ClamAV

FreeBSD. Setup a mail server based on Exim + Dovecot + SpamAssassin + Clamav with Vexim + RoundCube web UI | [email protected]

We put nginx
lifestar# cd /usr/ports/www/nginx
lifestar# make install clean

add to/etc/rc.conf:
nginx_enable="YES"

Put MySQL
lifestar# cd /usr/ports/databases/mysql51-server
lifestar# make install clean

add to/etc/rc.conf:
mysql_enable="YES"
Launch MySQL

lifestar# /usr/local/etc/rc.d/mysql-server start

Set the password for root in MySQL (in parentheses, the password itself)
lifestar# mysqladmin -u root password 'password'

Install PHP (note [*] FPM Build FPM version)
lifestar# cd /usr/ports/lang/php5
lifestar# make install clean

add to/etc/rc.conf:
php_fpm_enable="YES"

Let’s bring the file/usr/local/etc/php-fpm.conf to such a view:

[global] pid = run/php-fpm.pid error_log = /var/log/php-fpm.log events.mechanism = kqueue

include=/usr/local/etc/php-fpm.d/*.conf

We create a directory in which pool descriptions for PHP-FPM will lie (someone may be useful if there are more than one users for sites):

lifestar# mkdir -p/usr/local/etc/php-fpm.d/ and describe the pool
lifestar# ee /usr/local/etc/php-fpm.d/www.conf

[www] user = www group = www listen = /tmp/php-fpm.sock listen.backlog = -1 pm = dynamic pm.max_children = 2 pm.start_servers = 1 pm.min_spare_servers = 1 pm.max_spare_servers = 2 pm.max_requests = 500 php_admin_value[error_log] = /var/log/fpm-php.www.log

php_admin_value[memory_limit] = 128M

We run PHP-FPM:
lifestar# /usr/local/etc/php-fpm start

Put Vexim (note MySQL):
lifestar# cd /usr/ports/mail/vexim/
lifestar# make install clean

We install the module p5-DBD-mysql51
lifestar# cd /usr/ports/databases/p5-DBD-mysql51/
lifestar# make

lifestar# make install clean

Run the script:
perl /usr/local/share/vexim/create_db.pl --act=newdb --dbtype=mysql -uid=110 --gid=110 --mailstore=/usr/local/mail
lifestar# Please enter the username of the mysql superuser: root Please enter the password of the mysql superuser: Please enter the name of your NEW database: vexim -------------------------------------------------- Database: vexim will be created --------------------------------------------------

Is this correct? (Y = continue / anykey = exit ): Y

Please enter a password for the 'vexim' database user: Confirm password: Please enter a password for the 'siteadmin' user: Confirm password: The user 'siteadmin' has been added with the password

Database created successfully!

Create a directory with virtual hosts for nginx

lifestar# mkdir -p /usr/local/etc/nginx/vhosts

Let’s bring /usr/local/etc/nginx/nginx.conf to this form:

worker_processes 2;

events { use kqueue; worker_connections 2048;

}

http { include mime.types; default_type application/octet-stream; sendfile on; client_body_buffer_size 16K; client_header_buffer_size 1k; client_max_body_size 32M; large_client_header_buffers 2 1k; client_body_timeout 10; client_header_timeout 10; keepalive_timeout 5 5; send_timeout 10; reset_timedout_connection on; server_tokens off;

gzip on;

# Close calls to IP address server { listen 80 default_server; server_name _; return 444;

}

# PHP-FPM upstream php-fpm { server unix:/tmp/php-fpm.sock;

}

# We will include files with virtual hosts include /usr/local/etc/nginx/vhosts/*; }

Making a virtual host in nginx for Vexim

lifestar# ee /usr/local/etc/nginx/vhosts/exim.lifestar.cf

server { listen 80; server_name exim.lifestar.cf; access_log /var/log/nginx/exim-access.log; error_log /var/log/nginx/exim-error.log; root /usr/local/www/vexim; index index.php;

charset utf-8;

location ~ .php$ { fastcgi_pass php-fpm; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /usr/local/etc/nginx/fastcgi_params;

