Ok, I have to get this off my chest because, 1) it drives me fracking bonkers everytime and see it and 2) I want a place I can point people at when they ask why this is a bad idea. What I’m talking about is the excessive number of HOWTOs that think it’s a good idea to use the same home directory for all virtual users. Most of these HOWTOs discuss using postfix with courier, but I have seen courier-mta HOWTOs that do this too.
Needed FreeBSD Ports lang/perl5 SpamAssassin requires Perl 5.6 or higher. Note: Remeber to run use.perl ports before builing SpamAssassin. mail/p5-Mail-SpamAssassin databases/mysql40-server databases/p5-DBD-mysql Needed so SpamAssassin can talk to MySQL /usr/local/etc/mail/spamassassin/local.cf I like to store users’ settings in a MySQL database. See the SpamAssassin SQL README for instructions on setting that up. user_scores_dsn DBI:mysql:Accounts:localhost user_scores_sql_username sa user_scores_sql_password <password> user_scores_sql_table SA_userprefs MySQL Table CREATE TABLE SA_userprefs ( username varchar(128) default '' NOT NULL, preference varchar(30) default '' NOT NULL, value varchar(100) default '' NOT NULL, prefid int(11) UNSIGNED NOT NULL auto_increment, PRIMARY KEY (prefid), INDEX (username) ) COMMENT = "Accounts' SpamAssassin preferences.
I currently use SpamAssassin on the mail cluster at work and it works pretty well. Unfortunately, it doesn’t work well enough according to many of our customers and, more importantly, my boss. So, I worked out this way to use dspam and SpamAssassin. “Why use both?” you might ask. The answer is “I don’t, really.” What I do is provide dspam as an opt-in service and leave SpamAssassin as the default filter for those that don’t want to be bothered with the reporting that dspam requires.
FreeBSD Install the following from ports: mail/courier Note: Make sure you upgrade Perl before you build courier. This is so that perlfilter can find perl modules installed later, e.g. Courier::Filter. Add to /etc/make.conf # For Courier WITH_GNUPG=yes WITH_ISPELL=yes WITH_LDAP2=no WITH_MYSQL=yes Also, you need to make sure that courier is using Perl > 5.6 and not the system perl. During the build, courier uses /usr/bin/perl5. This is the system perl. Here’s the work around.
Introduction I’ve been using amavis-ng with courier-mta for over a year and for various reasons, I’ve been unhappy with it. I decided to switch to amavisd-new. This doc describes my setup. Note: I use FreeBSD. These docs should work for any OS that courier runs on with appropriate changes to paths, etc. Installation Needed Perl Modules This list is from INSTALL in the package. Archive::Tar (archivers/p5-Archive-Tar) Archive::Zip (archivers/p5-Archive-Zip) (1.
I use MySQL to store user data in courier. Here’s how to set it up. Configure Courier Before you begin, find your courier installation’s configuration directory. It is usually /usr/local/etc/courier, /etc/courier or /usr/local/courier/etc. Unless otherwise noted, the files mentioned here will be in this directory. smtpaccess/ You need to edit the files in this directory to allow relaying by IP address. To allow an IP to relay, add a line like this to any file in this directory.
SPF is a protocol to try to provide some defense against domain spoofing. You can turn on SPF checks in courier-mta by adding various things to bofh. You might want to begin by reading the SPF RFC and the Courier SPF docs. Possible Keywords (descriptions from the RFC): Keyword Description “none” A result of None means that no records were published by the domain.
Like many people, I setup courier to use mysql for authentication. When I went through the setup, I decided to store username as [email protected] in the accounts table. Users who are not in the default domain, can login as [email protected] and they are good to go. This works well in most modern email clients, but some older clients, notably Netscape 4.5, can’t use this syntax and are unable to login.
Note: I have switched to amavisd-new. These docs should still work but I am no longer maintaining them. See Courier with Amavisd-new. These intructions walk you through the setup of AMaViS-ng with the F-Prot virus scanner from Frisk. It should be fairly trivial to use another virus scanner, such as clamav, instead. Needed Ports archivers/lha archivers/unarj or archivers/arj archivers/unrar or archivers/rar archivers/zoo or archivers/unzoo archivers/arc archivers/p5-Compress-Zlib archivers/p5-Archive-Tar archivers/p5-Archive-Zip archivers/bzip2 devel/p5-IO-stringy converters/p5-MIME-Base64 converters/p5-Convert-UUlib converters/p5-Convert-TNEF mail/p5-MIME-Tools mail/p5-Mail-Tools devel/p5-Config-IniFiles devel/p5-File-MMagic sysutils/p5-Unix-Syslog F-Prot You need to install wget (ftp/wget) and unzip (archivers/unzip) for check-updates.
Real-time Blacklists (RBLs) are commonly used to block mail from known spammers or servers that can be used to send spam (open relays and the like). I found a lot of good info on setting up rbldnsd here. I use Bind 9 on my DNS servers so that I can run rbldnsd on the same IP as bind. Note: Setting up and configuring Bind 9 for basic DNS is beyond the scope of this document.