FreeBSD Step by Step 4.10

ee /root/.bashrc
PS1=”[u@h:w]# “
ee /home/scs/.bashrc
PS1=”[u@h:w]# “
cd /usr/ports/net/cvsup-without-gui
make && make install
cp /usr/share/examples/cvsup/standard-supfile /etc/standard-supfile
cp /usr/share/examples/cvsup/ports-supfile /etc/ports-supfile
cd /etc/
cvsup -g -L 2 standard-supfile -h cvsup4.freebsd.org
cvsup -g -L 2 ports-supfile -h cvsup4.freebsd.org
cd /usr/ports/lang/perl5.8
make && make install
cd /usr/src
make buildworld


# cd /usr/src/sys/i386/conf
# mkdir /root/kernels
# cp GENERIC /root/kernels/MYKERNEL  
# ln -s /root/kernels/MYKERNEL


# /usr/sbin/config MYKERNEL
Change into the build directory. config(8) will print the name of this directory after being run as above.


# cd ../compile/MYKERNEL
For FreeBSD versions prior to 5.0, use the following form instead:


# cd ../../compile/MYKERNEL
Compile the kernel.


# make depend
# make
Install the new kernel.


# make install
reboot
cd /usr/src
make installworld
cd /usr/ports/ftp/proftpd
make && make install

or use the FTP in inetd…works well too


ee /etc/inetd.conf


ftp     stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -l
#ftp    stream  tcp6    nowait  root    /usr/libexec/ftpd       ftpd -l
save changes


ps -ax | grep inetd
kill inetd process and restart it.

cd /usr/ports/www/apache13-modssl
make && make install


Unpack the ucspi-tcp package:

     gunzip ucspi-tcp-0.88.tar
tar -xf ucspi-tcp-0.88.tar
cd ucspi-tcp-0.88

Compile the ucspi-tcp programs:

     make

As root, install the ucspi-tcp programs under /usr/local:

     make setup check

Installation daemontools
Create a /package directory: 
     mkdir -p /package
chmod 1755 /package
cd /package
Download daemontools-0.76.tar.gz into /package. Unpack the daemontools package:
     gunzip daemontools-0.76.tar
tar -xpf daemontools-0.76.tar
rm daemontools-0.76.tar
cd admin/daemontools-0.76
Compile and set up the daemontools programs:
     package/install


Install Qmail
 

Now you can unpack the packages.

    cd /usr/local/src
    gunzip netqmail-1.05.tar.gz
    tar xpf netqmail-1.05.tar
    cd netqmail-1.05
    ./collate.sh  # watch for errors here

    cd ..


 



 

 

 

 

There should now be directories called /usr/local/src/netqmail-1.05

 

Create users and groups
The easiest way to create the necessary users and groups is to create a little script file to do it for you. In the source directory you’ll find a file called INSTALL.ids. It contains the command lines for many platforms, so copying the file to another name and editing that is quick and easy.

    cd /usr/local/src/netqmail-1.05/netqmail-1.05
    ee IDS, paste the following lines below

    pw groupadd nofiles
    pw useradd qmaild -g nofiles -d /var/qmail -s /nonexistent
    pw useradd alias -g nofiles -d /var/qmail/alias -s /nonexistent
    pw useradd qmaill -g nofiles -d /var/qmail -s /nonexistent
    pw useradd qmailp -g nofiles -d /var/qmail -s /nonexistent
    pw groupadd qmail
    pw useradd qmailq -g qmail -d /var/qmail -s /nonexistent
    pw useradd qmailr -g qmail -d /var/qmail -s /nonexistent
    pw useradd qmails -g qmail -d /var/qmail -s /nonexistent

Then to run it, either use chmod to make it executable or run it with sh:
First method:

    chmod 700 IDS
    ./IDS

When the script finishes, all of your users and groups will be created and you can go on to the next section. But what do you do if your system isn’t listed in INSTALL.ids? You’ll have to create them manually. Start by using your favorite editor and editing /etc/group. You need to add the following two lines to the end of the file:

    qmail:*:2107:
    nofiles:*:2108:

Next, using vipw (most systems have it, if not you’ll need to use your editor again but this time on /etc/passwd) add these lines to the end of the file:

    alias:*:7790:2108::/var/qmail/alias:/bin/true
    qmaild:*:7791:2108::/var/qmail:/bin/true
    qmaill:*:7792:2108::/var/qmail:/bin/true
    qmailp:*:7793:2108::/var/qmail:/bin/true
    qmailq:*:7794:2107::/var/qmail:/bin/true
    qmailr:*:7795:2107::/var/qmail:/bin/true
    qmails:*:7796:2107::/var/qmail:/bin/true

Do the build
Now you can start building qmail. Change to the /usr/local/src/netqmail-1.05/netqmail-1.05 directory and let’s get started:

    cd /usr/local/src/netqmail-1.05/netqmail-1.05

In the Verify Build Environment section, you located your C compiler. If it’s not called cc or the directory it resides in isn’t in your PATH environment variable, you’ll need to edit conf-cc and conf-ld. Say your compiler is gcc, and it’s in your PATH. Simply edit conf-cc and conf-ld and replace “cc” with “gcc”.

Now type the following:

    make setup check

After the build is complete, you’ll need to do your post installation configuration. A couple of scripts are provided to make this job a lot easier. For example, if your domain is example.com and the hostname of your computer is dolphin, your config-fast line would look like this:

    ./config-fast lists.domain.com

 

Install Qmail

 
*************************

Supervise scripts creation

*************************

ee /var/qmail/rc

#!/bin/sh

# Using stdout for logging
# Using control/defaultdelivery from qmail-local to deliver messages by default

exec env – PATH=”/var/qmail/bin:$PATH”
qmail-start “`cat /var/qmail/control/defaultdelivery`”


*******************

ee /var/qmail/bin/qmailctl

Copy from
http://www.lifewithqmail.org/qmailctl-script-dt70

***************************
Create Supervise Script Directories

mkdir -p /var/qmail/supervise/qmail-send/log
mkdir -p /var/qmail/supervise/qmail-smtpd/log

***************************
Qmail-smtpd Run

ee /var/qmail/supervise/qmail-smtpd/run
 

#!/bin/sh

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`

if [ -z “$QMAILDUID” -o -z “$NOFILESGID” -o -z “$MAXSMTPD” -o -z “$LOCAL” ]; then
    echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
    echo /var/qmail/supervise/qmail-smtpd/run
    exit 1
fi

if [ ! -f /var/qmail/control/rcpthosts ]; then
    echo “No /var/qmail/control/rcpthosts!”
    echo “Refusing to start SMTP listener because it’ll create an open relay”
    exit 1
fi

exec /usr/local/bin/softlimit -m 2000000
    /usr/local/bin/tcpserver -v -R -l “$LOCAL” -x /etc/tcp.smtp.cdb -c “$MAXSMTPD”
        -u “$QMAILDUID” -g “$NOFILESGID” 0 smtp /var/qmail/bin/qmail-smtpd 2>&1
 

***************************
Qmail-smtpd run file

ee /var/qmail/supervise/qmail-smtpd/log/run

#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd
 

***************************

Qmail-send run file

ee /var/qmail/supervise/qmail-send/run

#!/bin/sh
exec /var/qmail/rc

***************************
Qmail-send log run file

ee /var/qmail/supervise/qmail-send/log/run

#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail

***************************
chmod 755 /var/qmail/rc
chmod 755 /var/qmail/bin/qmailctl
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run

echo ./Maildir/ >/var/qmail/control/defaultdelivery
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service
ln -s /var/qmail/bin/qmailctl /usr/bin

mkdir -p /var/log/qmail/smtpd
chown qmaill /var/log/qmail /var/log/qmail/smtpd

echo 20 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming

mv /usr/lib/sendmail /usr/lib/sendmail.old
mv /usr/sbin/sendmail /usr/sbin/sendmail.old

chmod 0 /usr/lib/sendmail.old /usr/sbin/sendmail.old

ln -s /var/qmail/bin/sendmail /usr/lib
ln -s /var/qmail/bin/sendmail /usr/sbin

ln -s .qmail-postmaster /var/qmail/alias/.qmail-mailer-daemon
chmod 644 /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-postmaster /var/qmail/alias/.qmail-mailer-daemon

echo ‘127.:allow,RELAYCLIENT=””‘ >>/etc/tcp.smtp
echo ‘192.:allow,RELAYCLIENT=””‘ >>/etc/tcp.smtp
qmailctl cdb

ee /home/scs/downloads/inst_check.sh
#!/bin/sh

Verify your local qmail alias files
/var/qmail/alias/

.qmail-root
me

.qmail-postmaster
me

This is what my /var/qmail/alias looks like before installing Mailman
lrwxr-xr-x  1 root  qmail  17 May  2 18:55 .qmail-mailer-daemon -> .qmail-postmaster
-rw-r–r–  1 root  qmail   3 May  5 01:21 .qmail-postmaster
-rw-r–r–  1 root  qmail   3 May  5 01:20 .qmail-root

here is what my control files look like in Qmail
[root@lists:/var/qmail/control]# ls -l

