECT accountant REJECT accountants REJECT actor REJECT adsl REJECT airforce REJECT army REJECT ar REJECT as REJECT asia REJECT at REJECT attorney REJECT live.com.au OK edu.au OK au REJECT auction REJECT audio REJECT band REJECT bar REJECT bark.com REJECT beauty REJECT best REJECT bf REJECT bg REJECT bid REJECT blackfriday REJECT clouduol.com.br OK br REJECT buzz REJECT cam REJECT ======================================= /etc/mail/virtusertable --------------------------------------- # # domains # @example.com error:nouser 500 Unknown User Address postmaster@example.com postmaster abuse@example.com abuse autoreply@example.com autoreply # @domain.com error:nouser 500 Unknown User Address postmaster@domain.com postmaster abuse@domain.com abuse autoreply@domain.com autoreply # @domain.ca error:nouser 500 Unknown User Address postmaster@domain.ca postmaster abuse@domain.ca abuse autoreply@domain.ca autoreply # # users # ======================================= /etc/mail/genericstable --------------------------------------- touch /etc/mail/genericstable ======================================= /etc/mail/trusted-users --------------------------------------- www ======================================= /etc/mail/generics-domains --------------------------------------- example.com domain.com domain.ca ======================================= /etc/mail/local-host-names --------------------------------------- example.com domain.com domain.ca --------------------------------------- cp /etc/mail/freebsd.submit.mc /etc/mail/dog.submit.mc cp /etc/mail/freebsd.mc /etc/mail/dog.mc ======================================= /etc/mail/dog.mc --------------------------------------- divert(-1)dnl #----------------------------------------------------------------------------- # # dog # #----------------------------------------------------------------------------- divert(0)dnl VERSIONID(`$FreeBSD$')dnl dnl # default logging level is 9 (0-15), uncomment and set it higher to debug the configuration define(`confLOG_LEVEL', `9')dnl dnl # OSTYPE(freebsd6)dnl DOMAIN(generic)dnl FEATURE(`no_default_msa')dnl dnl # port 25 DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl dnl # port 587 STARTTLS DAEMON_OPTIONS(`Port=submission, Name=MSA-SSL, M=Ea')dnl dnl # port 465 SSL/TLS dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl dnl # Be somewhat anal in what we allow define(`confPRIVACY_FLAGS', `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,novrfy,noexpn')dnl dnl # dnl # allow relaying if user authenticates and dissallow plaintext auth (PLAIN/LOGIN) on non-TLS links define(`confAUTH_OPTIONS', `A p')dnl dnl # define(`confTO_IDENT', `0')dnl dnl # dnl # Define connection throttling and window length define(`confCONNECTION_RATE_THROTTLE', `5')dnl define(`confCONNECTION_RATE_WINDOW_SIZE', `10m')dnl dnl # dnl # If we get too many bad recipients, slow things down... define(`confBAD_RCPT_THROTTLE', `3')dnl dnl # dnl # Features dnl # dnl # use /etc/mail/trusted-users FEATURE(`use_ct_file')dnl dnl # dnl # DNS black list FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected: Unsolicited e-mail from " $`'&{client_addr} " has been refused. DNSBL list: SpamCop (bl.spamcop.net)."', `t')dnl FEATURE(`dnsbl', `zen.spamhaus.org', `"554 Rejected: Unsolicited e-mail from " $`'&{client_addr} " has been refused. DNSBL list: Spamhaus (zen.spamhaus.org)."', `t')dnl define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl dnl # dnl # The following limits the number of processes sendmail can fork to accept dnl # incoming messages or process its message queues to 20.) sendmail refuses dnl # to accept connections once it has reached its quota of child processes. dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl dnl # dnl # The access db is the basis for most of sendmail's checking dnl FEATURE(`access_db', , `skip')dnl FEATURE(access_db, `hash -o -T /etc/mail/access')dnl dnl # dnl # The greet_pause feature stops some automail bots - but check the dnl # provided access db for details on excluding localhosts... FEATURE(`greet_pause', `1000')dnl 1 seconds dnl # dnl # Delay_checks allows sender<->recipient checking FEATURE(`delay_checks', `friend', `n')dnl dnl # dnl # Stop connections that overflow our concurrent and time connection rates FEATURE(`conncontrol', `nodelay', `terminate')dnl FEATURE(`ratecontrol', `nodelay', `terminate')dnl dnl # dnl # enable sasl dnl # note: defining realm allows username@domain.com logins dnl # include(`/etc/mail/sasl/sasl.m4')dnl dnl # dnl set SASL options TRUST_AUTH_MECH(`LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl dnl # dnl # enable starttls dnl # include(`/etc/mail/tls/starttls.m4')dnl define(`confTO_STARTTLS', `2m')dnl # <= EDIT dnl # dnl # CA directory - CA certs should be herein define(`confCACERT_PATH', `/usr/local/etc/letsencrypt/live/mail.example.com')dnl # <= EDIT dnl # dnl # CA file (may be the same as client/server certificate) define(`confCACERT', `/usr/local/etc/letsencrypt/live/mail.example.com/fullchain.pem')dnl # <= EDIT dnl # dnl # Certificate Revocation List define(`confCRL', `/etc/mail/certs/revoke.crl')dnl # <= EDIT http://crl.cacert.org/revoke.crl dnl # dnl # Server certificate/key (can be in the same file, and shared w/client) dnl # NOTE: The key must *NOT* be encrypted !!! define(`confSERVER_CERT', `/usr/local/etc/letsencrypt/live/mail.example.com/cert.pem')dnl # <= EDIT define(`confSERVER_KEY', `/usr/local/etc/letsencrypt/live/mail.example.com/privkey.pem')dnl # <= EDIT dnl # dnl # Client certificate/key (can be in the same file, and shared w/server) dnl # NOTE: The key must *NOT* be encrypted !!! define(`confCLIENT_CERT', `/usr/local/etc/letsencrypt/live/mail.example.com/cert.pem')dnl # <= EDIT define(`confCLIENT_KEY', `/usr/local/etc/letsencrypt/live/mail.example.com/privkey.pem')dnl # <= EDIT dnl # dnl # DH parameters define(`confDH_PARAMETERS', `/etc/mail/certs/dh.param')dnl # <= EDIT dnl # dnl # Optional settings define(`confTLS_SRV_OPTIONS', `V')dnl # <= EDIT dnl # FEATURE(`always_add_domain')dnl FEATURE(`relay_entire_domain')dnl dnl # dnl # dnl # virtual hosting dnl # dnl # use /etc/mail/local-host-names FEATURE(`use_cw_file')dnl define(`confCW_FILE', `-o /etc/mail/local-host-names')dnl GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl dnl # FEATURE(`genericstable')dnl define(`confDOMAIN_NAME', `mail.example.com')dnl dnl # all deliverable user addresses FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')dnl FEATURE(genericstable, `hash -o /etc/mail/genericstable')dnl dnl # dnl # dnl # Masquerading options dnl # any mail originating from this host appears to be sent from this domain MASQUERADE_AS(`example.com')dnl FEATURE(`allmasquerade')dnl FEATURE(`limited_masquerade')dnl dnl # masquerade not just the headers, but the envelope as well FEATURE(`masquerade_envelope')dnl dnl # masquerade subdomains too @*.domain.com FEATURE(`masquerade_entire_domain')dnl dnl # dnl # dnl # blacklist recipients via access dnl # FEATURE(`blacklist_recipients')dnl FEATURE(blocklist_recipients)dnl dnl # dnl # opendkim INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@localhost, F=T, T=R:2m') dnl # dnl # Miscellaneous EXPOSED_USER(`root')dnl undefine(`UUCP_RELAY')dnl undefine(`BITNET_RELAY')dnl undefine(`DECNET_RELAY')dnl undefine(`FAX_RELAY')dnl FEATURE(`nouucp', `reject')dnl dnl # dnl # Default Mailer setup MAILER_DEFINITIONS MAILER(`local')dnl MAILER(`smtp')dnl ======================================= rebuild sendmail --------------------------------------- cd /etc/mail make make install service mta restart ======================================= install mailscanner --------------------------------------- root@dog:~ # pkg install mailscanner Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. The following 84 package(s) will be affected (of 0 checked): New packages to be INSTALLED: MailScanner: 5.3.4.3_2 arc: 5.21q_1 arj: 3.10.22_12 clamav: 1.4.2,1 gnupg1: 1.4.23_4 libidn: 1.42 libmspack: 0.11alpha p5-Archive-Zip: 1.68 p5-Authen-SASL: 2.17_1 p5-Business-ISBN: 3.008 p5-Business-ISBN-Data: 20241224.001 p5-Class-Inspector: 1.36 p5-Class-XSAccessor: 1.19_2,1 p5-Clone: 0.47 p5-Convert-BinHex: 1.125 p5-Convert-TNEF: 0.18_2 p5-Crypt-OpenSSL-Bignum: 0.09 p5-Crypt-OpenSSL-RSA: 0.33 p5-Crypt-OpenSSL-Random: 0.17 p5-CryptX: 0.084 p5-DBD-SQLite: 1.76 p5-DBI: 1.644 p5-Data-Dump: 1.25 p5-Digest-HMAC: 1.05 p5-Digest-MD5: 2.59 p5-Digest-SHA1: 2.13_2 p5-Encode-Detect: 1.01_1 p5-Encode-Locale: 1.05 p5-Error: 0.17029 p5-File-ShareDir: 1.118 p5-Filesys-Df: 0.92_1 p5-Geography-Countries: 2009041301_1 p5-HTML-Parser: 3.83 p5-HTML-Tagset: 3.24 p5-HTTP-Date: 6.06 p5-HTTP-Message: 7.00 p5-IO-HTML: 1.004 p5-IO-Socket-INET6: 2.73 p5-IO-Socket-IP: 0.43 p5-IO-Socket-SSL: 2.089 p5-IO-String: 1.08_1 p5-IO-Stringy: 2.113 p5-IP-Country: 2.28_1 p5-Inline: 0.86 p5-Inline-C: 0.82 p5-JSON: 4.10 p5-LWP-MediaTypes: 6.04 p5-MIME-Tools: 5.515,2 p5-Mail-AuthenticationResults: 2.20231031 p5-Mail-DKIM: 1.20240923 p5-Mail-IMAPClient: 3.43 p5-Mail-SPF: 3.20240923 p5-Mail-Tools: 2.22 p5-Mozilla-CA: 20240924 p5-Net-CIDR: 0.21 p5-Net-CIDR-Lite: 0.22 p5-Net-DNS: 1.49,1 p5-Net-DNS-Resolver-Programmable: 0.009 p5-Net-IDN-Encode: 2.500_1 p5-Net-IP: 1.26_1 p5-Net-Ident: 1.23_1 p5-Net-LibIDN: 0.12_6 p5-Net-SSLeay: 1.94 p5-NetAddr-IP: 4.079 p5-OLE-Storage_Lite: 0.22 p5-Parse-RecDescent: 1.967015 p5-Pegex: 0.75 p5-Socket6: 0.29 p5-Sys-Hostname-Long: 1.5_1 p5-Sys-SigAction: 0.23 p5-Test-Manifest: 2.024 p5-TimeDate: 2.33,1 p5-URI: 5.31 p5-XString: 0.005 p5-XXX: 0.38 p5-YAML-PP: 0.034 re2c: 3.0 spamassassin: 4.0.1_2 tnef: 1.4.18 unace: 1.2b_3 unarj: 2.65_2 unrar: 7.01,6 unzoo: 4.4_2 zoo: 2.10.1_5 Number of packages to be installed: 84 The process will require 109 MiB more space. 26 MiB to be downloaded. Proceed with this action? [y/N]: y [1/84] Fetching p5-Digest-MD5-2.59.pkg: 100% 20 KiB 20.5kB/s 00:01 [2/84] Fetching p5-Net-SSLeay-1.94.pkg: 100% 281 KiB 288.2kB/s 00:01 [3/84] Fetching MailScanner-5.3.4.3_2.pkg: 100% 475 KiB 486.8kB/s 00:01 [4/84] Fetching p5-IO-Socket-IP-0.43.pkg: 100% 29 KiB 29.3kB/s 00:01 [5/84] Fetching p5-URI-5.31.pkg: 100% 101 KiB 103.0kB/s 00:01 [6/84] Fetching p5-Crypt-OpenSSL-RSA-0.33.pkg: 100% 26 KiB 27.0kB/s 00:01 [7/84] Fetching p5-Filesys-Df-0.92_1.pkg: 100% 11 KiB 10.9kB/s 00:01 [8/84] Fetching p5-Crypt-OpenSSL-Random-0.17.pkg: 100% 15 KiB 15.0kB/s 00:01 [9/84] Fetching p5-Sys-SigAction-0.23.pkg: 100% 17 KiB 17.2kB/s 00:01 [10/84] Fetching spamassassin-4.0.1_2.pkg: 100% 1 MiB 1.1MB/s 00:01 [11/84] Fetching p5-DBD-SQLite-1.76.pkg: 100% 3 MiB 2.7MB/s 00:01 [12/84] Fetching p5-Class-Inspector-1.36.pkg: 100% 19 KiB 19.9kB/s 00:01 [13/84] Fetching p5-NetAddr-IP-4.079.pkg: 100% 86 KiB 88.3kB/s 00:01 [14/84] Fetching p5-TimeDate-2.33,1.pkg: 100% 34 KiB 34.9kB/s 00:01 [15/84] Fetching p5-Net-CIDR-0.21.pkg: 100% 15 KiB 14.9kB/s 00:01 [16/84] Fetching p5-YAML-PP-0.034.pkg: 100% 104 KiB 106.8kB/s 00:01 [17/84] Fetching p5-Error-0.17029.pkg: 100% 27 KiB 27.9kB/s 00:01 [18/84] Fetching p5-IP-Country-2.28_1.pkg: 100% 274 KiB 280.3kB/s 00:01 [19/84] Fetching libmspack-0.11alpha.pkg: 100% 78 KiB 80.2kB/s 00:01 [20/84] Fetching libidn-1.42.pkg: 100% 240 KiB 245.5kB/s 00:01 [21/84] Fetching p5-Convert-TNEF-0.18_2.pkg: 100% 14 KiB 14.6kB/s 00:01 [22/84] Fetching gnupg1-1.4.23_4.pkg: 100% 1 MiB 1.2MB/s 00:01 [23/84] Fetching p5-DBI-1.644.pkg: 100% 769 KiB 787.0kB/s 00:01 [24/84] Fetching p5-Authen-SASL-2.17_1.pkg: 100% 41 KiB 42.4kB/s 00:01 [25/84] Fetching zoo-2.10.1_5.pkg: 100% 61 KiB 62.9kB/s 00:01 [26/84] Fetching p5-HTTP-Date-6.06.pkg: 100% 11 KiB 11.0kB/s 00:01 [27/84] Fetching p5-Mail-DKIM-1.20240923.pkg: 100% 142 KiB 145.1kB/s 00:01 [28/84] Fetching tnef-1.4.18.pkg: 100% 37 KiB 38.0kB/s 00:01 [29/84] Fetching p5-Inline-C-0.82.pkg: 100% 73 KiB 74.4kB/s 00:01 [30/84] Fetching p5-Pegex-0.75.pkg: 100% 107 KiB 109.6kB/s 00:01 [31/84] Fetching p5-Net-IP-1.26_1.pkg: 100% 27 KiB 27.7kB/s 00:01 [32/84] Fetching p5-IO-Socket-INET6-2.73.pkg: 100% 13 KiB 13.7kB/s 00:01 [33/84] Fetching p5-Net-DNS-1.49,1.pkg: 100% 331 KiB 339.1kB/s 00:01 [34/84] Fetching p5-Encode-Locale-1.05.pkg: 100% 12 KiB 12.2kB/s 00:01 [35/84] Fetching p5-HTML-Parser-3.83.pkg: 100% 86 KiB 88.1kB/s 00:01 [36/84] Fetching p5-LWP-MediaTypes-6.04.pkg: 100% 