Freesbsd - Long version - Step by step with explanations

From Wiki_EAI
Jump to navigation Jump to search

Installing Postfix with SMTPUTF8 enabled, Cyrus SASL and OpenSSL

Summary of the mail server

This guide will install a Mail server that can receive mail with SMTPUTF8 . This prevents the senders email to bounce when the mail server does not support SMTPUTF8.

This includes Imap and POP3 using Courier, the users will be added as local user, with or without SSH login . They have their mail stored in /home/user.

A modified Squirrel-mail is installed to send and receive email?? (NEED TO TEST THIS )

Any email client can be used as your user is not an EAI address.

Using Freebsd 10.2

Notice, requirements and initial setup

  • Make sure you don't have Postfix installed which is lesser than version 3.0
  • If you install any mail compontent after installation, make sure to test your Server if it still return the SMTPUTF8
  • You already setup your DNS settings
  • hostname is the name your domain e.g ( )
  • mail.hostname is the name of your Mail server e.g (
  • A working FreeBSD server with a root account (sudo privileges.)
  • Installation is run as root unless if specified

Update your hostname 

If you are using an international domain, use the punycode equivalent.

For example mail.วีคลาส.ไทย should be punycode equivalent mail.xn--42c0eeo3bp.xn--o3cw4h

vi /etc/hostname

UPDATE YOUR OWN hostname for your Mail server

Reboot your server to update your hostname.

After reboot, the following command should show your hostname


Install Postfix from source and required libraries (Cyrus SASL, OPENSSL)

Get Postfix version 3.0.1 or later versions to enable SMTPUTF8 extension. You can get a copy in In the example below we have downloaded postfix-3.0.1.tar.gz, your version might be different. Currently, installing Postfix by apt-get will install an older version that has no support yet for SMTPUTF8. This may also change in the future.

Install the required libraries using ports with the default options

cd /usr/ports/security/openssl 
make && make install

cd /usr/ports/security/cyrus-sasl2
make && make install

cd /usr/ports/devel/icu
make && make install

Refresh your environment

Create the required users and directory ownership

pw groupadd postfix -g 32 
pw groupmod mail -m postfix
pw groupadd postdrop 
pw useradd postfix -c "Postfix Daemon User" -d /var/spool/postfix -g postfix  -s /bin/false -u 32  
chown -v postfix:postfix /var/mail

Download Postfix 3.x.x or later version and Compile with openssl and sasl auth

tar -xzvf postfix-3.0.1.tar.gz
cd postfix-3.0.1
make CCARGS="-DUSE_TLS -I/usr/include/openssl/   -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/include/sasl" AUXLIBS="-lssl -lcrypto -lsasl2" makefiles 

Install Postfix

sh postfix-install -non-interactive   daemon_directory=/usr/lib/postfix  \
                    manpage_directory=/usr/share/man  \
                    html_directory=/usr/share/doc/postfix-3.0.1/html  \

Edit or update /etc/rc.conf with the following


Edit, create or update /etc/periodic.conf


Stop sendmail and start postfix

service sendmail stop
postfix start

Postfix configuration

Change mail.domain.tld, domain.tld, yourotherdomain.tld(or remove this)

postconf -e 'myhostname  = mail.domain.tld'
postconf -e 'mydomain    = domain.tld'
postconf -e 'myorigin    = $mydomain'
postconf -e 'inet_interfaces = all'
postconf -e 'mynetworks = [::ffff:]/104 [::1]/128'
postconf -e 'alias_database = hash:/etc/aliases'
postconf -e 'alias_maps = hash:/etc/aliases'
postconf -e 'mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, yourotherdomain.tld'
postconf -e 'smtputf8_enable = yes'
postfix reload


Enable Postfix as service and run at startup

Try and Send a Mail using Telnet and send mail to an external server like gmail

Test if you have SMTPUTF8 enabled

Enter the command in the console, this will connect to the SMTP

 telnet localhost 25

This should result to

Connected to localhost.
Escape character is '^]'.
220 YourHostName ESMTP Postfix

Type the following and press enter

EHLO localhost

If you can see 250 SMTPUTF8 then your server should be able to send and received from an internationalized email addresses

250-SIZE 10240000

If you don't see the 250 SMTPUTF8, try removing Postfix and try again. You may have installed a component that installed an older Postfix.

