FreeBSD 9 and Mail Toaster 6 in a VM
Create VM
Each virtualization environment is different. Tweak the components below as necessary.
- Download the FreeBSD 9.1-RELEASE-amd64 DVD ISO (from here) and transfer it to your VM server.
- Create a new VM:
- CPU: dual-socket or dual-core (minimum)
- RAM: 2GB (minimum)
- Network: Intel e1000 (bridged)
- Create a 50GB primary disk (ide/scsi)
- Add FreeBSD 9.1-RELEASE-amd64 DVD ISO as an optical drive (ide/scsi).
Install FreeBSD
- Power on the VM.
- It should boot to the FreeBSD 9.1-RELEASE-amd64 DVD ISO.
- System Components: Add "src".
- Disks: Guided, use entire disk.
- Network: Use ipv4 only (unless you also use ipv6).
- Services: Add ntpd.
- This should leave you with FreeBSD 9.1-RELEASE-amd64 installed on the 50GB VHD.
- Shut down the VM after installation.
- Remove the ISO from the VM's optical drive (set to empty).
- Verify the VM's boot order is set to use the primary VHD first.
First Boot
- Power on the VM and log in as root.
- Set the time:
ntpdate -s pool.ntp.org
- Update the system:
freebsd-update fetch freebsd-update install
- Reboot
Configure Virtual IO Drivers
Each hypervisor has it's own way of getting the best I/O between a VM and the host. These drivers primarily improve block (disk) and network performance, however, other VM functions (such as memory and video) can also be improved.
KVM/QEMU on Proxmox
For KVM/QEMU on ProxmoxVE, follow the virtio steps here.
VMware
For VMware, install VMware Tools or Open VM Tools.
- Install Perl
cd /usr/ports/lang/perl5.16 && make install clean
- attach the 'VM guest tools', often with a '[Re]install VMware Tools' menu item
- mount_cd9660 /dev/cd0 /mnt
- cd /tmp && tar -xzf /mnt/vmware-freebsd-tools.tar.gz
- cd /tmp/vmware-tools-distrib && perl vmware-install.pl
Xen
For Xen, be sure to install FreeBSD 9.0+ amd64, a XENHVM kernel, and the two xen ports: xen-tools & xen-guest-utilities
- echo 'KERNCONF=XENHVM' >> /etc/make.conf
- cd /usr/src/ && make kernel
- cd /usr/ports/sysutils/xen-tools/ && make install clean
- cd /usr/ports/sysutils/xe-guest-utilities/ && make install clean
- echo 'xenguest_enable="YES"' >> /etc/rc.conf
Install Mail-Toaster
Note: This section was written and tested with mail-toaster 5.41. It will be updated when mail-toaster 6 is released.
perl -v cd /usr/ports/lang/perl5.16 && make install clean
mkdir -p /usr/local/src cd /usr/local/src fetch http://mail-toaster.org/Mail-Toaster.tar.gz tar -xzf Mail-Toaster.tar.gz cd Mail-Toaster-N-NN perl Makefile.PL make deps ** make test make install
bin/toaster_setup.pl -s ports bin/toaster_setup.pl -s portmaster
- Log out and back in (to update $PATH) and update installed ports:
portmaster -a
- Note: Enable MySQL support. You must enter passwords for all DBs!
bin/toaster_setup.pl -s config bin/toaster_setup.pl -s ssl
- Edit MT config files (PUT NON-DEFAULT TWEAKS HERE)
- Install mail server software:
bin/toaster_setup.pl -s pre bin/toaster_setup.pl -s mysql bin/toaster_setup.pl -s ucspi bin/toaster_setup.pl -s ezmlm bin/toaster_setup.pl -s vpopmail bin/toaster_setup.pl -s qmail bin/toaster_setup.pl -s maildrop bin/toaster_setup.pl -s dovecot
bin/toaster_setup.pl -s webmail bin/toaster_setup.pl -s lighttpd bin/toaster_setup.pl -s qmailadmin bin/toaster_setup.pl -s squirrelmail --> IMPORTANT: Edit /usr/ports/mail/squirrelmail/Makefile and comment out IGNORE_WITH_PHP=5 first. bin/toaster_setup.pl -s roundcube
- REBOOT (Roundcube needs a restart or you get a blank page)
- Install mail filtering:
bin/toaster_setup.pl -s filter
- Enable mail filtering:
- Edit
/usr/local/etc/toaster-watcher.conf
- Set "filtering_method" to "smtp"
- Set "smtpd_qmail_queue" to "/var/qmail/bin/simscan"
- Save and exit the file.
- Run toaster-watcher.pl (or wait 5m) and filtering will be enabled.
- Edit
- Install logging:
bin/toaster_setup.pl -s maillogs bin/toaster_setup.pl -s supervise
Test Mail-Toaster
bin/toaster_setup.pl -s test
Recommended Tweaks
Set Time Zone in PHP
- Edit the php config file:
/usr/local/etc/php.ini
- Look for
date.timezone
and change it to your server's timezone - Example:
date.timezone = America/New_York
Configure Squirrelmail for Dovecot IMAP
The folder prefix that Dovecot uses is not the same as Squirrelmail's default.
- Run the Squirrelmail config:
cd /usr/local/www/squirrelmail ./configure
- Press "D" [enter]
- Type "dovecot" [enter]
- [enter]
- Press "S" [enter]
Configure SpamAssassin Per-User Settings
(Click the title above to go to SpamAssassin setup page)
Configure a Signed SSL Cert
This gets rid of the self-signed SSL cert warning in all web browsers by setting your server up with a "proper" SSL vendor signed certificate.
- Create certificate storage:
mkdir -p /usr/local/etc/lighttpd/certs chown root:wheel /usr/local/etc/lighttpd/certs chmod 770 /usr/local/etc/lighttpd/certs
- Copy your domain SSL keys and certs into the new certs directory. Set restrictive permissions on them:
cd /usr/local/etc/lighttpd/certs chown root * chmod 600 *
- Merge both the (passwordless) SSL private key and the signed SSL cert into a single PEM file:
cat domain.key domain.crt > domain.pem
- Edit lighttpd config
/usr/local/etc/lighttpd/vhosts.d/mail-toaster.conf
- Look for
ssl.pemfile
and set it to:
- Look for
ssl.pemfile = "/usr/local/etc/lighttpd/certs/domain.pem"
- Optional: Add a
ssl.ca-file
line if your ssl cert requires a chain cert. Example:
- Optional: Add a
ssl.ca-file = "/usr/local/etc/lighttpd/certs/gd_bundle.crt"
- Restart lighttpd:
service lighttpd configtest service lighttpd stop service lighttpd start