20 KiB 20.9kB/s 00:01 [37/84] Fetching p5-Geography-Countries-2009041301_1.pkg: 100% 13 KiB 12.9kB/s 00:01 [38/84] Fetching p5-XXX-0.38.pkg: 100% 14 KiB 14.1kB/s 00:01 [39/84] Fetching p5-IO-HTML-1.004.pkg: 100% 15 KiB 15.9kB/s 00:01 [40/84] Fetching unace-1.2b_3.pkg: 100% 14 KiB 14.1kB/s 00:01 [41/84] Fetching p5-Digest-HMAC-1.05.pkg: 100% 15 KiB 15.5kB/s 00:01 [42/84] Fetching clamav-1.4.2,1.pkg: 100% 14 MiB 14.6MB/s 00:01 [43/84] Fetching arj-3.10.22_12.pkg: 100% 209 KiB 213.8kB/s 00:01 [44/84] Fetching p5-HTTP-Message-7.00.pkg: 100% 81 KiB 83.1kB/s 00:01 [45/84] Fetching arc-5.21q_1.pkg: 100% 51 KiB 52.2kB/s 00:01 [46/84] Fetching unrar-7.01,6.pkg: 100% 174 KiB 178.3kB/s 00:01 [47/84] Fetching unarj-2.65_2.pkg: 100% 20 KiB 20.0kB/s 00:01 [48/84] Fetching p5-Crypt-OpenSSL-Bignum-0.09.pkg: 100% 27 KiB 28.0kB/s 00:01 [49/84] Fetching p5-Business-ISBN-Data-20241224.001.pkg: 100% 23 KiB 23.3kB/s 00:01 [50/84] Fetching p5-Business-ISBN-3.008.pkg: 100% 20 KiB 20.0kB/s 00:01 [51/84] Fetching p5-IO-Socket-SSL-2.089.pkg: 100% 194 KiB 198.6kB/s 00:01 [52/84] Fetching p5-Net-DNS-Resolver-Programmable-0.009.pkg: 100% 18 KiB 18.1kB/s 00:01 [53/84] Fetching p5-IO-Stringy-2.113.pkg: 100% 50 KiB 51.4kB/s 00:01 [54/84] Fetching p5-Test-Manifest-2.024.pkg: 100% 12 KiB 12.6kB/s 00:01 [55/84] Fetching p5-Mail-SPF-3.20240923.pkg: 100% 115 KiB 117.4kB/s 00:01 [56/84] Fetching p5-Convert-BinHex-1.125.pkg: 100% 30 KiB 31.1kB/s 00:01 [57/84] Fetching p5-Parse-RecDescent-1.967015.pkg: 100% 132 KiB 135.3kB/s 00:01 [58/84] Fetching p5-Net-IDN-Encode-2.500_1.pkg: 100% 89 KiB 91.0kB/s 00:01 [59/84] Fetching p5-OLE-Storage_Lite-0.22.pkg: 100% 17 KiB 17.8kB/s 00:01 [60/84] Fetching p5-Clone-0.47.pkg: 100% 11 KiB 11.3kB/s 00:01 [61/84] Fetching p5-CryptX-0.084.pkg: 100% 647 KiB 662.5kB/s 00:01 [62/84] Fetching p5-HTML-Tagset-3.24.pkg: 100% 12 KiB 12.3kB/s 00:01 [63/84] Fetching p5-XString-0.005.pkg: 100% 13 KiB 12.9kB/s 00:01 [64/84] Fetching p5-Mail-Tools-2.22.pkg: 100% 75 KiB 77.0kB/s 00:01 [65/84] Fetching p5-Archive-Zip-1.68.pkg: 100% 80 KiB 82.1kB/s 00:01 [66/84] Fetching p5-Mail-IMAPClient-3.43.pkg: 100% 147 KiB 150.2kB/s 00:01 [67/84] Fetching p5-Net-Ident-1.23_1.pkg: 100% 19 KiB 19.6kB/s 00:01 [68/84] Fetching p5-MIME-Tools-5.515,2.pkg: 100% 184 KiB 188.9kB/s 00:01 [69/84] Fetching p5-Encode-Detect-1.01_1.pkg: 100% 81 KiB 82.9kB/s 00:01 [70/84] Fetching p5-Mail-AuthenticationResults-2.20231031.pkg: 100% 45 KiB 46.1kB/s 00:01 [71/84] Fetching p5-IO-String-1.08_1.pkg: 100% 10 KiB 10.6kB/s 00:01 [72/84] Fetching re2c-3.0.pkg: 100% 430 KiB 440.3kB/s 00:01 [73/84] Fetching p5-Data-Dump-1.25.pkg: 100% 25 KiB 25.3kB/s 00:01 [74/84] Fetching p5-Socket6-0.29.pkg: 100% 17 KiB 17.6kB/s 00:01 [75/84] Fetching p5-Digest-SHA1-2.13_2.pkg: 100% 17 KiB 17.8kB/s 00:01 [76/84] Fetching p5-Net-CIDR-Lite-0.22.pkg: 100% 12 KiB 12.2kB/s 00:01 [77/84] Fetching p5-JSON-4.10.pkg: 100% 79 KiB 81.4kB/s 00:01 [78/84] Fetching p5-Class-XSAccessor-1.19_2,1.pkg: 100% 34 KiB 34.6kB/s 00:01 [79/84] Fetching p5-Mozilla-CA-20240924.pkg: 100% 129 KiB 132.3kB/s 00:01 [80/84] Fetching p5-Net-LibIDN-0.12_6.pkg: 100% 16 KiB 16.7kB/s 00:01 [81/84] Fetching p5-Inline-0.86.pkg: 100% 77 KiB 79.2kB/s 00:01 [82/84] Fetching unzoo-4.4_2.pkg: 100% 19 KiB 19.1kB/s 00:01 [83/84] Fetching p5-File-ShareDir-1.118.pkg: 100% 18 KiB 18.8kB/s 00:01 [84/84] Fetching p5-Sys-Hostname-Long-1.5_1.pkg: 100% 11 KiB 11.3kB/s 00:01 Checking integrity... done (0 conflicting) [1/84] Installing p5-TimeDate-2.33,1... [1/84] Extracting p5-TimeDate-2.33,1: 100% [2/84] Installing p5-URI-5.31... [2/84] Extracting p5-URI-5.31: 100% [3/84] Installing p5-Crypt-OpenSSL-Random-0.17... [3/84] Extracting p5-Crypt-OpenSSL-Random-0.17: 100% [4/84] Installing p5-YAML-PP-0.034... [4/84] Extracting p5-YAML-PP-0.034: 100% [5/84] Installing p5-HTTP-Date-6.06... [5/84] Extracting p5-HTTP-Date-6.06: 100% [6/84] Installing p5-Encode-Locale-1.05... [6/84] Extracting p5-Encode-Locale-1.05: 100% [7/84] Installing p5-LWP-MediaTypes-6.04... [7/84] Extracting p5-LWP-MediaTypes-6.04: 100% [8/84] Installing p5-IO-HTML-1.004... [8/84] Extracting p5-IO-HTML-1.004: 100% [9/84] Installing p5-Digest-HMAC-1.05... [9/84] Extracting p5-Digest-HMAC-1.05: 100% [10/84] Installing p5-Crypt-OpenSSL-Bignum-0.09... [10/84] Extracting p5-Crypt-OpenSSL-Bignum-0.09: 100% [11/84] Installing p5-Clone-0.47... [11/84] Extracting p5-Clone-0.47: 100% [12/84] Installing p5-JSON-4.10... [12/84] Extracting p5-JSON-4.10: 100% [13/84] Installing p5-Net-SSLeay-1.94... [13/84] Extracting p5-Net-SSLeay-1.94: 100% [14/84] Installing p5-IO-Socket-IP-0.43... [14/84] Extracting p5-IO-Socket-IP-0.43: 100% [15/84] Installing p5-Crypt-OpenSSL-RSA-0.33... [15/84] Extracting p5-Crypt-OpenSSL-RSA-0.33: 100% [16/84] Installing p5-NetAddr-IP-4.079... [16/84] Extracting p5-NetAddr-IP-4.079: 100% [17/84] Installing p5-Error-0.17029... [17/84] Extracting p5-Error-0.17029: 100% [18/84] Installing libidn-1.42... [18/84] Extracting libidn-1.42: 100% [19/84] Installing p5-Net-DNS-1.49,1... [19/84] Extracting p5-Net-DNS-1.49,1: 100% [20/84] Installing p5-XXX-0.38... [20/84] Extracting p5-XXX-0.38: 100% [21/84] Installing p5-HTTP-Message-7.00... [21/84] Extracting p5-HTTP-Message-7.00: 100% [22/84] Installing p5-Convert-BinHex-1.125... [22/84] Extracting p5-Convert-BinHex-1.125: 100% [23/84] Installing p5-Parse-RecDescent-1.967015... [23/84] Extracting p5-Parse-RecDescent-1.967015: 100% [24/84] Installing p5-CryptX-0.084... [24/84] Extracting p5-CryptX-0.084: 100% [25/84] Installing p5-HTML-Tagset-3.24... [25/84] Extracting p5-HTML-Tagset-3.24: 100% [26/84] Installing p5-Mail-Tools-2.22... [26/84] Extracting p5-Mail-Tools-2.22: 100% [27/84] Installing p5-Mail-AuthenticationResults-2.20231031... [27/84] Extracting p5-Mail-AuthenticationResults-2.20231031: 100% [28/84] Installing p5-Socket6-0.29... [28/84] Extracting p5-Socket6-0.29: 100% [29/84] Installing p5-Mozilla-CA-20240924... [29/84] Extracting p5-Mozilla-CA-20240924: 100% [30/84] Installing p5-Digest-MD5-2.59... [30/84] Extracting p5-Digest-MD5-2.59: 100% [31/84] Installing p5-Class-Inspector-1.36... [31/84] Extracting