Install Postfix On FreeBSD 11.0(Minimal+ports+src+sshd_enable+disable sendmail)

freebsd-update fetch
freebsd-update install
reboot

update ports
portsnap fetch
portsnap extract

portsnap fetch update

Install Mysql
cd /usr/ports/databases/mysql57-server
make install WITH_CHARSET=utf8 WITH_XCHARSET=all WITH_COLLATION=utf8_general_ci BUILD_OPTIMIZED=yes BUILD_STATIC=yes WITH_NDB=yes clean

Install Apache + Php
cd /usr/ports/www/apache24
make install clean

cd /usr/ports/lang/php56
make config
add
[X] MAILHEAD   Enable mail header patch

make install clean

cd /usr/ports/lang/php56-extensions
make install clean
add
[X] FTP         FTP support
[X] GD          GD library support
[X] IMAP        IMAP support
[X] MBSTRING    multibyte string support
[X] MCRYPT      Encryption support
[X] MYSQL       MySQL database support
[X] MYSQLI      MySQLi database support
[X] ZIP         ZIP support
[X] ZLIB        ZLIB support


cd /usr/ports/www/mod_php56
make config
add
[X] MAILHEAD   Enable mail header patch
make install clean

cp -rp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

vi /usr/local/etc/apache24/httpd.conf
ServerName www.jason-tang.com
change
DirectoryIndex index.html
to
DirectoryIndex index.html index.htm index.php

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps


Install Named
cd /usr/ports/dns/bind910
make install clean
vi /usr/local/etc/namedb/named.conf
change
      listen-on       { 127.0.0.1; };
to
//      listen-on       { 127.0.0.1; };

vi /etc/resolv.conf
change to
nameserver 127.0.0.1
nameserver 8.8.8.8

vi /etc/rc.conf
syslogd_enable="YES"
syslogd_flags="-ss"
mysql_enable="YES"
apache24_enable="YES"
named_enable="YES"


reboot


cat /root/.mysql_secret

mysql -u root -p
ALTER USER 'root'@'localhost' IDENTIFIED BY 'test';
exit

/usr/local/etc/rc.d/mysql-server restart


Install Cyrus-sasl
cd /usr/ports/security/cyrus-sasl2
make install clean

vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
log_level:3
mech_list: PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket

Install Postfix
cd /usr/ports/mail/postfix
make install clean
add
[X] MYSQL     MySQL database support
[X] SASL      Cyrus SASL support (Dovecot SASL is always built in)


Installing postfix-3.1.4,1...
===> Creating groups.
Using existing group 'mail'.
Creating group 'maildrop' with gid '126'.
Creating group 'postfix' with gid '125'.
===> Creating users
Creating user 'postfix' with uid '125'.
Adding user 'postfix' to group 'mail'.
Would you like to activate Postfix in /usr/local/etc/mail/mailer.conf [n]?n


echo 'postfix:  root' >> /etc/aliases
/usr/local/bin/newaliases
chown postfix:postfix /etc/opiekeys

pw groupadd vmail -g 500
pw useradd vmail -u 500 -g 500 -s /sbin/nologin -d /dev/null
mkdir /home/domains
chown -R vmail:vmail /home/domains
chmod -R ug+rwx,o-rwx /home/domains

mkdir /usr/local/etc/postfix/TLS
cd /usr/local/etc/postfix/TLS
openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 7300

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Hong Kong
Locality Name (eg, city) []:Hong Kong
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Jason Tang Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:Jason Tang
Email Address []: Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它

vi /usr/local/etc/postfix/main.cf
myhostname = mail.jason-tang.com
mydomain = jason-tang.com
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.1/32
inet_interfaces = all

virtual_mailbox_base = /home/domains/
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf

virtual_uid_maps = static:500
virtual_gid_maps = static:500

virtual_transport = maildrop

message_size_limit = 51200000
virtual_mailbox_limit = 209715200

broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_banner=$myhostname ESMTP $mail_name ($mail_version)

smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/postfix/TLS/smtpd.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/TLS/smtpd.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/TLS/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks.regexp


vi /usr/local/etc/postfix/master.cf
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING


vi /usr/local/etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'

vi /usr/local/etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
additional_conditions = AND active = '1'

vi /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'

vi /usr/local/etc/postfix/mime_header_checks.regexp
/filename=\"?(.*)\.(bat|cmd|com|pif|exe)\"?$/ REJECT

vi /etc/rc.conf
postfix_enable="YES"

Install Sudo
cd /usr/ports/security/sudo
make install clean

vi /usr/local/etc/sudoers
www ALL=(vmail) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postcreation.sh, /usr/local/bin/postfixadmin-mailbox-postdeletion.sh, /usr/local/bin/postfixadmin-domain-postdeletion.sh

Install Postfixadmin
cd /usr/ports/mail/postfixadmin
make install clean
add
[X] MYSQL  MySQL database support

