• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

PostgreSQL+Postfix+Nginx+PHP+RoundCube+Dovecot+ SpamAssassin+Clamav+Spamd

graudeejs

Son of Beastie

Thanks: 670
Messages: 4,617

#76
kenyloveg said:
Hi, killasmurf86

Since 8.2 is released, would you update your scenario along with other updates like Postgresql 9.0.3?
Nothing (that I'm aware of) except version number change in this matter.
 

kenyloveg

New Member


Messages: 14

#77
Hi, killasmurf86

Thanks anyway.

My problem is failed to install Postgresql90-server, steps are below. Fresh install 8.2 release, choose minimal install
Code:
portsnap fetch
portsnap extract
cd /usr/port/database/postgresql90-server
make clean install
At last I get
Code:
error code 1
say something like open-sasl install failed/Postgresql client 8.4 failed.

Now I'm installing binary not compiling from port, looks everything all right now, but need to go on your rest scenario.
 

kenyloveg

New Member


Messages: 14

#78
And another question is regarding certification. I've already get class 1 cert from StartSSL, which is a .p12 file, how can i using this file as SSL/TLS cert? PS: I don't wanner get popup in Outlook client, saying should i trust this or not...
Thanks.
 

graudeejs

Son of Beastie

Thanks: 670
Messages: 4,617

#79
kenyloveg said:
Hi, killasmurf86
Thanks anyway.
My problem is failed to install Postgresql90-server, steps are below
Fresh install 8.2 release, choose minimal install, "portsnap fetch", "portsnap extract", "cd /usr/port/database/postgresql90-server", "make clean install", at last i get "error code 1", say something like open-sasl install failed/Postgresql client 8.4 failed.
This is your specific problem (don't know why it won't build for you), I had no problem installing PostgreSQL server/client :)

kenyloveg said:
Excuse me for bad English, and replied by using quick reply...
Have a good day.
Your English fine :)

kenyloveg said:
And another question is regarding certification. I've already get class 1 cert from StartSSL, which is a .p12 file, how can i using this file as SSL/TLS cert? PS: I don't wanner get popup in Outlook client, saying should i trust this or not...
Thanks.
see CONVERTING CERTIFICATE TO/FROM PKCS #12 FORMAT at http://forums.freebsd.org/showthread.php?t=6490
I think that's the answer
 

kenyloveg

New Member


Messages: 14

#80
Hi, killasmurf86
Thanks for your reply.
Could you let me know what is your exact step to install Postgresql90-server from scratch?
The problem should be build scripts for Postgresql90-server, cuz I've no idea why would it need postgresql84 client to be installed...
And one thing for newbies like me, you need to install portmaster first then reboot, then portmaster should work.
 

kenyloveg

New Member


Messages: 14

#82
Hi, killasmurf86

Excuse me if I had so many noob questions. As configuration in dovecot.conf need both cert.pem and key.pem, after putting this [cmd=]openssl pkcs12 -in mycert.p12 -out cert.pem -nodes -clcerts[/cmd] I still need key.pem which I've no idea how to get this.

Thank you.
 

DutchDaemon

Administrator
Staff member
Administrator
Moderator

Thanks: 2,564
Best answers: 1
Messages: 11,168

#83
kenyloveg said:
And one thing for newbies like me, you need to install portmaster first then reboot, then portmaster should work.
Nonsense, this is not Windows. Just run [cmd=]hash -r[/cmd] or [cmd=]rehash[/cmd] after installing a port/package.
 

kenyloveg

New Member


Messages: 14

#84
DutchDaemon said:
Nonsense, this is not Windows. Just run [cmd=]hash -r[/cmd] or [cmd=]rehash[/cmd] after installing a port/package.
Hi, DutchDaemon
Thanks for your information. Just because after I installed portmaster, I still got
Code:
command not found
Thought reboot may fix it. But never thought heard about "hash -r".

BTW, how do I check binary package information on ftp site like port?
 

graudeejs

Son of Beastie

Thanks: 670
Messages: 4,617

#85
kenyloveg said:
Hi, killasmurf86

Excuse me if I had so many noob questions. As configuration in dovecot.conf need both cert.pem and key.pem, after putting this [cmd=]openssl pkcs12 -in mycert.p12 -out cert.pem -nodes -clcerts[/cmd] I still need key.pem which I've no idea how to get this.

Thank you.
Depends on your certificate. If you have only one file, then you probably have everything in one file, in this case point all necessary parameters to your only ssl key
 

IrishWristwatch

New Member


Messages: 5

#86
Where is the UserDB in this setup? My logs keep showing that the user is not found every time I send a message to the server.