p5-Class-Inspector-1.36: 100% [32/84] Installing libmspack-0.11alpha... [32/84] Extracting libmspack-0.11alpha: 100% [33/84] Installing gnupg1-1.4.23_4... [33/84] Extracting gnupg1-1.4.23_4: 100% [34/84] Installing p5-DBI-1.644... [34/84] Extracting p5-DBI-1.644: 100% [35/84] Installing p5-Authen-SASL-2.17_1... [35/84] Extracting p5-Authen-SASL-2.17_1: 100% [36/84] Installing p5-Mail-DKIM-1.20240923... [36/84] Extracting p5-Mail-DKIM-1.20240923: 100% [37/84] Installing p5-Pegex-0.75... [37/84] Extracting p5-Pegex-0.75: 100% [38/84] Installing p5-IO-Socket-INET6-2.73... [38/84] Extracting p5-IO-Socket-INET6-2.73: 100% [39/84] Installing p5-HTML-Parser-3.83... [39/84] Extracting p5-HTML-Parser-3.83: 100% [40/84] Installing p5-Geography-Countries-2009041301_1... [40/84] Extracting p5-Geography-Countries-2009041301_1: 100% [41/84] Installing arj-3.10.22_12... [41/84] Extracting arj-3.10.22_12: 100% [42/84] Installing arc-5.21q_1... [42/84] Extracting arc-5.21q_1: 100% [43/84] Installing p5-Business-ISBN-Data-20241224.001... [43/84] Extracting p5-Business-ISBN-Data-20241224.001: 100% [44/84] Installing p5-IO-Socket-SSL-2.089... [44/84] Extracting p5-IO-Socket-SSL-2.089: 100% [45/84] Installing p5-IO-Stringy-2.113... [45/84] Extracting p5-IO-Stringy-2.113: 100% [46/84] Installing p5-Mail-SPF-3.20240923... [46/84] Extracting p5-Mail-SPF-3.20240923: 100% [47/84] Installing p5-Net-IDN-Encode-2.500_1... [47/84] Extracting p5-Net-IDN-Encode-2.500_1: 100% [48/84] Installing p5-XString-0.005... [48/84] Extracting p5-XString-0.005: 100% [49/84] Installing p5-MIME-Tools-5.515,2... [49/84] Extracting p5-MIME-Tools-5.515,2: 100% [50/84] Installing p5-Encode-Detect-1.01_1... [50/84] Extracting p5-Encode-Detect-1.01_1: 100% [51/84] Installing re2c-3.0... [51/84] Extracting re2c-3.0: 100% [52/84] Installing p5-Net-CIDR-Lite-0.22... [52/84] Extracting p5-Net-CIDR-Lite-0.22: 100% [53/84] Installing p5-Class-XSAccessor-1.19_2,1... [53/84] Extracting p5-Class-XSAccessor-1.19_2,1: 100% [54/84] Installing p5-Net-LibIDN-0.12_6... [54/84] Extracting p5-Net-LibIDN-0.12_6: 100% [55/84] Installing p5-Inline-0.86... [55/84] Extracting p5-Inline-0.86: 100% [56/84] Installing unzoo-4.4_2... [56/84] Extracting unzoo-4.4_2: 100% [57/84] Installing p5-Filesys-Df-0.92_1... [57/84] Extracting p5-Filesys-Df-0.92_1: 100% [58/84] Installing p5-Sys-SigAction-0.23... [58/84] Extracting p5-Sys-SigAction-0.23: 100% [59/84] Installing spamassassin-4.0.1_2... ===> Creating groups Creating group 'spamd' with gid '58' ===> Creating users Creating user 'spamd' with uid '58' ===> Creating homedir(s) [59/84] Extracting spamassassin-4.0.1_2: 100% [60/84] Installing p5-DBD-SQLite-1.76... [60/84] Extracting p5-DBD-SQLite-1.76: 100% [61/84] Installing p5-Net-CIDR-0.21... [61/84] Extracting p5-Net-CIDR-0.21: 100% [62/84] Installing p5-IP-Country-2.28_1... [62/84] Extracting p5-IP-Country-2.28_1: 100% [63/84] Installing p5-Convert-TNEF-0.18_2... [63/84] Extracting p5-Convert-TNEF-0.18_2: 100% [64/84] Installing zoo-2.10.1_5... [64/84] Extracting zoo-2.10.1_5: 100% [65/84] Installing tnef-1.4.18... [65/84] Extracting tnef-1.4.18: 100% [66/84] Installing p5-Inline-C-0.82... [66/84] Extracting p5-Inline-C-0.82: 100% [67/84] Installing p5-Net-IP-1.26_1... [67/84] Extracting p5-Net-IP-1.26_1: 100% [68/84] Installing unace-1.2b_3... [68/84] Extracting unace-1.2b_3: 100% [69/84] Installing clamav-1.4.2,1... ===> Creating groups Creating group 'clamav' with gid '106' Using existing group 'mail' ===> Creating users Creating user 'clamav' with uid '106' Adding user 'clamav' to group 'mail' [69/84] Extracting clamav-1.4.2,1: 100% [70/84] Installing unrar-7.01,6... [70/84] Extracting unrar-7.01,6: 100% [71/84] Installing unarj-2.65_2... [71/84] Extracting unarj-2.65_2: 100% [72/84] Installing p5-Business-ISBN-3.008... [72/84] Extracting p5-Business-ISBN-3.008: 100% [73/84] Installing p5-Net-DNS-Resolver-Programmable-0.009... [73/84] Extracting p5-Net-DNS-Resolver-Programmable-0.009: 100% [74/84] Installing p5-Test-Manifest-2.024... [74/84] Extracting p5-Test-Manifest-2.024: 100% [75/84] Installing p5-OLE-Storage_Lite-0.22... [75/84] Extracting p5-OLE-Storage_Lite-0.22: 100% [76/84] Installing p5-Archive-Zip-1.68... [76/84] Extracting p5-Archive-Zip-1.68: 100% [77/84] Installing p5-Mail-IMAPClient-3.43... [77/84] Extracting p5-Mail-IMAPClient-3.43: 100% [78/84] Installing p5-Net-Ident-1.23_1... [78/84] Extracting p5-Net-Ident-1.23_1: 100% [79/84] Installing p5-IO-String-1.08_1... [79/84] Extracting p5-IO-String-1.08_1: 100% [80/84] Installing p5-Data-Dump-1.25... [80/84] Extracting p5-Data-Dump-1.25: 100% [81/84] Installing p5-Digest-SHA1-2.13_2... [81/84] Extracting p5-Digest-SHA1-2.13_2: 100% [82/84] Installing p5-File-ShareDir-1.118... [82/84] Extracting p5-File-ShareDir-1.118: 100% [83/84] Installing p5-Sys-Hostname-Long-1.5_1... [83/84] Extracting p5-Sys-Hostname-Long-1.5_1: 100% [84/84] Installing MailScanner-5.3.4.3_2... [84/84] Extracting MailScanner-5.3.4.3_2: 100% Upgrading /usr/local/share/MailScanner/reports/ca/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/cy+en/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/cz/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/de/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/dk/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/en/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/en_uk/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/es/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/fr/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/hu/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/it/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/nl/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/pt_br/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/ro/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/se/languages.conf... Please wait.. no changes Upgrading /usr/local/share/MailScanner/reports/sk/languages.conf... Please wait.. no changes Files /usr/local/etc/MailScanner/MailScanner.conf and /usr/local/etc/MailScanner/MailScanner.conf.new.5.3.4.3_2 differ Changes in MailScanner.conf found. Please look at/usr/local/etc/MailScanner/MailScanner.conf.new.5.3.4.3_2 ===== Message from spamassassin-4.0.1_2: -- You should complete the following post-installation tasks: 1) Read /usr/local/share/doc/spamassassin/INSTALL and /usr/local/share/doc/spamassassin/UPGRADE BEFORE enabling SpamAssassin for important changes 2) Edit the configuration in /usr/local/etc/mail/spamassassin, in particular /usr/local/etc/mail/spamassassin/init.pre You may get lots of annoying (but harmless) error messages if you skip this step. 3) To run spamd, add the following to /etc/rc.conf: spamd_enable="YES" 4) If this is a new installation, you should run sa-update and sa-compile. If this isn't a new installation, you should run those commands immediately after update and probably run them on a regular basis. 