From owner-freebsd-questions@freebsd.org  Thu Jun 11 04:05:20 2020
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 84E1734A238
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Thu, 11 Jun 2020 04:05:20 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70])
 by mx1.freebsd.org (Postfix) with ESMTP id 49j9Hg3R9Xz41cy
 for <freebsd-questions@freebsd.org>; Thu, 11 Jun 2020 04:05:19 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: from [192.168.43.113] (unknown [172.58.140.155])
 (Authenticated sender: galtsev)
 by kicp.uchicago.edu (Postfix) with ESMTPSA id 01D764E652
 for <freebsd-questions@freebsd.org>; Wed, 10 Jun 2020 23:05:12 -0500 (CDT)
Subject: Re: tools for building mailserver on freebsd
To: freebsd-questions@freebsd.org
References: <a29d62ce-a397-b8fd-5463-c391c6681a5f@boxsci.com>
From: Valeri Galtsev <galtsev@kicp.uchicago.edu>
Message-ID: <7f0656fc-f3f9-4058-8382-c3dab4c4cc88@kicp.uchicago.edu>
Date: Wed, 10 Jun 2020 23:05:11 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <a29d62ce-a397-b8fd-5463-c391c6681a5f@boxsci.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 49j9Hg3R9Xz41cy
X-Spamd-Bar: +
Authentication-Results: mx1.freebsd.org; dkim=none;
 dmarc=fail reason="No valid SPF, No valid DKIM" header.from=uchicago.edu
 (policy=none); 
 spf=none (mx1.freebsd.org: domain of galtsev@kicp.uchicago.edu has no SPF
 policy when checking 128.135.20.70) smtp.mailfrom=galtsev@kicp.uchicago.edu
X-Spamd-Result: default: False [1.74 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[172.58.140.155:received];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 NEURAL_SPAM_SHORT(0.37)[0.371]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 NEURAL_SPAM_MEDIUM(0.45)[0.449]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_SPAM_LONG(0.82)[0.817]; R_SPF_NA(0.00)[no SPF record];
 RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US];
 RCVD_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROM(0.00)[];
 DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 04:05:20 -0000



On 6/10/20 9:45 PM, Warren Hua wrote:
> Hello
> 
> I am trying to build a mailserver on freebsd, including the full stack 
> of webmail, imap, antispam, antivirus, ssl etc.
> I searched and found there were such tools existing, such as mailinabox 
> [1], but they work on linux only.
> Do you know if there is a similar solution for freebsd?
> 
> thank you.
> 
> [1] https://mailinabox.email/
> _______________________________________________

I don't think what I did will help you, but just in case someone comes 
across this thread, I'll describe my setup. I have to tell up from it is 
laborious. On the other hand, I like what I did.

I set up components I will describe below in FreeBSD jails, a few in 
each jail. There are some that just have to be in the same jail. But the 
smaller the number of components per jail, the more secure in general 
the whole thing will ultimately be. Several components are even living 
in jails with different IP than others.

mail itself: dovecot + pigeonhole; postfix

shell jail (yes, I do give people the ability to ssh to the "server")

web jail (and there there are user web directories, r/w for owner in 
shell jail, readable to apache, no local user in shell jail can read 
other users we directories; through web server only)

webmail with squirrelmail and roundcube

maia for spam filtering - great as it provides per user preferences, web 
interface, laborious for sysadmin though; clamav for virus detection; 
and some distributed spam databases

databases run separately; postgresql for settings of some of the above; 
mysql for maia as storage backend, alas, I never managed to have 
postgresql work here... should be something too mysql specific in maia 
backend storage part.

There is also mail list server, but I mention it separately, mostly 
because I am going to migrate away from mailman 2, so this will change.


I hope, this helps someone.

Valeri

-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++