1. Copy *.sh Files
cp -rp /usr/local/share/postfixadmin/ADDITIONS/postfixadmin*.sh /usr/local/bin
chmod 755 /usr/local/bin/postfixadmin*.sh

vi /usr/local/bin/postfixadmin-mailbox-postcreation.sh
change
basedir=/var/spool/maildirs
to
basedir=/home/domains

change
maildirmake "$maildir"
to
/usr/local/bin/maildirmake "$maildir"


vi /usr/local/bin/postfixadmin-mailbox-postdeletion.sh
change
basedir=/var/spool/maildirs
trashbase=/var/spool/deleted-maildirs
to
basedir=/home/domains
trashbase=/home/domains


vi /usr/local/bin/postfixadmin-domain-postdeletion.sh
change
basedir=/var/spool/maildirs
trashbase=/var/spool/deleted-maildirs
to
basedir=/home/domains
trashbase=/home/domains


2. Create the MySQL Database
mysql -u root -p
test
CREATE DATABASE postfix;
GRANT ALL ON postfix.* TO postfix@localhost IDENTIFIED BY "postfix";
exit

3. Configure PostfixAdmin
vi /usr/local/www/postfixadmin/config.inc.php
$CONF['configured'] = true;
$CONF['database_type'] = 'mysqli';
$CONF['database_password'] = 'postfix';

$CONF['admin_email'] = Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它';

$CONF['aliases'] = '0';
$CONF['mailboxes'] = '0';
$CONF['maxquota'] = '0';
$CONF['domain_quota_default'] = '0';

$CONF['domain_quota'] = 'NO';

$CONF['vacation'] = 'YES';
$CONF['vacation_domain'] = 'autoreply.jason-tang.com';

$CONF['footer_text'] = 'Return to mail.jason-tang.com PostfixAdmin';
$CONF['footer_link'] = 'http://mail.jason-tang.com/postfixadmin';

$CONF['mailbox_postcreation_script']='/usr/local/bin/sudo -u vmail /usr/local/bin/postfixadmin-mailbox-postcreation.sh';
// $CONF['mailbox_postedit_script'] = '';
$CONF['mailbox_postdeletion_script']='/usr/local/bin/sudo -u vmail /usr/local/bin/postfixadmin-mailbox-postdeletion.sh';
// $CONF['domain_postcreation_script'] = '';
$CONF['domain_postdeletion_script']='/usr/local/bin/sudo -u vmail /usr/local/bin/postfixadmin-domain-postdeletion.sh';

$CONF['new_quota_table'] = 'NO';


4. Configure Apache
vi /usr/local/etc/apache24/httpd.conf
Alias /postfixadmin "/usr/local/www/postfixadmin/"
<Directory "/usr/local/www/postfixadmin">
        Options Indexes
        AllowOverride ALL
        Require all granted
</Directory>

/usr/local/etc/rc.d/apache24 restart

5.http://IP/postfixadmin/setup.php
You should see a list of 'OK' messages.

Change setup password
Setup password           <-------- Input your Setup Password
Setup password (again)   <-------- Input your Setup Password again

And then click "Generate password hash"

If you want to use the password you entered as setup password, edit config.inc.php or config.local.php and set

$CONF['setup_password'] = '8c487e1722baa627e55712178141b21b:518761bc455e27d52eb1ed0faffecb8aeea2c90e';

vi /usr/local/www/postfixadmin/config.inc.php

$CONF['setup_password'] = '8c487e1722baa627e55712178141b21b:518761bc455e27d52eb1ed0faffecb8aeea2c90e';

You should see a list of 'OK' messages.

Create superadmin account
Setup password      <-------- Input your Setup password
Admin:              <-------- Input your Email address(Just for postfixadmin)
Password:           <-------- Input your Password
Password (again):   <-------- Input your Password again

And then click "Add Admin"

The admin Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它 has been added!

You are done with your basic setup.

You can now login to PostfixAdmin using the account you just created.

mv /usr/local/www/postfixadmin/setup.php /usr/local/www/postfixadmin/setup.php.disabled
chmod 000 /usr/local/www/postfixadmin/setup.php.disabled


Install Courier-imap
cd /usr/ports/mail/courier-imap
make install clean
add
[X] AUTH_MYSQL   MySQL support

chmod +x /var/run/authdaemond

vi /usr/local/etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"

vi /usr/local/etc/authlib/authmysqlrc
MYSQL_SERVER            localhost
MYSQL_USERNAME          postfix
MYSQL_PASSWORD          postfix
MYSQL_SOCKET            /tmp/mysql.sock
MYSQL_DATABASE          postfix
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
MYSQL_UID_FIELD         '500'
MYSQL_GID_FIELD         '500'
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        concat('/home/domains/',maildir)
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     concat('/home/domains/',maildir)
MYSQL_QUOTA_FIELD       concat(quota,'S')
MYSQL_WHERE_CLAUSE      active='1'


cp -rp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf
/usr/local/share/courier-imap/mkpop3dcert

cp -rp /usr/local/etc/courier-imap/imapd.cnf.dist /usr/local/etc/courier-imap/imapd.cnf
/usr/local/share/courier-imap/mkimapdcert

/usr/local/share/courier-imap/mkdhparams

vi /usr/local/etc/courier-imap/pop3d-ssl
TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@..."

vi /usr/local/etc/courier-imap/imapd-ssl
TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@..."


vi /etc/rc.conf
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_imapd_ssl_enable="YES"