}

location ~ /.ht { deny all; } }

Editing the Vexim config
lifestar# ee /usr/local/www/vexim/config/variables.php "; and enter the data you entered earlier to connect to the database. Create a group and user exim:
lifestar# pw groupadd vexim -g 90
lifestar# pw useradd vexim -u 90 -g vexim -d /usr/local/mail -m -s /nonexistant

Install Exim (mark the SA-EXIM option for SpamAssasin) :
lifestar# cd /usr/ports/mail/exim && make install clean Add in /etc/rc.conf:


exim_enable="YES"

We copy and edit the configuration
lifestar# cd /usr/local/etc/exim/ lifestar# cp /usr/local/share/doc/vexim/docs/*.conf ./ lifestar# cp /usr/local/share/doc/vexim/docs/configure ./

lifestar# ee /usr/local/etc/exim/configure

We find the line:

MY _ IP = CHANGE describe your ip

MY_IP = 46.38.63.5/code> Find: trusted_users = avleen:www
and remove avleen. It remains:

trusted_users = www exim_user = mailnull exim_group = mail

never_users = root

We find a timed string responsible for connecting to the MySQL server, decompose it and put our password there:

hide mysql_servers = localhost::(/tmp/mysql.sock)/vexim/vexim/vexim

Let’s unwind:

AINS = SELECT DISTINCT domain FROM domains WHERE type = 'relay' AND domain = '${quote_mysql:$domain}' ALIAS_DOMAINS = SELECT DISTINCT alias FROM domainalias WHERE alias = '${quote_mysql:$domain}'timeout_frozen_after = 2d

log_selector = +subject

We change the path to the ClamAV antivirus: Find:

av_scanner = clamd:/var/run/clamav/clamd и меняем на av_scanner = clamd:/var/run/clamav/clamd.sock

Add to/etc/rc.conf
spamd _ enable = "YES" and run
exim# /usr/local/etc/rc.d/sa-spamd start

We put ClamAV:
lifestar# cd /usr/ports/security/clamav && make install clean Add to/etc/rc.conf:

clamav_freshclam_enable="YES"
clamav_clamd_enable="YES"

and launch
lifestar# /usr/local/etc/rc.d/clamav-clamd start Start updating ClamAV databases

lifestar# /usr/local/etc/rc.d/clamav-freshclam start

Add in /etc/rc.conf
exim_enable="YES"

Install Dovecot:
lifestar# cd /usr/ports/mail/dovecot && make install clean Settings are stored in a file /usr/local/etc/dovecot.conf

We bring the config to this type

base_dir = /var/run/dovecot/ protocols = imap pop3 imaps pop3s protocol imap { listen=*:143 } protocol pop3 { listen=*:110 } disable_plaintext_auth = no log_path =/var/log/dovecot log_timestamp = "%b %d %H:%M:%S " syslog_facility = mail ssl = no ssl_parameters_regenerate = 0 mail_location = maildir:~/Maildir mail_privileged_group = mail mail_debug = yes mail_log_prefix = "%Us(%u): " dotlock_use_excl = yes verbose_proctitle = yes first_valid_uid = 90 first_valid_gid = 90 maildir_copy_with_hardlinks = yes protocol imap { mail_executable = /usr/local/libexec/dovecot/imap imap_client_workarounds = delay-newmail netscape-eoh tb-extra-mailbox-sep

}

protocol pop3 { mail_executable = /usr/local/libexec/dovecot/pop3 pop3_uidl_format = %08Xu%08Xv pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda {

postmaster_address = [email protected]

sendmail_path = /usr/sbin/sendmail } auth_username_format = %Lu auth_verbose = yes auth_debug = yes auth default { ssl_require_client_cert=no ssl_username_from_cert=no mechanisms = plain login passdb pam { args = session=yes dovecot } passdb sql { args = /usr/local/etc/dovecot-sql.conf } userdb passwd { args = blocking=yes } userdb sql { args = /usr/local/etc/dovecot-sql.conf } user = root socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 } client { path = /var/run/dovecot/auth-client mode = 0660 } } } dict { } plugin {