5) Install mail/spamass-rules if you want some third-party spam-catching rulesets 6) Remove /usr/local/etc/mail/spamassassin/sa-update-keys if this software is no longer needed. SECURITY NOTE: By default, spamd runs as root (the AS_ROOT option). If you wish to change this, add the following to /etc/rc.conf: spamd_flags="-u spamd -H /var/spool/spamd" ===== Message from zoo-2.10.1_5: -- ===> NOTICE: The zoo port currently does not have a maintainer. As a result, it is more likely to have unresolved issues, not be up-to-date, or even be removed in the future. To volunteer to maintain this port, please create an issue at: https://bugs.freebsd.org/bugzilla More information about port maintainership is available at: https://docs.freebsd.org/en/articles/contributing/#ports-contributing ===== Message from MailScanner-5.3.4.3_2: -- See /usr/local/share/doc/MailScanner/README.FreeBSD.port, http://www.mailscanner.info, the man pages MailScanner and MailScanner.conf for further instructions. You will need to make several modifications to config files before MailScanner will work correctly. The provided default configuration requires several directories to be created: /var/spool/MailScanner/incoming /var/spool/MailScanner/incoming/Locks /var/spool/MailScanner/quarantine /var/spool/mqueue /var/spool/mqueue.in Either create those directories or change the configuration. A new optional rc variable called mailscanner_user has been added to the startup script. This is a temporary workaround to address any possible taint mode problems that may still be present in the code. Taint mode related problems can usually be identified from undeliverable reports containing the following error: "MailScanner: Message attempted to kill MailScanner" If you changed the "Run As User" variable in MailScanner.conf and wish to disable taint mode, you MUST also set the same value in /etc/rc.conf. i.e. mailscanner_user="postfix" To re-enable taint mode, simply remove the variable from rc.conf. The new variable uses su to start the master perl script as the specified user, this effectively disables perl's taint mode. --------------------------------------- mkdir /var/spool/MailScanner mkdir /var/spool/MailScanner/incoming mkdir /var/spool/MailScanner/incoming/Locks mkdir /var/spool/MailScanner/quarantine mkdir /var/spool/mqueue.in chown root:daemon /var/spool/mqueue.in touch /usr/local/etc/MailScanner/rules/external.message.rules ======================================= /usr/local/etc/MailScanner/defaults --------------------------------------- run_mailscanner=1 ramdisk_sync=1 ramdisk_store=/var/spool/MailScanner/ramdisk_store --------------------------------------- mkdir /var/spool/MailScanner/ramdisk_store ======================================= /usr/local/etc/MailScanner/MailScanner.conf --------------------------------------- Log Spam = yes Incoming Queue Dir = /var/spool/mqueue.in Archive Mail = %rules-dir%/archive.rules Missing Mail Archive Is = file %org-name% = dog %org-long-name% = Good Boy %web-site% = www.example.com Disarmed Modify Subject = no Sign Clean Messages = no Virus Scanners = clamav ======================================= /usr/local/etc/MailScanner/spamassassin.conf --------------------------------------- envelope_sender_header X-dog-MailScanner-From ======================================= /usr/local/etc/MailScanner/rules/archive.rules --------------------------------------- # capture and arhive email # # _DATE_ # _HOUR_ # _FROMUSER_ # _FROMDOMAIN_ # _TOUSER_ # _TODOMAIN_ # #From: username@example.com /export/email/exam.username/archive/_DATE_.o #To: username@example.com /export/email/exam.username/archive/_DATE_.i #FromOrTo: username@example.com /export/email/exam.username/archive/_DATE_ #FromOrTo: username@example.com someone@domain.com # # autoreply # To: autoreply@example.com /export/email/autoreply/archive/_DATE_.i To: autoreply@domain.com /export/email/autoreply/archive/_DATE_.i To: autoreply@domain.ca /export/email/autoreply/archive/_DATE_.i # # users # ======================================= install dovecot --------------------------------------- root@dog:~ # pkg install dovecot Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. The following 2 package(s) will be affected (of 0 checked): New packages to be INSTALLED: dovecot: 2.3.21.1_1 openldap26-client: 2.6.9 Number of packages to be installed: 2 The process will require 28 MiB more space. 