MT6 SMTP
Install Haraka
jailmanage haraka pkg install -y gmake iconv node npm redis swaks git rsync npm install -g Haraka ws express
If npm refuses to install, it's because a bug in node.js isn't resolved yet. The workaround is to provide the jail with an IP that's not on the loopback interface. One such method is to set 'ip4.addr = lo0|127.0.0.9, em0|N.N.N.N' for the Haraka jail in /etc/jail.conf and restart the haraka jail.
update with Mail Toaster options
cd /usr/local git clone https://github.com/msimerson/Haraka.git mv Haraka haraka.msimerson cd haraka.msimerson git checkout toaster rsync -acOv --exclude .git ./ /usr/local/lib/node_modules/Haraka/ cd /usr/local/lib/node_modules/Haraka && npm install
Configure Haraka
All of Haraka's configuration files live in the config directory within Haraka's install directory. In these instructions, we are using /usr/local/haraka.
haraka -i /usr/local/haraka cd /usr/local/haraka sed -i .bak -e 's/^listen=\[.*$/listen=127.0.0.9:25,127.0.0.9:465,127.0.0.9:587/' config/smtp.ini sed -i .bak -e 's/^daemon_log_file=.*/daemon_log_file=\/dev\/null/' config/smtp.ini sed -i .bak -e 's/^host=localhost/host=127.0.0.8/' config/smtp_forward.ini sed -i .bak -e 's/^port=2555/port=25/' config/smtp_forward.ini echo 'reject=0' > config/dnsbl.ini echo 'periodic_checks=30' >> config/dnsbl.ini sed -i .bak -e 's/always_ok=false/always_ok=true/' config/log.syslog.ini
enable Watch
sed -i .bak -e 's/; listen=\[::\]:80/listen=127.0.0.9:80/' config/http.ini
enable TLS
cd /usr/local/haraka ln /etc/ssl/certs/server.crt config/tls_cert.pem ln /etc/ssl/private/server.key config/tls_key.pem
enable p0f
p0f is a utility that provides OS detection based on the TCP/IP fingerprint of the remote computer
pkg install -y p0f fetch -o /usr/local/etc/rc.d/p0f http://mail-toaster.org/install/mt6-p0f.txt chmod 555 /usr/local/etc/rc.d/p0f echo 'p0f_enable="YES"' >> /etc/rc.conf
Now edit /usr/local/etc/rc.d/p0f and look for the line that reads:
: ${p0f_args="-i em0 -d -s /tmp/.p0f_socket 'dst port 25 or dst port 587 or dst port 465'"}
Change em0 to the interface name of your external[?] NIC.
Continue with starting the service:
service p0f start perl -pi -e 's/^dnsbl$/dnsbl\nconnect.p0f/' config/plugins
configure qmail-deliverable
sed -i .bak -e 's/^host=127.0.0.1/host=127.0.0.8/' config/rcpt_to.qmail_deliverable.ini
configure auth_vpopmaild
echo 'host=127.0.0.8' > config/auth_vpopmaild.ini
Note: to enable CRAM-MD5 support for SMTP AUTH, see the auth_vpopmaild docs
configure spamassassin
sed -i .bak -e 's/^spamd_socket=127.0.0.1:783/spamd_socket=127.0.0.6:783/' config/spamassassin.ini sed -i .bak -e 's/^;spamd_user=$/spamd_user=first-recipient/' config/spamassassin.ini
configure clamav
echo 'clamd_socket=127.0.0.5:3310' >> config/clamd.ini
configure AVG
sed -i .bak -e 's/;host.*/host = 127.0.0.14/' config/avg.ini sed -i .bak -e 's/;tmpdir.*/tmpdir=\/var\/tmp\/avg/' config/avg.ini
configure rspamd
sed -i .bak -e 's/;host.*/host = 127.0.0.13/' config/rspamd.ini
enable Redis
echo 'redis_enable="YES"' >> /etc/rc.conf service redis start
fetch GeoIP databases regularly
mkdir -p /usr/local/share/GeoIP npm install -g maxmind-geolite-mirror ln -s /usr/local/bin/maxmind-geolite-mirror /usr/local/etc/periodic/weekly/999.maxmind-geolite-mirror /usr/local/bin/maxmind-geolite-mirror
Start Haraka
fetch -o /usr/local/etc/rc.d/haraka http://mail-toaster.org/install/mt6-rcd.txt chmod 555 /usr/local/etc/rc.d/haraka echo 'haraka_enable="YES"' >> /etc/rc.conf echo 'haraka_flags="-c /usr/local/haraka"' >> /etc/rc.conf mkdir -p /usr/local/haraka/queue service haraka start
Send a test message.
swaks -server localhost -to postmaster@[CHANGE.THIS] -from [my@real.email]
More Information
Mail Toaster SMTPd History
Versions of Mail::Toaster prior to 6 included a heavily patched qmail-smtpd. The patch added quite a few "must have" SMTP features to netqmail, including SMTP AUTH, STARTTLS, SPF, chkuser, and more. The patch was very difficult to maintain, and thus wasn't maintained well.
Haraka
Haraka provides a basic SMTP daemon with a plugin architecture. Need encryption? Enable the tls plugin. The SPF plugin is there, just enable it. The chkuser functionality of the patched qmail is handled via Qmail::Deliverable and its daemon. A Haraka plugin calls the qmail-deliverabled daemon to assure we accept mail for the recipient. There's a plugin for nearly every popular email technology.