}

We configure the connection to MySQL in the file dovecot-sql.conf

lifestar# ee /usr/local/etc/dovecot-sql.conf

driver = mysql connect = host=/tmp/mysql.sock user=vexim password=PASSWORD dbname=vexim default_pass_scheme = MD5-CRYPT password_query = SELECT crypt as `password` FROM users,domains WHERE users.username = '%u' AND users.enabled = '1' AND users.type = 'local' and domains.enabled = '1' and domains.domain_id = users.domain_id

user_query = SELECT pop as home, uid, gid FROM users WHERE username = '%u'

Add an entry to/etc/rc.conf:
dovecot_enable="YES"
Launch Dovecot:

lifestar# /usr/local/etc/rc.d/dovecot start

Put RoundCube (select MySQL):

lifestar# cd /usr/ports/mail/roundcube/
lifestar# make install clean

And then the commands in order:

lifestar#cd /usr/local/www/roundcube
lifestar# chmod 777 logs/

lifestar# chmod 777 temp/

Create database

lifestar# mysql -p Enter password: Welcome to the MySQL monitor. Commands end with ; or g. mysql> CREATE DATABASE roundcubemail DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;

Query OK, 1 row affected (0.01 sec)

mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY ‘password’;
Query OK, 0 rows affected (0.00 sec)

mysql> quit
Bye

lifestar# cd /usr/local/www/roundcube/
lifestar# mysql -p roundcubemail < SQL/mysql.initial.sql

lifestar# cp config/db.inc.php.dist config/db.inc.php
lifestar# ee config/db.inc.php Edit the configuration file/usr/local/www/roundcube/config/db.inc.php, which is responsible for connecting to the database:
$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';

Edit the main.inc.php file containing the basic settings:
lifestar# ee config/main.inc.php

$rcmail_config[‘default_host’] = ‘localhost’; #Host with mail server
$rcmail_config[‘username_domain’] = ‘ mydomain.ru’; #Domain automatically added to username $rcmail_config[‘mail_domain’] = ‘mydomain.ru’; #Mail domain
$rcmail_config[‘default_port’] = 143; #Port IMAP
$rcmail_config[‘imap_auth_type’] = null; #Authorization type IMAP
$rcmail_config[‘smtp_server’] = ‘localhost’; #SMTP server
$rcmail_config[‘smtp_user’] = ‘%u’; $rcmail_config[‘smtp_pass’] = ‘%p’; $rcmail_config[‘smtp_auth_type’] = ‘CRAM-MD5’; #Authorization type SMTP
$rcmail_config[‘create_default_folders’] = TRUE; #By first login making default mail folders (Inbox, Outbox, Trash etc)
$rcmail_config[‘language’] = en_EN; #Localization

And add a virtual host to nginx for Roundcube

lifestar# ee /usr/local/etc/nginx/vhosts/mail.lifestar.cf

server { listen 80; server_name mail.lifestar.cf; access_log /var/log/nginx/mail-access.log; error_log /var/log/nginx/mail-error.log; root /usr/local/www/roundcube; index index.php;

charset utf-8;

location ~ .php$ { fastcgi_pass php-fpm; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /usr/local/etc/nginx/fastcgi_params;

}

location ~ /.ht { deny all; } }

Restart PHP-FPM and NGINX
lifestar# /usr/local/etc/rc.d/nginx restart && usr/local/etc/rc.d/php-fpm restart

Roundcube is now available at http://mail.lifestar.cf and Vexim by http://exim.lifestar.cf

We go to the address http://exim.lifestar.cf We log in under siteadmin and the password that we set earlier

Click Add local domain

We spell out the domain, the administrator name (by default postmaster, you can change to any, the postmaster @ domain box will also be created, and let’s create, for example, admin) write out the password (for example pass) repeat the password

note antispam and antivirus (optional) and press Submit

We have a mail account admin@domain with a password pass

To create another mailbox for the created domain, let’s log in under the login of the domain administrator, in our case – admin

Жмем Add, delete and manage POP/IMAP accounts
Then Add User Write the name (any, it’s just for displaying in the list of users) login (for example user) twice password (for example userpass) Has domain admin privileges? – note, we want to make the user also domain admin And press Submit.

We have a user@domain email account with a userpass password

Now you can go to the roundcube using the http://mail.lifestar.cf link under the user@domain login and userpass password

November 10, 2015 by Blog