6 MiB to be downloaded. Proceed with this action? [y/N]: y [1/2] Fetching openldap26-client-2.6.9.pkg: 100% 1 MiB 1.1MB/s 00:01 [2/2] Fetching dovecot-2.3.21.1_1.pkg: 100% 5 MiB 4.9MB/s 00:01 Checking integrity... done (0 conflicting) [1/2] Installing openldap26-client-2.6.9... [1/2] Extracting openldap26-client-2.6.9: 100% [2/2] Installing dovecot-2.3.21.1_1... ===> Creating groups Creating group 'dovecot' with gid '143' Creating group 'dovenull' with gid '144' ===> Creating users Creating user 'dovecot' with uid '143' Creating user 'dovenull' with uid '144' [2/2] Extracting dovecot-2.3.21.1_1: 100% ===== Message from openldap26-client-2.6.9: -- The OpenLDAP client package has been successfully installed. Edit /usr/local/etc/openldap/ldap.conf to change the system-wide client defaults. Try `man ldap.conf' and visit the OpenLDAP FAQ-O-Matic at http://www.OpenLDAP.org/faq/index.cgi?file=3 for more information. ===== Message from dovecot-2.3.21.1_1: -- You must create the configuration files yourself. Copy them over to /usr/local/etc/dovecot and edit them as desired: cp -R /usr/local/etc/dovecot/example-config/* \ /usr/local/etc/dovecot The default configuration includes IMAP and POP3 services, will authenticate users agains the system's passwd file, and will use the default /var/mail/$USER mbox files. Next, enable dovecot in /etc/rc.conf: dovecot_enable="YES" To avoid a risk of mailbox corruption, do not set the security.bsd.see_other_uids or .see_other_gids sysctls to 0 if Dovecot is storing mail for multiple concurrent users (PR 218392). Similarly, setting sysctls security.bsd.hardlink_check_uid or security.bsd.hardlink_check_gid to 1 might result in non-working mailboxes, depending on what mailbox locking mechanism is used (PR 242223). If you want to be able to search within attachments using the decode2text plugin, you'll need to install textproc/catdoc, and one of graphics/xpdf or graphics/poppler-utils. There are some potentially breaking changes in Dovecot 2.3. If you are upgrading from Dovecot 2.2: * Read https://wiki2.dovecot.org/Upgrading/2.3 * Merge the configuration file changes from /usr/local/etc/dovecot/examples-config/ --------------------------------------- cp -R /usr/local/etc/dovecot/example-config/* /usr/local/etc/dovecot ======================================= /usr/local/etc/dovecot/conf.d/10-ssl.conf --------------------------------------- ssl = required ssl_cert = > /usr/local/etc/MailScanner/rules/archive.rules echo "From: username@example.com /export/email/exam_username/archive/_DATE_.o" >> /usr/local/etc/MailScanner/rules/archive.rules echo "username@example.com exam_username" >> /etc/mail/virtusertable echo "exam_username username@example.com" >> /etc/mail/genericstable ======================================= rebuild sendmail whenever changes are made to: *.mc genericstable virtusertable access --------------------------------------- cd /etc/mail make make install service mta restart service mailscanner restart tail -f /var/log/maillog ======================================= run a few tests --------------------------------------- root@mail:~ # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.example.com ESMTP Sendmail 8.17.1/8.16.1; Sat, 11 Feb 2023 03:14:14 -0500 (EST) ehlo localhost 250-mail.example.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-STARTTLS 250-DELIVERBY 250 HELP quit 221 2.0.0 mail.example.com closing connection Connection closed by foreign host. openssl s_client -starttls smtp -connect localhost:25 openssl s_client -starttls smtp -connect mail.example.com:25 openssl s_client -starttls smtp mail.example.com:587 openssl s_client -tls1_3 -starttls smtp mail.example.com:587 openssl s_client -tls1_2 -starttls smtp mail.example.com:587 openssl s_client -tls1_1 -starttls smtp mail.example.com:587 sendmail -d0 sendmail -bt -d0.1 /canon mail.example.com echo "hello world" | mailx -s test root echo "hello world" | mailx -s test username@example.com ======================================= Connect Thunderbird --------------------------------------- Send an email from username@example.com to username@example.com ======================================= install roundcube --------------------------------------- pkg install roundcube-automatic_addressbook-php84 roundcube-calendar-kolab-php84 roundcube-carddav-php84 roundcube-classic-php84 roundcube-contextmenu-php84 roundcube-gravatar-php84 roundcube-html5_notifier-php84 roundcube-identity_smtp-php84 roundcube-larry-php84 roundcube-login_info-php84 roundcube-php84 roundcube-sauserprefs-php84 roundcube-thunderbird_labels-php84 roundcube-tls_icon-php84 roundcube-twofactor_gauthenticator-php84-g20231119 roundcube-veximaccountadmin-php84 roundcube-yubikey_auth-php84-g20180404 mysql -u root -p -e "CREATE USER 'owner'@'localhost' IDENTIFIED VIA mysql_native_password USING '';GRANT USAGE ON *.* TO 'owner'@'localhost' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;GRANT ALL PRIVILEGES ON `owner\_%`.* TO 'owner'@'localhost';" mysql -u root -p -e "CREATE DATABASE owner_roundcube DEFAULT CHARSET=utf8mb4 COLLATE utf8mb4_general_ci;" mysql -u root owner_roundcube < /usr/local/www/roundcube/SQL/mysql.initial.sql ======================================= setup roundcube --------------------------------------- https://mail.example.com/myroundcubealias/installer ======================================= /usr/local/www/roundcube/config/config.inc.php --------------------------------------- @127.0.0.1/owner_roundcube'; // ---------------------------------- // IMAP // ---------------------------------- // The IMAP host (and optionally port number) chosen to perform the log-in. // Leave blank to show a textbox at login, give a list of hosts // to display a pulldown menu or set one host as string. // Enter hostname with prefix ssl:// to use Implicit TLS, or use // prefix tls:// to use STARTTLS. // If port number is omitted it will be set to 993 (for ssl://) or 143 otherwise. // Supported replacement variables: // %n - hostname ($_SERVER['SERVER_NAME']) // %t - hostname without the first part // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) // %s - domain name after the '@' from e-mail address provided at login screen // For example %n = mail.domain.tld, %t = domain.tld // WARNING: After hostname change update of mail_host column in users table is // required to match old user data records with the new host. $config['imap_host'] = 'localhost'; $config['smtp_host'] = 'tls://mail.example.com:587'; // provide an URL where a user can get support for this Roundcube installation // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! //$config['support_url'] = 'https://www.example.com'; $config['support_url'] = 'tel:555-555-5555'; // This key is used for encrypting purposes, like storing of imap password // in the session. For historical reasons it's called DES_key, but it's used // with any configured cipher_method (see below). // For the default cipher_method a required key length is 24 