Code:
to=<test@fakeurl.com>, relay=dovecot, delay=0.24, delays=0.16/0.01/0/0.06, dsn=5.1.1, status=bounced (user unknown)
 

IrishWristwatch

New Member


Messages: 5

#87
IrishWristwatch said:
Where is the UserDB in this setup? My logs keep showing that the user is not found every time I send a message to the server.

Code:
to=<test@fakeurl.com>, relay=dovecot, delay=0.24, delays=0.16/0.01/0/0.06, dsn=5.1.1, status=bounced (user unknown)
Fixed it. I added

Code:
  passdb sql {
    args = /usr/local/etc/dovecot-sql.conf
  }

  userdb prefetch {
    # keep this, otherwise quota won't work
  }

  userdb static {
    args = uid=mailnull gid=mail home=/mail/%d/%n
    # keep this, otherwise quota won't work
  }
 

IrishWristwatch

New Member


Messages: 5

#89
killasmurf86 said:
On my setup I don't use userdb, I get info about user from passdb, this way I save 1 SQL call
Strange, it couldn't find the user by just using a passdb SQL call (as shown in the log in my first post). It worked after I added that "userdb static" call into the file.
 

graudeejs

Son of Beastie

Thanks: 670
Messages: 4,617

#90
IrishWristwatch said:
Strange, it couldn't find the user by just using a passdb SQL call (as shown in the log in my first post). It worked after I added that "userdb static" call into the file.
Howto may contain some errors, because I wrote it off my memory.
I hope to fix these, next time I reinstall my server
 

IrishWristwatch

New Member


Messages: 5

#91
killasmurf86 said:
Howto may contain some errors, because I wrote it off my memory.
I hope to fix these, next time I reinstall my server
Do you know how virtual mailbox forwarding would be done on this setup? For instance, if I wanted joe@example.com to go to the mailbox joe, but also to joe@gmail.com. I know how to do this with the /etc/aliases file, but I'm not too sure with virtual mailboxes in postgresql.
 

graudeejs

Son of Beastie

Thanks: 670
Messages: 4,617

#92
IrishWristwatch said:
Do you know how virtual mailbox forwarding would be done on this setup? For instance, if I wanted joe@example.com to go to the mailbox joe, but also to joe@gmail.com. I know how to do this with the /etc/aliases file, but I'm not too sure with virtual mailboxes in postgresql.
Sorry, I've no clue (never needed such feature)
 

henrixd

New Member


Messages: 8

#93
Thanks!

This was great tutorial. I got things running, with almost no problems. Here is few things I did differently.

RoundCube uses fsockopen, so why not use unix sockets. First disable inet_listener and add unix socket for imaps.

dovecot config:
Code:
inet_listener imaps {
    port = 0
}
unix_listener imaps {
    mode = 0666
}
RounCube main config:
Code:
$rcmail_config['default_host'] = 'unix:///var/run/dovecot/imaps';
$rcmail_config['default_port'] = -1;
This is part from my nginx.conf. We start with default deny all and move towards to allowing. Only PHP script that needs fcgi_pass is index.php and rest is just static files.

There is so much crap and exposed files in roundcube dirs, that I won't let them open nor want I keep checking them too often.

nginx config:
Code:
        root   /usr/local/www/roundcube;

        include        fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

        ## Only allow these request methods
        if ($request_method !~ ^(GET|HEAD|POST)$ ) {
                return 444;
        }

        location / { deny all; }
        location = / { index  index.php; }

        location = /index.php {
                fastcgi_pass   unix:/var/run/spawn_fcgi.socket;
        }

        location = /program/blank.gif {}
        location = /program/blocked.gif {}

        location ~ ^/program/js/.*\.js$ {}
        location ~ ^/skins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
        location ~ ^/plugins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
Here is my test code for nginx.conf (in case someone wants to validate).
First in server run this:
[cmd=]find /usr/local/www/roundcube -true > ./check.list[/cmd]

Run check.list file with this.
Code:
#!/bin/sh

while read url; do
        echo -n "${url}: "
        curl -o /dev/null --silent --head --write-out '%{http_code}\n' ${url}
done < check.list
Remember to put security/sshguard to check mail.info too, to have a little extra security for the web login form. Keep in mind that max-src-conn-rate type of filter rules might lock you out (I didn't).

There, hope this helps secure someone's web-mail.
 

graudeejs

Son of Beastie

Thanks: 670
Messages: 4,617

#95
henrixd said:
This was great tutorial. I got things running, with almost no problems. Here is few things I did differently.

RoundCube uses fsockopen, so why not use unix sockets. First disable inet_listener and add unix socket for imaps.

dovecot config:
Code:
inet_listener imaps {
    port = 0
}
unix_listener imaps {
    mode = 0666
}
RounCube main config:
Code:
$rcmail_config['default_host'] = 'unix:///var/run/dovecot/imaps';
$rcmail_config['default_port'] = -1;
This is part from my nginx.conf. We start with default deny all and move towards to allowing. Only PHP script that needs fcgi_pass is index.php and rest is just static files.