Install Maildrop
cd /usr/ports/mail/maildrop
make WITH_AUTHLIB=yes install clean
[X] AUTH_MYSQL   MySQL support

vi /usr/local/etc/postfix/master.cf
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

Install Squirrelmail
cd /usr/ports/mail/squirrelmail
make install clean

cd /usr/ports/mail/squirrelmail-translations
make install clean

chown -R www:www /usr/local/www/squirrelmail
/usr/local/www/squirrelmail/configure
10->1->zh_TW->2->utf-8->S->Q

vi /usr/local/etc/apache24/httpd.conf
Alias /webmail "/usr/local/www/squirrelmail/"
<Directory "/usr/local/www/squirrelmail">
        Options Indexes
        AllowOverride ALL
        Require all granted
</Directory>


reboot


Test:
http://IP/postfixadmin
http://IP/webmail


Install clamav
cd /usr/ports/security/clamav
make install clean
[X] MILTER        Compile the milter interface

vi /usr/local/etc/clamav-milter.conf
AddHeader Yes

vi /etc/rc.conf
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_milter_enable="YES"

/usr/local/etc/rc.d/clamav-clamd restart

/usr/local/bin/freshclam

Install SpamAssassin
cd /usr/ports/security/p5-IO-Socket-SSL
make config
Add
[X] IDN        International Domain Names support
OK

make install clean

cd /usr/ports/mail/spamassassin
make install clean

/usr/local/bin/sa-update

vi /usr/local/etc/mail/spamassassin/local.cf
rewrite_header Subject *****SPAM*****
report_safe 1
required_score 5.0
use_bayes 1
bayes_auto_learn 1


vi /etc/rc.conf
spamd_enable="YES"
spamd_flags="-u spamd -H /var/spool/spamd"

/usr/local/etc/rc.d/sa-spamd restart
chown -R spamd:spamd /root/.spamassassin

cd /usr/ports/mail/spamass-milter
make install clean

vi /usr/local/etc/rc.d/spamass-milter
change
: ${spamass_milter_socket_mode="644"}
to
: ${spamass_milter_socket_mode="777"}


vi /etc/rc.conf
spamass_milter_enable="YES"

vi /usr/local/etc/postfix/main.cf
milter_connect_macros = b j _ {daemon_name} {if_name} {if_addr}
smtpd_milters =
      unix:/var/run/clamav/clmilter.sock
      unix:/var/run/spamass-milter.sock
milter_default_action = accept


Install Virtual Vacation
1. Create a local account
pw groupadd vacation -g 501
pw useradd vacation -u 501 -g 501 -s /sbin/nologin -d /nonexistent -c "Virtual Vacation"

2. Install vacation.pl
mkdir /var/spool/vacation
cp -rp /usr/local/share/postfixadmin/VIRTUAL_VACATION/vacation.pl /var/spool/vacation/vacation.pl
chown -R root:vacation /var/spool/vacation
chmod -R 750 /var/spool/vacation

3. Setup the transport type
vi /usr/local/etc/postfix/master.cf
vacation  unix  -       n       n       -       -       pipe
  flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

4. Setup the transport maps file
vi /usr/local/etc/postfix/main.cf
transport_maps = hash:/usr/local/etc/postfix/transport

vi /usr/local//etc/postfix/transport
autoreply.jason-tang.com       vacation

/usr/local/sbin/postmap /usr/local/etc/postfix/transport

5. Configure vacation.pl
vi /var/spool/vacation/vacation.pl
change
#!/usr/bin/perl -X
to
#!/usr/local/bin/perl -X

our $db_type = 'mysql';
our $db_username = 'postfix';
our $db_password = 'postfix';
our $db_name     = 'postfix';
our $vacation_domain = 'autoreply.jason-tang.com';


/usr/local/etc/rc.d/postfix reload

cd /usr/ports/databases/p5-DBD-mysql/
make install clean

reboot

(原創)Install Postfix On FreeBSD 7.0

Install Postfix On FreeBSD 7.0(Minimal+ports)

install cvsup
pkg_add -r cvsup-without-gui
rehash

update ports
cvsup -g -L 2 -h cvsup.tw.FreeBSD.org /usr/share/examples/cvsup/ports-supfile

install mysql
cd /usr/ports/databases/mysql50-server
make install WITH_CHARSET=utf8 WITH_XCHARSET=all WITH_COLLATION=utf8_general_ci BUILD_OPTIMIZED=yes BUILD_STATIC=yes WITH_NDB=yes clean

install apache + php
cd /usr/ports/www/apache22
make install clean

cd /usr/ports/lang/php5
make config
add
[X] APACHE     Build Apache module
[X] MULTIBYTE  Enable zend multibyte support
[X] MAILHEAD   Enable mail header patch

make install clean

cp -rp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini
vi /usr/local/etc/php.ini
change
magic_quotes_gpc = On
to
magic_quotes_gpc = Off


vi /usr/local/etc/apache22/httpd.conf
change
DirectoryIndex index.html
to
DirectoryIndex index.html index.htm index.php

