Sendmail+procmail+imapuw+smtpauth+sasl+ssl+spamass assin

[rop]

I have made this configuration few years ago on 6.1 release for testing purposes.I hope it is not much outdated.

Imap-uw
Install mail/cclient with -DWITH_SSL_AND_PLAINTEXT (for e-mail clients without ssl support)

cd /usr/ports/mail/cclient
make -DWITH_SSL_AND_PLAINTEXT install

Install mail/imap-uw

cd /usr/ports/mail/imap-uw
make -DWITH_SSL_AND_PLAINTEXT install

make OpenSSL cert for imapd and ipop3s

make cert

Edit /etc/inetd.conf add following lines

imaps stream tcp nowait root /usr/local/libexec/imapd imapd
pop3s stream tcp nowait root /usr/local/libexec/ipop3d ipop3d

Test configuration with e-mail client.

Sendmail
Install cyrus-sasl2 and dependent packages.

cd /usr/ports/security/cyrus-sasl2-saslauthd
make install

Edit /etc/rc.conf

saslauthd_enable="YES"

Test saslauthd

/usr/local/etc/rc.d/saslauthd start
testsaslauthd -u [username] -p [passwd]
0: OK "Success."

You have to recompile sendmail to work with cyrus. In /etc/make.conf make sure you have following lines unhashed

SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2

Check /usr/local/lib/sasl2/Sendmail.conf for entry:

pwcheck_method: sasl_authd

then:

cd /usr/src/lib/libsm; make clean; make obj; make depend; make
cd /usr/src/lib/libsmutil; make clean; make obj; make depend; make
cd /usr/src/usr.sbin/sendmail; make clean; make obj; make depend; make; make
install

SSL certs:

mkdir /etc/mail/certs
cd /etc/mail/certs
openssl dsaparam 1024 -out dsa1024.pem
openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout
mykey.pem
rm dsa1024.pem
chmod -R 600 /etc/mail/certs/*

Change directory to /etc/mail
If you don't have my.domain.mc file there do

make all

then edit my.domain.mc and add following lines:

define(`confAUTH_MECHANISMS',`PLAIN LOGIN')
TRUST_AUTH_MECH(`PLAIN LOGIN')
define(`CERT_DIR', `/etc/mail/certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR/mycert.pem')
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')
DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')

You can deal with sendmail daemon options (DAEMON_OPTIONS) for further adjustments.
Add procmail to config file

FEATURE(local_procmail)
MAILER(procmail)

You can define maximum message size (here its really big )

define(`confMAX_MESSAGE_SIZE', `104857600')

Quit editing and rebuild configuration (still in /etc/mail)

make all install restart

I assume you have

sendmail_enable="YES"

in /etc/rc.conf.

Procmail
Fast install

cd /usr/ports/mail/procmail
make install clean

Spamassassin

cd /usr/ports/mail/p5-Mail-SpamAssassin
make install clean

There are huge possibilities of configuration for spamassassin
The simple one for test needs:
/usr/local/etc/mail/spamassassin/local.cf

rewrite_header Subject *****SPAM*****
required_hits 5
rewrite_subject 1
report_header 1
use_terse_report 1
defang_mime 0
report_safe 0
use_bayes 1
auto_learn 1

Edit /etc/rc.conf

spamd_enable="YES"

Launch spamassassin

/usr/local/etc/rc.d/sa-spamd start

Mailbox quota
I accepted the solution which doesn't use system quota.
Visit http://www.xray.mpe.mpg.de/mailing-lists/procmail/2003-07/msg00021.html to get more detailed informations.

Download http://www.it.ca/software/fsizecompare.c and compile it

$ cc fsizecompare.c -o fsizecompare

I have attached this file in case broken link.
The result binary let you check size of the mailbox.
The fsizecompare file should be accessible for procmail (you can use $PATH variable to achieve it). Part of procmail configuration file (procmailrc) responsible for quota checking should looks like:

QUOTA=15000000
MSG="User's quota exceeded. You should also see a bounce message."
:0
* !$? fsizecompare $QUOTA $ORGMAIL
{ EXITCODE=77 }
:0 A
* ^Subject: \/.+
| ( formail -rI"BOUNCED: $MATCH" ; echo "$MSG" ) | $SENDMAIL -t –oi

First line define quota size.
Try to notice that this will check mailbox user size
(/var/mail/[username]) so QUOTA size should allow for maximal message size.

Tests
Create .procmailrc in home directory

LOGFILE=$HOME/procmail.log
QUOTA=15000000
SHELL=/bin/sh
PATH=$HOME:/usr/bin:/usr/local/bin:/usr/local/sbin:${PATH}
MSG="User's quota exceeded. You should also see a bounce message."
:0
* !$? fsizecompare $QUOTA $ORGMAIL
{ EXITCODE=77 }
:0 A
* ^Subject: \/.+
| ( formail -rI"BOUNCED: $MATCH" ; echo "$MSG" ) | $SENDMAIL -t –oi
:0fw
| /usr/local/bin/spamc -s 256000

Send test e-mail
Examine procmail.log if procmail corectly process e-mail messages. Check e-mail header for spamassassin entries:

X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
foo.com
X-Spam-Level:
X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=ham
version=3.1.7

Working sendmail mc file:

divert(0)
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.6.1 2006/04/13 04:00:23
gshapiro Exp $')
OSTYPE(freebsd6)
DOMAIN(generic)
FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
FEATURE(local_procmail)
dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl your permission.
dnl FEATURE(relay_based_on_MX)
dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl [url]http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/[/url]
dnl Uncomment to activate Realtime Blackhole List
dnl information available at [url]http://www.mail-abuse.com/[/url]
dnl NOTE: This is a subscription service as of July 31, 2001
dnl FEATURE(dnsbl)
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from "
$&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?"
$&{client_addr}')
dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')
dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')
dnl Enable for both IPv4 and IPv6 (optional)
dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet')
dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(procmail)
MAILER(local)
MAILER(smtp)
define(`confAUTH_MECHANISMS',`PLAIN LOGIN')
TRUST_AUTH_MECH(`PLAIN LOGIN')
define(`CERT_DIR', `/etc/mail/certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR/mycert.pem')
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')
DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')
define(`confMAX_MESSAGE_SIZE', `104857600')

Read sources of this howto:
http://www.puresimplicity.net/~hemi/freebsd/sendmail.html
http://wiki.bestpractical.com/view/SpamFiltering
Excuse my english and mistakes