characters. $config['des_key'] = 'eueyriuweHJkeWJKFAWJewfy'; // ---------------------------------- // PLUGINS // ---------------------------------- // List of active plugins (in plugins/ directory) $config['plugins'] = [ 'acl', // 'additional_message_headers', // 'archive', 'attachment_reminder', // 'autologon', // 'autologout', 'automatic_addressbook', // 'calendar', // 'carddav', 'contextmenu', // 'database_attachments', // 'debug_logger', // 'emoticons', // 'enigma', // 'example_addressbook', 'filesystem_attachments', // 'help', 'hide_blockquote', 'html5_notifier', // 'http_authentication', // 'identicon', // 'identity_select', 'jqueryui', // 'krb_authentication', // 'libcalendaring', // 'libkolab', // 'managesieve', 'markasjunk', // 'new_user_dialog', // 'new_user_identity', 'newmail_notifier', 'password', // 'reconnect', // 'redundant_attachments', 'show_additional_headers', // 'squirrelmail_usercopy', 'subscriptions_option', 'thunderbird_labels', // 'userinfo', 'vcard_attachments' // 'virtuser_file', // 'virtuser_query', // 'zipdownload' ]; // override other defaults found in defaults.inc.php $config['log_date_format'] = 'Y-m-d H:i:s O'; $config['imap_skip_hidden_folders'] = true; $config['force_https'] = true; $config['display_product_info'] = 0; $config['product_name'] = 'Roundcube Webmail'; $config['date_formats'] = ['Y-m-d']; $config['create_default_folders'] = true; $config['spellcheck_engine'] = 'enchant'; $config['refresh_interval'] = 300; $config['check_all_folders'] = true; $config['display_next'] = false; $config['reply_mode'] = 1; $config['sig_below'] = true; $config['message_show_email'] = true; $config['enable_spellcheck'] = true; $config['identities_level'] = 3; $config['skins_allowed'] = ['elastic', 'larry']; $config['spellcheck_before_send'] = true; $config['imap_debug'] = false; ======================================= /usr/local/www/roundcube/plugins/password/config.inc.php --------------------------------------- Allow users to change their own password. --------------------------------------- $config['password_driver'] = 'pw_usermod'; $config['password_query'] = 'SELECT update_passwd(%c, %u)'; $config['password_pw_usermod_cmd'] = '/usr/local/bin/sudo /usr/sbin/pw usermod -h 0 -n'; ======================================= install sudo --------------------------------------- pkg install sudo --------------------------------------- visudo ::: www ALL=NOPASSWD: /usr/sbin/pw Defaults:www !requiretty ::: visudo -c /usr/local/etc/sudoers: parsed OK ======================================= /usr/local/www/roundcube/program/lib/Roundcube/rcube_user.php --------------------------------------- Roundcube expects you to create users using either their email address such as "username@example.com" or just "username" without the domain. Logging in with the user "username" means there can only be one "Joe" which is not nice when you are hosting multiple domains. Logging in with the email "username@example.com" is unsettling when you see the endless stream of hack attempts using them. If you want none of the above then I created this quick and dirty mod to show how to have logins created such as "exam_username". --------------------------------------- cp -p /usr/local/www/roundcube/program/lib/Roundcube/rcube_user.php /usr/local/www/roundcube/program/lib/Roundcube/rcube_user.php.orig diff rcube_user.php rcube_user.php.orig 704,712c704 < $email_user = preg_replace('/@.*$/', '', $row); < $fix_prefix = preg_replace('/_.*$/', '', $fix_user); < $fix_name = preg_replace('/^[^\.]*\./', '', $fix_user); < $fix_domain = array( < 'exam' => 'example.com', < 'dom' => 'domain.com', < 'ca' => 'domain.ca' < ); < $record['email'] = $fix_name.'@'.$fix_domain[$fix_prefix]; --- > $record['email'] = $row; 716c708 < $record['name'] = $user_name != $record['email'] ? $fix_name : ''; --- > $record['name'] = $user_name != $record['email'] ? $user_name : ''; ======================================= /usr/local/etc/apache24/vhosts/mail.example.com.conf --------------------------------------- ServerName mail.example.com Redirect / https://mail.example.com/ ServerName mail.example.com ServerAdmin admin@example.com DocumentRoot "/export/http/owner/mail.example.com/htdocs" php_admin_value open_basedir "/export/http/owner/mail.example.com/:/usr/local/www/roundcube/" php_admin_value upload_tmp_dir "/export/http/owner/mail.example.com/tmp" # php_admin_value post_max_size "10000M" # php_admin_value upload_max_filesize "10000M" # php_admin_value memory_limit "1000M" # php_admin_value max_input_time "20000" # php_admin_value max_execution_time "20000" Options +FollowSymLinks -Indexes AllowOverride All Require all granted Alias /myroundcubealias "/usr/local/www/roundcube/" Options Indexes FollowSymLinks AllowOverride All Require all granted SSLEngine on Include /usr/local/etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /usr/local/etc/letsencrypt/live/mail.example.com/cert.pem SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/mail.example.com/privkey.pem SSLCertificateChainFile /usr/local/etc/letsencrypt/live/mail.example.com/chain.pem SSLOptions +StdEnvVars BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ErrorLog /export/http/owner/mail.example.com/logs/mail.example.com-error.log CustomLog /export/http/owner/mail.example.com/logs/mail.example.com-access.log combined ---------------------------------------- apachectl configtest apachectl restart rm /usr/local/www/roundcube/installer ======================================= confirm it works --------------------------------------- https://mail.example.com/myroundcubealias ======================================= email auto reply --------------------------------------- zfs create tank/email/autoreply mkdir /export/email/autoreply/archive mkdir /export/email/autoreply/queue mkdir /export/email/autoreply/tmp chown mailnull:mailnull /export/email/autoreply/* ======================================= /etc/shells --------------------------------------- /usr/sbin/nologin ======================================= /etc/mail/aliases --------------------------------------- # local accounts root: me@somewhere.com me: me@somewhere.com # autoreply autoreply: "|/usr/local/bin/emailautoreply.sh" --------------------------------------- newaliases ======================================= install procmail --------------------------------------- There is a handy utility called formail which is used for parsing emails that is provided by procmail. It is a shame that I have to install the whole procmail package to get formail. --------------------------------------- pkg install procmail ======================================= /usr/local/bin/emailautoreply.sh --------------------------------------- #!