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

cd /usr/ports/lang/php5-extensions
make install clean
add
[X] FTP         FTP support
[X] GD          GD library support
[X] IMAP        IMAP support
[X] MBSTRING    multibyte string support
[X] MYSQL       MySQL database support
[X] MYSQLI      MySQLi database support
[X] ZIP         ZIP support
[X] ZLIB        ZLIB support


install openssh
cd /usr/ports/security/openssh-portable
make install clean

vi /usr/local/etc/ssh/sshd_config
Port 61093
AllowUsers jason

vi /etc/rc.conf
#sshd_enable="YES"

syslogd_enable="YES"
syslogd_flags="-ss"
sendmail_enable="NONE"
apache22_enable="YES"
mysql_enable="YES"
named_enable="YES"
openssh_enable="YES"


vi /var/named/etc/namedb/named.conf
change
      listen-on       { 127.0.0.1; };
to
//      listen-on       { 127.0.0.1; };

vi /etc/resolv.conf
change to
nameserver 127.0.0.1


reboot


install cyrus-sasl
cd /usr/ports/security/cyrus-sasl2
make install WITH_AUTHDAEMON=yes clean

vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
log_level:3
mech_list: PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket

install Postfix
cd /usr/ports/mail/postfix
make install WITH_AUTHDAEMON=yes clean
add
[X] SASL2     Cyrus SASLv2 (Simple Auth. and Sec. Layer)
[X] TLS       Enable SSL and TLS support
[X] MYSQL     MySQL maps (choose version with WITH_MYSQL_VER)


You need user "postfix" added to group "mail".
Would you like me to add it [y]? y

Would you like to activate Postfix in /etc/mail/mailer.conf [n]? n

echo 'postfix:  root' >> /etc/aliases
/usr/local/bin/newaliases
chown postfix:postfix /etc/opiekeys

mkdir /home/domains
pw groupadd vmail -g 500
pw useradd vmail -u 500 -g 500 -s /sbin/nologin -d /dev/null
chown -R vmail:vmail /home/domains
chmod -R ug+rwx,o-rwx /home/domains

mkdir /usr/local/etc/postfix/TLS
cd /usr/local/etc/postfix/TLS
openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Hong Kong
Locality Name (eg, city) []:Hong Kong
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Jason Tang Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:Jason Tang
Email Address []:Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它

vi /usr/local/etc/postfix/main.cf
myhostname = mail.jason-tang.com
mydomain = jason-tang.com
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.1/32
inet_interfaces = all

virtual_mailbox_base = /home/domains/
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf

virtual_uid_maps = static:500
virtual_gid_maps = static:500

virtual_transport = maildrop
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1

message_size_limit = 51200000
virtual_mailbox_limit = 209715200
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes

virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes

broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP $mail_name ($mail_version)

smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/postfix/TLS/smtpd.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/TLS/smtpd.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/TLS/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
mtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks.regexp


vi /usr/local/etc/postfix/master.cf
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING


vi /usr/local/etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'

vi /usr/local/etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
additional_conditions = AND active = '1'

vi /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'

vi /usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
additional_conditions = AND active = '1'

vi /usr/local/etc/postfix/mime_header_checks.regexp
/filename=\"?(.*)\.(bat|cmd|com|pif|exe)\"?$/ REJECT

vi /etc/rc.conf
postfix_enable="YES"

install sudo
cd /usr/ports/security/sudo
make install clean

vi /usr/local/etc/sudoers
www ALL=(vmail) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postcreation.sh, /usr/local/bin/postfixadmin-mailbox-postdeletion.sh, /usr/local/bin/postfixadmin-domain-postdeletion.sh

install Postfixadmin
cd /usr/ports/mail/postfixadmin
make install clean
add
[X] MYSQLI  MySQL 4.1+ back-end (use mysqli PHP extension)

1. Create the MySQL Tables
mysql -u root
CREATE DATABASE postfix;
GRANT ALL ON postfix.* TO postfix@localhost IDENTIFIED BY "postfix";
exit

2. Configure PostfixAdmin
vi /usr/local/www/postfixadmin/config.inc.php
$CONF['configured'] = true;
$CONF['postfix_admin_url'] = 'http://mail.jason-tang.com/postfixadmin';
$CONF['database_type'] = 'mysqli';
$CONF['database_password'] = 'postfix';

$CONF['admin_email'] = 'Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它';

$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';

$CONF['quota'] = 'YES';

$CONF['mailbox_postcreation_script']='/usr/local/bin/sudo -u vmail /usr/local/bin/postfixadmin-mailbox-postcreation.sh';
$CONF['mailbox_postdeletion_script']='/usr/local/bin/sudo -u vmail /usr/local/bin/postfixadmin-mailbox-postdeletion.sh';
$CONF['domain_postdeletion_script']='/usr/local/bin/sudo -u vmail /usr/local/bin/postfixadmin-domain-postdeletion.sh';


3. Configure Apache
vi /usr/local/etc/apache22/httpd.conf
Alias /postfixadmin "/usr/local/www/postfixadmin/"
<Directory "/usr/local/www/postfixadmin">
        Options Indexes
        AllowOverride ALL
        Order allow,deny
        Allow from all
</Directory>

/usr/local/etc/rc.d/apache22 restart

4.http://IP/postfixadmin/setup.php
You should see a list of 'OK' messages.

