This is a multi-part article. There are too many components to fit all of them into a single writeup. The first part will cover the FreeBSD install and initial setup of the OS.
I’ve discussed various components of mailservers before, but this will cover building one from the ground up. For simplicity, all this is done in VMware Fusion . It could just as easily be done with VirtualBox , Parallels , ESX , bhyve , or actual hardware. I’ve tried to arrange the sub topics in an order that facilitates testing the component(s) before moving forward. I’ve also made an effort to have as many services speaking over SSL as possible. Where something doesn’t speak over SSL, I will explicitly note it.
This is very much a self-contained box. It doesn’t have to be done this way, in fact, there could be good reasons to do it differently (you may want to have your web server on a different host, you might want to have your IMAP server on a different host). For the purpose of illustration, its easier to put it all in one box, but I’ve gone to some effort to construct it in such a way that you can move any of the components to other hosts. At the end is a diagram showing how services could be split up/broken out across a multitude of hosts, including some load balancers/proxies where appropriate.
Installation
The only shortcut I took was to provision a single disk. If you’re working with hardware, you would want some kind of redundancy (multiple disks) so ZFS can actually benefit you. Before taking this beyond a proof of concept, please ensure that you have sufficient redundancy in your storage, either directly through ZFS, or indirectly via your virtualization provider.
This is just a string of images. If you want more details about a FreeBSD install, check out a previous post on how to do a freebsd-install .
FreeBSD update
We start by updating the ports tree, and ensuring FreeBSD is up to date. The portsnap(8) program will fetch the current snapshot of the ports tree, and the freebsd-update(8) program will pull down patches for the current release of FreeBSD. After we’ve done the updates, its a good idea to reboot. Until we have sudo(8) installed, these have to be executed as root.
1freebsd-update fetch install
2portsnap fetch extract
3reboot
Basic System Setup
We won’t be needing X11 support, so we can disable that flag when we are building ports (this has the effect of, by default, excluding X11 support in packages we build from source). If you don’t already have an /etc/make.conf file, you can copy the example file from /usr/share/examples/etc/.
We also want to tell all ports to use the OpenSSL port, and then define the OpenSSL port as security/libressl.
1# Build ports without X11 support
2UNSET_OPTIONS= X11
3# Build ports against security/openssl (replace openssl with libressl if you
4# nolonger have dependencies on openssl as they can't coexist)
5DEFAULT_VERSIONS+=ssl=openssl
We need to create the /usr/local dataset.
1zfs create zpool/usr/local
These are reasonable to include for our system (/etc/rc.conf). The only one I wouldn’t consider to be “default” is the ’local_unbound’, but since we’ll be doing lots of DNS lookups, a local cache makes sense.
1dumpdev= "AUTO"
2hostname= "mx.cryptomonkeys.net"
3ifconfig_em0= "192.168.3.60"
4defaultrouter= "192.168.3.1"
5ifconfig_em0_ipv6= "inet6 2001:db8::3:60/64"
6defaultrouter_ipv6= "2001:db8::3:1"
7local_unbound_enable="YES"
8ntpd_enable= "YES"
9ntpd_sync_on_start= "YES"
10sshd_enable= "YES"
11zfs_enable= "YES"
I typically comment out the forwarder.conf line in /etc/unbound/unbound.conf. This causes unbound to make lookups against the root servers.
If you don’t make any other modifications to /etc/ssh/sshd_config, do this one. It restricts SSH to public key only. If you want more on securing SSH, see the footnotes section on Securing the Secure Shell.
1ChallengeResponseAuthentication no
pf firewall
Every box needs a firewall. It doesn’t have to be pf, but pf does offer lots of nice features. I’ve taken the sample from Calomel’s pf and modified it. You can also find more documentation in the FreeBSD Handbook .
Enable it with sysrc (which writes to /etc/rc.conf):
1sudo sysrc pf_enable=YES
2sudo sysrc pflog_enable=YES
Here is the /etc/pf.conf.
1#
2### Calomel.org pf.conf
3#
4################ FreeBSD pf.conf ##########################
5# Required order: options, normalization, queueing, translation, filtering.
6# Note: translation rules are first match while filter rules are last match.