Enable SMTP Auth

Install saslauthd with default options

cd /usr/ports/security/cyrus-sasl2-saslauthd
make && make install

edit /etc/rc.conf


create or edit /usr/local/lib/sasl2/smtpd.conf . Only PLAIN mechanism will be used.

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Update Postfix config

sudo postconf -e 'smtpd_sasl_path = smtpd'
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
service saslauthd start
sudo postfix reload

Create a user which we can test for authentication, replace AnyUserName with your own.

sudo useradd -m AnyUserName  -s /usr/sbin/nologin
sudo passwd AnyUserName

Generate your Auth key, replace username with your username and password with your password

perl -MMIME::Base64 -e 'print encode_base64("\000username\000yourpassword")'

Replace dGVzdAB0ZXN0AHRlc3Q= , with the one you generated

telnet 	localhost 25
EHLO localhost

You should get a message Authentication successful.

Known Error: If your base64 encode has two == in the last, it may not be accepted by the terminal. So use a password that won't result a two == in the last part of the string.

Finalize Postfix config to allow only authenticated users to send SMTP

postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'smtpd_sasl_local_domain = $mydomain'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination'
postconf -e 'smtpd_relay_restrictions =  permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_sender_login_mismatch '
postfix reload

Enable TLS

Create the certificates

cd /etc/postfix

openssl req -new -outform PEM -out smtpd.cert \
   -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM \
   -days 365 -x509

Answer the following questions as prompted

Update Postfix config

postconf -e 'smtpd_enforce_tls = no'
postconf -e 'smtpd_tls_security_level = may'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_key_file  = /etc/postfix/smtpd.key'
postconf -e 'smtpd_tls_cert_file  = /etc/postfix/smtpd.cert'
postfix reload

You can test by telnet to 25 and doing an EHLO, you should see STARTTLS

250-SIZE 10240000

Issue the command


and you should see the result

220 2.0.0 Ready to start TLS

Sending and Receiving email to and from the Internet

Sending email by telnet

telnet localhost 25
EHLO localhost

MAIL FROM: <youruser@domain.tld> SMTPUTF8
Subject: A Test

This is the body


Take not of the dot(.) , this is to end and send the message.

In this point make sure you can send and receive mail.

You can send message using an EAI address and check /var/mail/mail.log, in the log below test@domain.tld is a local receiver

Aug  3 02:48:49 ip-172-31-21-209 postfix/local[21614]: 7EAD343550: to=<test@domain.tld>, relay=local, delay=0.62, delays=0.62/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Aug  3 02:48:49 ip-172-31-21-209 postfix/qmgr[21586]: 7EAD343550: removed

The email stored is stored in /var/mail/

if you cannot receive any email, use an online tool such as to diagnose your problem.

Configuring Courier authlib, Courier imap

This will enable imap and pop3

cd /usr/ports/security/courier-authlib
make && make install
cd  /usr/ports/mail/courier-imap
make && make install

Edit /usr/local/etc/authlib/authdaemonrc and change the authentication method


Add in /etc/rc.conf


Configure Postfix to use Maildir as a storage for Mail

postconf -e 'home_mailbox = Maildir/'
service courier-authdaemond start
service courier-imap-imapd
service courier-imap-imapd-ssl
service courier-imap-pop3d
service courier-imap-pop3d-ssl

service courier-imap-imapd start
service courier-imap-imapd-ssl start
service courier-imap-pop3d start
service courier-imap-pop3d-ssl start
postfix reload

Update the Skeleton and create the folder for user we created just before. In this example we used the user test

mkdir -p /usr/share/skel/Maildir/{cur,new,tmp}

mkdir -p /home/test/Maildir/{cur,new,tmp}
chown test:test /home/test/Maildir/{,cur,new,tmp}
chmod 0700 /home/test/Maildir/{,cur,new,tmp}

Test imap, pop3

telnet localhost imap
ok login username password

telnet localhost pop3
User username
Pass password

Install Squirrel-mail

Install Modified Squirrel mail

cd to-your-public-html-filder

edit the configuration file and change the attachchment_dir and data_dir, don't forget to create the folders. Change the ownership to your apache user, and allow a write access as well.

vi squirrelmail/config/config.php

Access squirrelmail


Related Links

Mail server is not sending or receiving email to outside world