Admin:              <-------- Input your Email address(Just for postfixadmin)
Password:           <-------- Input your Password
Password (again):   <-------- Input your Password again

And then click "Add Admin"


mv /usr/local/www/postfixadmin/setup.php /usr/local/www/postfixadmin/setup.php.disabled
chmod 000 /usr/local/www/postfixadmin/setup.php.disabled

5. Copy .sh files
cp -rp /usr/local/www/postfixadmin/ADDITIONS/postfixadmin*.sh /usr/local/bin
chmod 755 /usr/local/bin/postfixadmin*.sh

vi /usr/local/bin/postfixadmin-mailbox-postcreation.sh
change
basedir=/var/spool/maildirs
to
basedir=/home/domains

change
maildirmake "$maildir"
to
/usr/local/bin/maildirmake "$maildir"


vi /usr/local/bin/postfixadmin-mailbox-postdeletion.sh
change
basedir=/var/spool/maildirs
trashbase=/var/spool/deleted-maildirs
to
basedir=/home/domains
trashbase=/home/domains

vi /usr/local/bin/postfixadmin-domain-postdeletion.sh
change
basedir=/var/spool/maildirs
trashbase=/var/spool/deleted-maildirs
to
basedir=/home/domains
trashbase=/home/domains


install courier-imap
cd /usr/ports/mail/courier-imap
make install clean
add
[X] AUTH_MYSQL   MySQL support

chmod +x /var/run/authdaemond

vi /usr/local/etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"

vi /usr/local/etc/authlib/authmysqlrc
MYSQL_SERVER            localhost
MYSQL_USERNAME          postfix
MYSQL_PASSWORD          postfix
MYSQL_SOCKET            /tmp/mysql.sock
MYSQL_DATABASE          postfix
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
MYSQL_UID_FIELD         '500'
MYSQL_GID_FIELD         '500'
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        '/home/domains/'
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     maildir
MYSQL_QUOTA_FIELD       concat(quota,'S')
MYSQL_WHERE_CLAUSE      active='1'


cp -rp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf

/usr/local/share/courier-imap/mkpop3dcert

cp -rp /usr/local/etc/courier-imap/imapd.cnf.dist /usr/local/etc/courier-imap/imapd.cnf

/usr/local/share/courier-imap/mkimapdcert

vi /etc/rc.conf
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_imapd_ssl_enable="YES"

install maildrop
cd /usr/ports/mail/maildrop
make WITH_AUTHLIB=yes install clean
[X] AUTH_MYSQL   MySQL support

vi /etc/maildroprc
logfile "/home/domains/maildrop.log"
to "$HOME$DEFAULT"

vi /usr/local/etc/postfix/master.cf
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

install squirrelmail
cd /usr/ports/mail/squirrelmail
make install clean

vi /usr/local/etc/php.ini
session.auto_start = 1

chown -R www:www /usr/local/www/squirrelmail
/usr/local/www/squirrelmail/configure
10->1->zh_TW->S->Q

vi /usr/local/etc/apache22/httpd.conf
Alias /webmail "/usr/local/www/squirrelmail/"
<Directory "/usr/local/www/squirrelmail">
        Options Indexes
        AllowOverride ALL
        Order allow,deny
        Allow from all
</Directory>


reboot

test:
http://IP/postfixadmin
http://IP/webmail


install clamav
cd /usr/ports/security/clamav
make install clean
[X] MILTER        Compile the milter interface

vi /usr/local/etc/rc.d/clamav-milter
change
: ${clamav_milter_socket_mode="755"}
to
: ${clamav_milter_socket_mode="777"}


vi /etc/rc.conf
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_milter_enable="YES"

install SpamAssassin
cd /usr/ports/mail/p5-Mail-SpamAssassin
make install clean
clean
[ ]AS_ROOT

vi /usr/local/etc/mail/spamassassin/local.cf
rewrite_header Subject *****SPAM*****
report_safe 1
required_score 5.0
use_bayes 1
bayes_auto_learn 1
ok_languages            zh en
ok_locales              en zh

mkdir /root/.spamassassin
chown -R spamd:spamd /root/.spamassassin

vi /etc/rc.conf
spamd_enable="YES"

cd /usr/ports/mail/spamass-milter
make install clean

vi /usr/local/etc/rc.d/spamass-milter
change
: ${spamass_milter_socket_mode="644"}
to
: ${spamass_milter_socket_mode="777"}


vi /etc/rc.conf
spamass_milter_enable="YES"

vi /usr/local/etc/postfix/main.cf
milter_connect_macros = b j _ {daemon_name} {if_name} {if_addr}
smtpd_milters =
      unix:/var/run/clamav/clmilter.sock
      unix:/var/run/spamass-milter.sock
milter_default_action = accept

vi /etc/mail/sendmail.cf
Xclamav-milter, S=local:/var/run/clamav/clmilter.sock,F=, T=S:4m;R:4m

