Installing postfix in freenas jail

As part of my occasional series of how I used my FreeNAS server as the heart of my home network, I decided to transfer my mail/IMAP server from a standalone Linux box to a FreeNAS jail.

Linux Configuration

This machine is only serving as the mail server, so it needs a minimal install with sufficient packages to support mail. It doesn’t need the overhead of running X sessions.

  • Linux: OpenSUSE 12.3
  • Postfix
  • Dovecot
  • Apache server
  • postfixadmin
  • eGroupware
  • fetchmail
  • PHP and perl support
  • Some support tools such as the PostgresQL command-line client

The hardware running this is an old laptop (circa 2005) with a fairly modest specification (by today’s standards).  An Intel Celeron processor, 700Mb memory and a 60MB HDD with a 100Mbit ethernet connection.  However, looking at the load on this system, it is spending most of it’s time idle.  The backend PostgresQL database used by postfix and the groupware product is already sitting in another FreeNAS jail.

The Apache server is used to present PostfixAdmin and the groupware product.

Postfix is the mail transfer agent with local delivery provided by Dovecot. Dovecot’s IMAP functions provide access to mail on our smart-phones and other computers and provide the mail back end for eGroupware.

The groupware product is eGroupware. This provides the usual mail/calendar/addressbook/todo functionality, but it has a number of other really useful features such as Wikis, a very sophisticated info log system, and project management features. If you’re running a small business, I’d recommend investigating it. I have no affiliation with Stylite (except as a satisfied user).

This configuration has been running a few years, but after being introduced to FreeNAS and the functionality of jails introduced in FreeNAS 9.x, the migration of this system looked like a good option for a couple of reasons. Firstly  to reduce the amount of hardware scattered around the house and secondly leverage the extra data protection provided in the FreeNAS system by its RAIDed ZFS configuration.

Before Starting

Because the postfix maps are held in an external database, rather than in files (or DBM) maps, for testing purposes I created a test database for postfix by copying the live postfix database to postfix_test and setting up a test user. I also modified the pg_hba.conf file to restrict access to the live database from the live Linux system also. This meant I could safely stop and start the test system without effecting the live system.

Building the jail

From the FreeNAS administration web interface, we first need to build the jail to hold the system. Give it an unassigned address on your network. The jail needs to be a standard jail, with the Vanilla and the Autostart and VIMAGE options ticked. (The autostart is optional, but I can’t see why I wouldn’t a mail server to be available immediately.)

freenas-create-mail-jail-plugins

Click on OK to build this. Depending on your system, this may take a few minutes.

Building the software

I decided to use the portsnap approach and build the packages myself. This meant I could select the options I required and also ensure that the SQL connectivity functionality was built correctly.

Use SSH to connect to the FreeNas server (or use the shell command from the web interface). I prefer to SSH in.  The commands to type in are in bold

freenas# jls
JID  IP Address      Hostname                      Path
1  -               database                      /mnt/volume1/jails/database
17  -               mail                        /mnt/volume1/jails/egmail
freenas# jexec 17 /bin/csh
root@mail:/ # portsnap fetch
Looking up portsnap.FreeBSD.org mirrors... 7 mirrors found.
Fetching public key from ec2-eu-west-1.portsnap.freebsd.org... done.
Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done.
Fetching snapshot metadata... done.
Fetching snapshot generated at Thu Nov 28 00:10:20 GMT 2013:
93a6b2cb5d015fe0d502b56d79c72da464f784353ff6bf100% of   69 MB 7868 kBps
Extracting snapshot... done.
Verifying snapshot integrity... done.
Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done.
Fetching snapshot metadata... done.
Updating from Thu Nov 28 00:10:20 GMT 2013 to Thu Nov 28 13:58:36 GMT 2013.
Fetching 4 metadata patches... done.
Applying metadata patches... done.
Fetching 0 metadata files... done.
Fetching 18 patches.....10.... done.
Applying patches... done.
Fetching 2 new ports or files... done.
root@mail:/ #portsnap extract
/usr/ports/CHANGES
/usr/ports/COPYRIGHT
/usr/ports/GIDs
/usr/ports/KNOBS
/usr/ports/Keywords/info.yaml
/usr/ports/LEGAL
/usr/ports/MOVED
/usr/ports/Makefile
/usr/ports/Mk/Scripts/
/usr/ports/Mk/Uses/
...lots of lines deleted here
root@mail:/ #portsnap update
Ports tree is already up to date.

Now it’s time to build the software. Change to the postfix ports directory and type make config. This will bring up a text screen with the available options.
Use the arrow keys to move around and select the options you want. The drivers for PostgresQL (and mysql) are selected here.

root@mail:/cd /usr/ports/mail/postfix
make config

postfix-config-FreeNAS
root@mail:/make install

The install process may install other packages.  The default options are probably sufficient as they stand (they were for me), but it is worth reviewing them to be sure, then press enter to continue.

My install process added:

  • Perl
  • pcre (regular expressions tool)
  • mysql client tools
  • postgreSQL client tools
  • gmake
  • Dovecot

Dovecot requires some configuration also.  make dovecot config optionsMake sure that you include the postgreSQL or mysql options for the Dovecot build plus any other options you require.

  Warning: you still need to edit myorigin/mydestination/mynetworks
    parameter settings in /usr/local/etc/postfix/main.cf.

    See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html
    for information about dialup sites or about sites inside a
    firewalled network.

    BTW: Check your /etc/aliases file and be sure to set up aliases
    that send mail for root and postmaster to a real person, then
    run /usr/local/bin/newaliases.

install  -o root -g wheel -m 555 /usr/ports/mail/postfix/work/postfix-2.10.2/auxiliary/rmail/rmail /usr/local/bin/rmail
install  -o root -g wheel -m 555 /usr/ports/mail/postfix/work/postfix-2.10.2/auxiliary/qshape/qshape.pl /usr/local/bin/qshape
install  -o root -g wheel -m 444 /usr/ports/mail/postfix/work/postfix-2.10.2/man/man1/qshape.1 /usr/local/man/man1
===> Staging rc.d startup script(s)
Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y
# Fix compressed man pages
To enable postfix startup script please add postfix_enable="YES" in
your rc.conf

...lots of lines deleted here

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/postfix

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage: 
http://www.postfix.org/

Enabling the services

Enable postfix by editing /etc/rc.conf and adding

postfix_enable="YES"

and edit the /etc/rc.conf file to add these lines:

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

and disable the sendmail specific periodic maintenance in /etc/periodic.conf.  This file didn’t exist in my configuration so I created it.  Any settings here override the defaults in /etc/defaults/periodic.conf (this file should not be altered)

daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

 Building the maps

The next step is to build the maps for postfix.  I wrote a perl script to do this. This provided an easy way to generate all the maps in one go, and it also makes a shell script for recording and setting the postfix options.

You may find this useful – feel free to copy/modify etc. postfix_create_pgsql_files.pl.

I’ve used it on Linux and FreeNas 9.1

 

Hi - Please leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.