There is so much crap and exposed files in roundcube dirs, that I won't let them open nor want I keep checking them too often.

nginx config:
Code:
        root   /usr/local/www/roundcube;

        include        fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

        ## Only allow these request methods
        if ($request_method !~ ^(GET|HEAD|POST)$ ) {
                return 444;
        }

        location / { deny all; }
        location = / { index  index.php; }

        location = /index.php {
                fastcgi_pass   unix:/var/run/spawn_fcgi.socket;
        }

        location = /program/blank.gif {}
        location = /program/blocked.gif {}

        location ~ ^/program/js/.*\.js$ {}
        location ~ ^/skins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
        location ~ ^/plugins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
Here is my test code for nginx.conf (in case someone wants to validate).
First in server run this:
[cmd=]find /usr/local/www/roundcube -true > ./check.list[/cmd]

Run check.list file with this.
Code:
#!/bin/sh

while read url; do
        echo -n "${url}: "
        curl -o /dev/null --silent --head --write-out '%{http_code}\n' ${url}
done < check.list
Remember to put security/sshguard to check mail.info too, to have a little extra security for the web login form. Keep in mind that max-src-conn-rate type of filter rules might lock you out (I didn't).

There, hope this helps secure someone's web-mail.
BTW, later I discovered www/hastymail2 (http://www.hastymail.org/)
I really like it much more than RoundCube. It has much more advanced features.
However hastymail in ports and doesn't work very well for multiple domains.

Unfortunately I don't have my own server any more, so I haven't updated hastymail (yet).
I should probably give Hastymail to the pool....
(hope to get new server some day, soon [few months maybe])
 

henrixd

New Member


Messages: 8

#96
Little bug fix.

I should have validated my own config better, this is what you get when you set up your box with minimum sleep.

Code:
location ~ ^/program/js/.*\.js|jpg|jpeg|gif|png|html|htm|css$ {}
location ~ ^/skins/.*\.js|jpg|jpeg|gif|png|html|htm|css$ {}
location ~ ^/plugins/.*\.js|jpg|jpeg|gif|png|html|htm|css$ {}
I must say, that www/hastymail2 looks really nice, I'll go give it a try immediately.
 

NuLL3rr0r

Active Member

Thanks: 14
Messages: 167

#99
Hi,

Tnx for such a great tutorial, this is exactly the one I needed.

I did setup my VPS using your tutorial, and now I can send messages out.
But when I send a message from gmail to one of mailboxes on my VPS I got

Code:
Aug 16 03:16:00 3rr0r postfix/pickup[1607]: 42B72B87E: uid=80 from=<www>
Aug 16 03:16:00 3rr0r postfix/cleanup[5049]: 42B72B87E: message-id=<20120816031600.42B72B87E@babaei.net>
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 42B72B87E: from=<www@babaei.net>, size=501, nrcpt=1 (queue active)
Aug 16 03:16:00 3rr0r dovecot: auth(default): prefetch(www@babaei.net): userdb lookup not possible with only userdb prefetch
Aug 16 03:16:00 3rr0r postfix/pipe[5057]: 42B72B87E: to=<www@babaei.net>, orig_to=<www>, relay=dovecot, delay=0.03, 
delays=0.01/0.01/0/0, dsn=5.1.1, status=bounced (user unknown)
Aug 16 03:16:00 3rr0r postfix/cleanup[1690]: 4892DB93B: message-id=<20120816031600.4892DB93B@babaei.net>
Aug 16 03:16:00 3rr0r postfix/bounce[5059]: 42B72B87E: sender non-delivery notification: 4892DB93B
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 4892DB93B: from=<>, size=2164, nrcpt=1 (queue active)
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 42B72B87E: removed
Aug 16 03:16:00 3rr0r dovecot: auth(default): prefetch(www@babaei.net): userdb lookup not possible with only userdb prefetch
Aug 16 03:16:00 3rr0r postfix/pipe[2400]: 4892DB93B: to=<www@babaei.net>, relay=dovecot, delay=0.53, delays=0.53/0/0/0,
 dsn=5.1.1, status=bounced (user unknown)
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 4892DB93B: removed
The only reason I found http://comments.gmane.org/gmane.mail.postfix.user/83221
The user with the UID 80 (www?) injects a mail using the sendmail
command.
I really don't know what's wrong??


Also when I start postfix manually I see a bunch of warnings:
Code:
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
postfix/postfix-script: stopping the Postfix mail system
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
postfix/postfix-script: starting the Postfix mail system
I found this one: http://sourceforge.net/mailarchive/forum.php?thread_name=4FAC07D5.3030908%40quip.cz&forum_name=vda-users
 
Top