reboot

(源自freebsdchina)在 FreeBSD 上使用軟 RAID-1

  有沒有想過為低端伺服器做軟 RAID?你或許想過在不購置硬 RAID 控制卡的前提下,通過磁片鏡像為你的工作站帶來冗餘保護。你是否有過痛苦的配置經歷,使你對 Unix 系統上的軟 RAID 卻步?
  FreeBSD 5.3 及更高的版本加入了 gmirror(8);它讓你輕易地配置使用軟 RAID 1。儘管 gmirror 已有不少教程,但我發現它們不是要求用 bsdlabel 來手動計算分區的大小就是要用到一張用以修正現有系統的軟碟。
  我以為在安裝作業系統的過程中配置 RAID 更為合理。我也希望配置步驟能做到易於理解並且不造成諸如計算出錯的人為錯誤。通過拼湊現有的說明文字,自己進行多方配置實驗後,我找到了在數個不同系統上都適用的配置步驟。我也從 gmirror 的編寫者 Pawel Jakub Dawidek 那裏得到了很有價值的回饋;他透露了 gmirror 一些尚未公開的特性。
GEOM 背景知識
  在介紹配置步驟之前,先瞭解一下 GEOM 是很有用的。GEOM 是 FreeBSD 5.0 引入的模組磁片構架。該模組構架允許通過編寫程式來操控磁片。FreeBSD 5.3 引入的軟 RAID 程式就是最好的例子。
  gstripe(8) 可做 RAID 0
  gmirror(8) 可做 RAID 1
  graid3(8) 可做 RAID 3
  以上的首字元 g 表示這些程式都利用到了 GEOM。
  注:若你不知道 RAID 為何物,則可參閱 Webopedia 有關定義不同 RAID 的鏈結 http://www.webopedia.com/TERM/R/RAID.html
  man 4 geom 述說了 geom 所用到的磁片術語;在設置 gmirror 的過程中,我們將會看到一些。它們包括:
  provider -- 該 GEOM 實體在 /dev 下出現。本文將介紹如何創建 /dev/mirror/gm0 這個 provider,它代表磁片鏡像或雙工。
  consumer -- 該實體接收 I/O 請求。在鏡像/雙工的例子中,這指的就是兩塊硬碟。我用兩根資料線分別連接兩塊 IDE 硬碟,得到 /dev/ad0 和 /dev/ad2。
  metadata (元資料) -- 在不同的 RAID 中,它包括陣列成員及其尺寸、位置,邏輯磁片及分區的描述和磁碟陣列的當前狀態。
  鏡像/雙工 -- RAID 1 保持兩塊硬碟的資料一致。換句話說,它將一塊硬碟的資料鏡射到另一塊硬碟。若兩塊硬碟同接在一根 IDE 資料線上,則稱為鏡像;若兩塊硬碟接在不同的資料線上,則稱為雙工。因為單一資料線易造成單點故障,所以採用雙工的占大多數。
在安裝作業系統的過程中配置鏡像/雙工
  若你打算用 RAID 1,為避免節外生枝,購置兩塊一模一樣的硬碟(相同的型號和尺寸)。若型號或尺寸不一致,事情將會變得很複雜;就算經過艱辛的配置成事了,到頭來,你只能以浪費較大硬碟多出來的空間收場。將一個作為第一主盤,另一個作為第二主盤,接好兩塊一樣的硬碟。在安裝作業系統之前,再次檢查 CMOS 是否已認出兩塊硬碟。
  按自己喜歡的安裝方式開始安裝 FreeBSD 任一版本(5.3 或以上)。到了 Select Drives (選定硬碟)功能表時,將會顯示 ad0 和 ad2。選 ad0,因為你將把作業系統安裝於該主盤上。
  進入 fdisk 介面後,刪除所有現存的分區,然後選 Use entire disk (使用整個磁片)。當提示啟動功能表時,選 Standard MBR (標準 MBR)。
  來到 disklabel 介面時,根據自己的需要將 ad0 分區。若不知道該怎麼做,選 a 讓系統自動分區。然後選擇預設的安裝套件和安裝媒體源,讓作業系統如常安裝。
  安裝完畢後,流覽到 postinstall configurations (後安裝配置)設置你的時區,創建用戶帳號,設定 root 的密碼等。
  不過,當回到 sysinstall 主功能表時,不要急於重啟系統。按下 Alt-F4,進入命令提示行。我們首先鍵入 csh 命令,這樣就得到一個帶歷史記錄的 shell (默認的 shell 是 Bourne)。