/bin/sh # # Email Auto Reply for FreeBSD # # Turn on/off auto reply by sending an email to autoreply@domain.com # # 1) set up /usr/local/bin/emailautoreply.cron # # 2) send email Subject start to: # autoreply@domain.com # # 3) send email Subject stop to: # autoreply@domain.com # # email directory maildir="/etc/mail" # auto reply directory autoreply="/export/email/autoreply" # tmp directory tmp="${autoreply}/tmp" # queue queue="${autoreply}/queue" # save piped email to tmp file email="${tmp}/email.`date '+%Y%m%d%H%M%S'`" /bin/cat - > "$email" # extract from from=`cat /export/email/autoreply/tmp/email* | /usr/local/bin/formail -cx "From: " | sed -e 's/^.*.*$//' | tr '[:upper:]' '[:lower:]'` # validate from in genericstable user=`awk -v from="$from" ' NF == 2 && $2 == from { printf "%s\n", $1 exit } ' $maildir/genericstable` [ "x$user" = "x" ] && { # fail quietly rm -f "$email" exit } # validate user in passwd foo=`pw usershow -n owner 2>&1 >/dev/null` [ $? -eq 0 ] || { # fail quietly rm -f "$email" exit } # extract subject subject=`cat /export/email/autoreply/tmp/email* | /usr/local/bin/formail -cx "Subject: " | tr '[:upper:]' '[:lower:]'` subj=`echo "$subject" | awk '{ print $1 }'` [ "$subj" = "start" -o "$subj" = "stop" ] && { [ -d "$queue/$user" ] && { rm -rf "$queue/$user" } # create empty queue mkdir "$queue/$user" } || { # fail quietly rm -f "$email" exit } # check start [ "$subj" = "start" ] && { # create .vacation.msg # Auto-Submitted: true -- this is a header that prevents this email from getting an auto reply # otherwise we must exclude the users' own email address or it will set off an infinite loop cat $email | formail -I "Subject: Autoreply" -I "Auto-Submitted: true" -k -X "From: " -X "Subject: " -X "Auto-Submitted: " >> "$queue/$user/.vacation.msg" # create .forward echo "\\$user, \"|/usr/bin/vacation -a $from $user\"" > "$queue/$user/.forward" # reply interval interval=`echo "$subject" | awk '{ print $2 }'` next=3 reply="" case $interval in always) reply=0 ;; daily) reply=1 ;; weekly) reply=7 ;; monthly) reply=28 ;; once) reply="once" ;; *) next=2 ;; esac [ "x$reply" = "x" ] || { echo "$interval $reply" > "$queue/$user/days" } # exclude domains echo "$subject" | awk -v start="$next" '{ for(i=start; i<=NF; i++) { print $i } }' >> "$queue/$user/exclude" } # ready touch "$queue/$user/ready" # cleanup rm -f "$email" --------------------------------------- chown root:mailnull /usr/local/bin/emailautoreply.sh chmod 750 /usr/local/bin/emailautoreply.sh ======================================= /usr/local/bin/emailautoreply.cron --------------------------------------- #!/bin/sh # # Email Auto Reply CRON for FreeBSD # # Turn on/off auto reply by sending an email to autoreply@domain.com # # 1) set up /usr/local/bin/emailautoreply.sh # # 2) monitor queue # # email directory maildir="/etc/mail" # auto reply directory autoreply="/export/email/autoreply" # queue queue="${autoreply}/queue" # check queue for i in `ls -tr $queue` do [ -f "$queue/$i/ready" ] || { continue } # get home directory from passwd home=`pw showuser -n $i | cut -d : -f 9` # get from address from genericstable from=`awk -v from="$i" ' NF == 2 && $1 == from { printf "%s\n", $2 exit } ' "$maildir/genericstable"` # extract domain domain=`echo $from | sed -e 's/^.*@//'` # autoreply address autoreply="autoreply@$domain" # clean slate rm -f "$home/.forward" "$home/.vacation.msg" "$home/.vacation.db" 2>&1 >/dev/null # check start if .forward exists [ -f "$queue/$i/.forward" ] && { # start [ -f "$queue/$i/days" ] && { interval=`cat $queue/$i/days | awk '{ printf $1 }'` days=`cat "$queue/$i/days" | awk '{ printf $2 }'` frequency="-r $days" } || { interval="weekly" days=7 frequency="" } [ -f "$queue/$i/exclude" ] && { cmd="cat "$queue/$i/exclude" | /usr/bin/vacation -x -i $frequency" excluded=`cat "$queue/$i/exclude" | awk '{ printf "%s ", $0 }'` } || { cmd="/usr/bin/vacation -i $frequency" excluded="" } # send confirmation cat << EOF | /usr/sbin/sendmail -t -f autoreply From: $autoreply To: $from Subject: Auto Reply Started Your auto reply message is now enabled. Auto reply interval: $interval Excluded from reply: $excluded To update your auto reply, send a new message with the word start in the subject. Subject: start [always|daily|weekly|monthly|once] [email@exclude.com exclude.me exclude.ca] To disable your auto reply, send a new message with the word stop in the subject. Subject: stop EOF sleep 5 # initialize the vacation db sudo -u $i $cmd $i # install the auto reply mv "$queue/$i/.forward" "$queue/$i/.vacation.msg" "$home" chown "$i":email "$home/.forward" "$home/.vacation.msg" chmod 644 "$home/.forward" "$home/.vacation.msg" } || { # stop # send confirmation cat << EOF | /usr/sbin/sendmail -t -f autoreply From: $autoreply To: $from Subject: Auto Reply Stopped Your auto reply message is now disabled. To enable your auto reply, send a new message with the word start in the subject. Subject: start [always|daily|weekly|monthly|once] [email@exclude.com exclude.me exclude.ca] EOF } # cleanup rm -rf "$queue/$i" done --------------------------------------- chmod 700 /usr/local/bin/emailautoreply.cron crontab -e ::: * * * * * /usr/local/bin/emailautoreply.cron > /dev/null 2>&1 ::: ======================================= setup some protection --------------------------------------- https://www.genunix.com/o1/freebsd_ipfw.txt https://www.genunix.com/o1/freebsd_fail2ban.txt ======================================= done =======================================