-rw-r–r– 1 root qmail 3 May 15 08:42 concurrencyincoming
-rw-r–r– 1 root qmail 11 May 15 08:42 defaultdelivery
-rw-r–r– 1 root qmail 10 May 15 08:25 defaultdomain
-rw-r–r– 1 root qmail 26 May 15 10:17 locals
-rw-r–r– 1 root qmail 16 May 15 08:25 me
-rw-r–r– 1 root qmail 10 May 15 08:25 plusdomain
-rw-r–r– 1 root qmail 26 May 15 10:17 rcpthosts

ee /var/qmail/control/locals
localhost
lists.domain.com

ee /var/qmail/control/me

lists.domain.com

ee /var/qmail/control/rcpthosts
localhost
lists.domain.com

********************

put the qmail.sh in /usr/local/etc/rc.d/qmail.sh

#!/bin/sh

echo -n “qmail-smtpd, “
QMAILQUEUE=”/var/qmail/bin/qmail-scanner-queue.pl” export QMAILQUEUE

chmod 755 qmail.sh

 

reboot server

ee /etc/rc.conf

add this stuff to the rc.conf

 

sendmail_enable=”NONE”

ipfilter_enable=”YES”
ipfilter_flags=”-Ds”
ipfilter_program=”/sbin/ipf -Fa -f”
ipfilter_rules=”/etc/ipf.conf”
ipmon_enable=”YES”
ipmon_flags=”-Dn /var/log/firewall_logs”
spamd_enable=”YES”
clamav_clamd_enable=”YES”

 

install spamassassin from ports

if you get an error about not right version of perl type
use.perl port

cd /usr/ports/mail/p5-Mail-SpamAssassin

 

install clamav .80

gunzip clamav.80.tar.gz

tar xpf clamav.80.tar

cd clamav.0.80

add group and user clamav //might have to use /stand/sysinstall
groupadd clamav
useradd -g clamav -s /bin/false -c “Clam AntiVirus” clamav

./configure

make

make install

 

Getting ready for Qmail-Scanner

Install db3 from ports collection
cd /usr/ports/databases/db3
make && make install

Install tnef-1.1 from the ports collection.
cd /usr/ports/converters/tnef
make && make install 

Install unzip from the ports collection.
cd /usr/ports/archivers/unzip
make && make install

Install maildrop from ports
cd /usr/ports/mail/maildrop
make && make install

 

Download Perl module Time::HiRes from
fetch http://www.cpan.org/authors/id/D/DE/DEWEG/Time-HiRes-01.20.tar.gz
tar xzvf Time-HiRes-01.20.tar.gz
cd Time-HiRes-01.20
perl Makefile.PL
make
make test
su –
cd /Time-HiRes-01.20
make install 

Download Perl module DB_File from
fetch http://www.cpan.org/authors/id/P/PM/PMQS/DB_File-1.801.tar.gz
tar xzvf DB_File-1.801.tar.gz
cd DB_File-1.801
perl Makefile.PL
*use.perl system*
make
make test
cd /DB_File-1.801
make install 

 

use.perl port

reboot server

add user and group qscand using /stand/sysinstall (ok whatever i don’t remember the command line, when you only build two servers a user the gui is nice!)

Download qmail-scanner-1.20

http://qmail-scanner.sourceforge.net/

put in /home/scs/downloads/qmail-scanner

gunzip – qmail-scanner.1.22.tgz
tar xvf qmail-scanner.1.22.tar
chown root /usr/bin/suidperl
chmod 4711 /usr/bin/suidperl
./configure –admin scs –domain lists.deviq.com –notify admin –local-domains lists.deviq.com –log-details yes,syslog –add-dscr-hdrs yes –scanners auto –debug no –unzip yes –install
 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s