  創建鏡像/雙工很簡單,只要鍵入:
  # gmirror label -v -b round-robin gm0 /dev/ad0
  其中,gmirror label 創建鏡像;-v 開啟冗長模式;-b round-robin 選用平衡演算法(目前 round-robin 演算法性能最佳);gm0 即鏡像/雙工的名稱(該名稱代表第一個 GEOM 鏡像);/dev/ad0 代表用以鏡射的源盤。
  然而,若現在便鍵入命令會使你失望。
  # gmirror label -v -b round-robin gm0 /dev/ad0
  Can't store metadata on /dev/ad0: Operation not permitted
  (無法將元資料保存於 /dev/ad0 上:禁止操作)
  這是一種安全特性,表示磁片已被載入以便寫入;因此不可用。不過,你可通過 sysctl MIB,暫時讓 gmirror 繞過這個特性,從而創建鏡像/雙工。
  # sysctl kern.geom.debugflags=16
  kern.geom.debugflags: 0 -> 16
  不用擔心,系統重啟後(數分鐘後的事),該 MIB 將復位為 0。再來一次:
  # gmirror label -v -b round-robin gm0 /dev/ad0
  Metadata value stored on /dev/ad0
  就這樣,RAID 1 配置告成。
  我們有必要讓作業系統每次重啟時自動裝載 RAID。這需要修改兩個檔。第一個文件當前是空的,用 echo 創建即可:
  # echo geom_mirror_load="YES" > /boot/loader.conf
  第二個檔 /etc/fstab 不是空的,所以我建議在修改前做個備份:
  # cp /etc/fstab /etc/fstab.orig
  # vi /etc/fstab
  將所有 ad 改為 gm,在 /dev 後插入 mirror。比如將 /dev/ad0s1a 改為 /dev/mirror/gm0s1a。如果沒有創建別的分區,你會看到以 a, b, d, e 和 f 結尾的五個 ad0s1 分區;你需要逐一修改。
  修改完畢後,再仔細檢查對 /etc/fstab 及 /boot/loader.conf 作出的更改。雖說事後可以修正,但是因敲錯一個字而不能啟動新的系統是很煩的事。
  注:有些教程說過需要在 /etc/rc.conf 中加入 swapoff 選項。現已沒必要。同樣地,沒必要將 shutdown -r now 當成 reboot 來用。
  確定沒有錯誤之後,取出安裝盤後,按下 Alt+F1 退出安裝功能表。
啟用鏡像/雙工
  若你注意看啟動資訊,在系統讀出磁片資訊後,你應看到以白色粗體字顯示的資訊:
  GEOM_MIRROR: Device gm0 created (id=2125638583).
  GEOM_MIRROR: Device gm0: provider ad0 detected.
  GEOM_MIRROR: Device gm0: provider ad0 activated.
  GEOM_MIRROR: Device gm0: provider mirror/gm0 launched.
  GEOM_MIRROR: Device gm0 already configured.
  Mounting root from ufs:/dev/mirror/gm0s1a
  系統啟動還在繼續。不過,若在 /etc/fstab 敲錯了一個字,啟動過程將就此停止並等待你輸入正確的資訊。在下面例子中,我在修改 /etc/fstab 時忘了插入 mirror 一詞,即將本應為 /dev/mirror/gm0s1a 的誤作 /dev/gm0s1a,這樣,FreeBSD 便不能找到我的根檔系統。
  Mounting root from ufs:/dev/gm0s1a
  setrootbyname failed
  ffs_mountroot: can't find rootvp
  Root mount failed: 6
  
  Manual root filesystem specification:
    <fstype>:<device>  Mount <device> using filesystem <fstype>
              e.g. ufs:da0s1a
    ?             List valid disk boot devices
    <empty line>       Abort manual input
  
  mountroot>
  所幸的是,它並不是看起來那麼可怕。可以從列出有效的啟動分區入手處理故障:
  mountroot> ?
  
  List of GEOM managed disk devices:
    mirror/gm0s1f mirror/gm0s1e mirror/gm0s1d mirror/gm0s1c mirror/gm0s1b
  mirror/gm0s1a mirror/gm0s1 ad2s1 mirror/gm0 ad0s1 ad2 acd0 ad0 fd0
  若你正確輸入 / 檔系統的位置,它將繼續啟動(boot,原文誤作 reboot)下去。
  mountroot> ufs:/dev/mirror/gm0s1a
  Mounting root from /dev/mirror/gm0s1a
  
  登入之後,先更正 /etc/fstab 的誤處並重新啟動。正常啟動且成功登入後,鍵入以下命令確定鏡像的每個分區已被成功載入。
  % df -h
  Filesystem            Size    Used    Avail    Capacity    Mounted on
  /dev/mirror/gm0s1a    248M     35M     193M       15%        /
  devfs                 1.0K    1.0K       0B      100%        /dev
  /dev/mirror/gm0s1e    248M     12K     228M        0%        /tmp
  /dev/mirror/gm0s1f    7.3G     99M     6.7G        1%        /usr
  /dev/mirror/gm0s1d    248M    196K     228M        0%        /var
  df 不顯示交換分區的資訊,可以用以下命令核實:
  % swapinfo
  Device                1K-blocks    Used    Avail    Capacity
  /dev/mirror/gm0s1b       629544       0   629544        0%
同步鏡像/雙工
  剩下的事就是同步兩塊硬碟的資料了。只要鍵入向鏡像插入第二塊硬碟的命令,資料同步將自動進行。
  # gmirror insert gm0 /dev/ad2
  GEOM_MIRROR: Device gm0: provider ad2 detected.
  GEOM_MIRROR: Device gm0: rebuilding provider ad2.
  看看進展如何:
  # gmirror list | more
  Geom name: gm0
  State: DEGRADED
  Components: 2
  Balance: round-robin
  Slice: 4096
  Flags: NONE
  GenID: 0
  SyncID: 1
  ID: 2125638583
  Providers:
  1. Name: mirror/gm0
     Mediasize: 10262568448 (9.6G)
     Sectorsize: 512
     Mode: r6w5e2
  Consumers:
  1. Name: ad0
     Mediasize: 10262568448 (9.6G)
     Sectorsize: 512
     Mode: r1w1e1
     State: ACTIVE
     Priority: 0
     Flags: DIRTY
     GenID: 0
     SyncID: 1
     ID: 3986018406
  2. Name: ad2
     Mediasize: 10262568448 (9.6G)
     Sectorsize: 512
     Mode: r1w1e1
     State: SYNCHRONIZING
     Priority: 0
     Flags: DIRTY, SYNCHRONIZING
     GenID: 0
     SyncID: 1
     Synchronized: 1%
     ID: 1946262342
  注意看 Flags 行上的 SYNCHRONIZING 字眼。這兩塊硬碟的資料要同步需要一些時間,如當前所示才一個百分點。據我所知,10GB 的硬碟大約需時 30 分鐘,75GB 的約需兩個半小時。若你覺得好奇,查查進度:
  # gmirror status
  Name    Status    Components
  mirror/gm0    DEGRADED    ad0
              ad2 (2%)
  資料同步完畢後,你將看到以白色粗體字顯示的系統資訊:
  GEOM_MIRROR: Device gm0: rebuilding provider ad2 finished.
  GEOM_MIRROR: Device gm0: provider ad2 activated.
  若再次輸入 gmirror list,你會看到 State (狀態) 已從 DEGRADED (已降級) 變成 COMPLETE (完畢),Synchronized (已同步) 一行已不見了。若在 Flags 行上看到 DIRTY (不乾淨) 字眼,不用擔心;那僅表示系統已寫入新的資料但尚未完成鏡射。若你在磁片平靜下來後等數秒鐘,則你將會看到 Flags 行變成了 NONE (無)。
  重啟系統,最後檢查一下。
  這回啟動資訊應包含以下這些:
  GEOM_MIRROR: Device gm0 created (id=2125638583).
  GEOM_MIRROR: Device gm0: provider ad0 detected.
  GEOM_MIRROR: Device gm0: provider ad2 detected.
  GEOM_MIRROR: Device gm0: provider ad0 activated.
  GEOM_MIRROR: Device gm0: provider ad2 activated.
  GEOM_MIRROR: Device gm0: provider mirror/gm0 launched.
  Mounting root from ufs:/dev/mirror/gm0s1a
  
結語
  GEOM 實用程式在日益進步,它的開發者不斷地將新特性及更新上傳到網頁去。利用 cvsup 更新你手上的 FreeBSD 版本或在決定安裝 FreeBSD 時選用最新的版本是很重要的。
  若你想取得鏡像/雙工的性能資料,用 gstat(8)。通讀 gmirror(8) 的說明文字也是值得倡議的,特別是在你想瞭解如何更換一塊壞硬碟的情況下。
來源:freebsdchina

(源自網絡)Freebsd gmirror 中移除.取消mirror和換新硬碟

如果 mirror 中某一個硬碟壞掉了,
然後要更換的話步驟如下:

1. 把壞掉的硬碟拆掉,換上好的硬碟。新硬碟的大小不可以小於 mirror 的大小。

2. 命令 gmirror 忽略 gm0 中沒有連線的實體裝置
#gmirror forget gm0

3. 將新的硬碟(eg. ad0)重新加入 gm0
#gmirror insert gm0 /dev/ad0

註:如果沒有先下 gmirror forget 指令的話,
gmirror 會因為「 gm0 中已經有一個叫 ad0 的裝置」所以拒絕 insert ad0 的指令,
顯示 "Not all disks connected." 的錯誤訊息。

如果要移除 mirror 中的某一個運作中的硬碟,
步驟如下:

1. 命令 gmirror 移除 mirror 中某個實體裝置(eg. ad0)
#gmirror remove gm0 ad0

如果要永久移除 mirror 中的這個實體裝置,則需要再下下列指令:

2. 命令 gmirror 忽略 mirror 中之前存在,但是現在不存在的裝置
#gmirror forget gm0

註:如果不叫 gmirror forget gm0 的話,
那 gm0 會覺得本來的 mirror 中少了一個東西,
便會把這個 mirror mark 成 DEGRADED 。

如果要永遠取消某個 mirror 的話,步驟如下:

1. 停止 mirror 運作
#gmirror stop -v gm0

2. 清實體硬碟上的 gmirror meta data (meta data 存在硬碟的最後一個 sector)
#gmirror clear -v ad0 ad1

這樣就會消除該 mirror 的設定,但是原本在 mirror 上的資料並不會被消除,還是會存在於 ad0s1a 跟 ad1s1a 上面。

(源自網絡)nessus 的安裝

cd /usr/ports/security/nessus
make install && make clean
cd /usr/ports/security/nessus-plugins
make install && make clean
rehash
nessus-adduser

Login : Jason [Enter]
Authentication (pass/cert) [pass] :[Enter]
Login password :[input the password then Enter]
Login password (again) : [input the password then Enter]

User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that jason has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax

Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)

ctrl-D

Login             : jason
Password          : ***********
DN                :
Rules             :


Is that ok ? (y/n) [y] [Enter]
user added.

nessus-mkcert

vi /etc/rc.conf
nessusd_enable="YES"