7################ Macros ###################################
8
9### Interfaces (ensure the correct interface or traffic will be dropped) ###
10ExtIf ="vmx0"
11
12# Intnernal networks
13CMHome_Net_v4 = "192.168.0.0/20"
14CMHome_Net_v6 = "fc00:101:ca7::/48"
15
16# Internal networks excluding IoT subnet
17CMHome_Net_v4_No_IoT = "{ 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24, 192.168.5.0/24, 192.168.6.0/24, 192.168.7.0/24, 192.168.8.0/24, 192.168.10.0/24, 192.168.11.0/24, 192.168.12.0/24, 192.168.13.0/24, 192.168.14.0/24, 192.168.15.0/24 }"
18CMHome_Net_v6_No_IoT = "{ fc00:101:ca7::/64, fc00:101:ca7:1::/64, fc00:101:ca7:2::/64, fc00:101:ca7:3::/64, fc00:101:ca7:4::/64, fc00:101:ca7:5::/64, fc00:101:ca7:6::/64, fc00:101:ca7:7::/64, fc00:101:ca7:8::/64, fc00:101:ca7:10::/64 }"
19
20# Monitoring host
21Zabbix_v4 ="{ 192.168.3.200/32, 192.168.3.10/32 }"
22Zabbix_v6 ="{ fc00:101:ca7:3::200/128, fc00:101:ca7:3::10/128 }"
23
24# Salt host
25Salt_v4 ="192.168.3.250/32"
26Salt_v6 ="fc00:101:ca7:2::250/128"
27
28### States and Types ###
29ICMP4_Types="{ echoreq, unreach }"
30ICMP6_Types="{ 1, 2, 3, 4, 128, 129, 133, 134, 135, 136, 137 }"
31SYN_State ="flags S/SA synproxy state"
32TCP_State ="flags S/SA modulate state"
33UDP_State ="keep state"
34
35### Ports ###
36Anti_Scan_Port="{23, 24, 26:79, 6000:8000}"
37Mail_Port="{ 25, 465, 587, 993, 995 }"
38Web_Port="{ 80, 443 }"
39UniFi_TCP_Port="{ 8080, 8443, 8880, 8843 }"
40UniFi_UDP_Port="{ 3478, 10001 }"
41Gogs_SSH_Port="2222"
42DHCP4_Port="{ 67:68 }"
43DHCP6_Port="{ 546:547 }"
44DNS_Port="53"
45Zabbix_Client_Port="10050"
46Zabbix_Server_Port="{ 10051, 10052 }"
47Salt_Server_Port="4506"
48SSH_Port="22"
49Syslog_Port="514"
50Filebeat_Port="5044"
51
52### Stateful Tracking Options (STO) ###
53Open_STO ="(max 90000, source-track rule, max-src-conn 1000, max-src-nodes 256)"
54Mail_STO ="(max 20000, source-track rule, max-src-conn 1000, max-src-nodes 512, max-src-conn-rate 500/100)"
55SSH_STO ="(max 20, source-track rule, max-src-conn 10, max-src-nodes 100, max-src-conn-rate 5/3, overload <SSHGUARD> flush global)"
56Web_STO ="(max 4096, source-track rule, max-src-conn 64, max-src-nodes 512, max-src-conn-rate 500/100, overload <BLOCKTEMP> flush global)"
57Anti_Scan_STO ="(max 60, source-track rule, max-src-conn 1, max-src-nodes 60, max-src-conn-rate 1/60, overload <BLACKLIST> flush global)"
58
59### Tables ###
60table <SSHGUARD> counters
61table <BLOCKTEMP> counters
62table <BLOCKPERM> counters file "/etc/pf_block_permanent"
63table <BLACKLIST> persist
64table <WHITELIST> counters file "/etc/pf_whitelist"
65
66################ Options ######################################################
67### Misc Options
68set skip on lo
69set debug urgent
70set block-policy drop
71set loginterface $ExtIf
72set state-policy if-bound
73set fingerprints "/etc/pf.os"
74set ruleset-optimization none
75
76### Timeout Options
77set optimization normal
78set timeout { tcp.closing 60, tcp.established 7200}
79
80################ Normalization ###############################################
81# set-tos 0x1c is Maximize-Reliability + Minimize-Delay + Maximize-Throughput
82scrub out log on $ExtIf all random-id min-ttl 15 set-tos 0x1c fragment reassemble
83
84################ Filtering ###################################################
85# Rules are best (closest) match. Notice we optimized the rules so external
86# interface parsing is first followed by the internal interface.
87
88### $ExtIf block abusive hosts in temp and perm tables
89block drop in log quick on $ExtIf from <BLOCKPERM> to any
90block drop in log quick on $ExtIf proto udp from <BLOCKTEMP> to any
91block drop in log quick on $ExtIf proto tcp from <SSHGUARD> to any
92block drop in log quick on $ExtIf proto tcp from <BLOCKTEMP> to any port != $SSH_Port
93block drop in log quick on $ExtIf from <BLACKLIST> to any
94
95### $ExtIf default block with drop
96block drop in log on $ExtIf
97
98### $ExtIf inbound
99
100# Whitelist (is this necessary?)
101#pass in quick on $ExtIf inet proto tcp from <WHITELIST> to ($ExtIf) $TCP_State
102#pass in quick on $ExtIf inet6 proto tcp from <WHITELIST> to ($ExtIf) $TCP_State
103
104# Zabbix Server queries
105#pass in quick on $ExtIf inet proto tcp from any to ($ExtIf) port $Zabbix_Server_Port $TCP_State $Open_STO
106#pass in quick on $ExtIf inet6 proto tcp from any to ($ExtIf) port $Zabbix_Server_Port $TCP_State $Open_STO
107#pass in quick on $ExtIf inet proto udp from any to ($ExtIf) port $Zabbix_Server_Port $UDP_State $Open_STO
108#pass in quick on $ExtIf inet6 proto udp from any to ($ExtIf) port $Zabbix_Server_Port $UDP_State $Open_STO
109
110# Salt Server ports
111#pass in quick on $ExtIf inet proto tcp from $CMHome_Net_v4 to $Salt_v4 port $Salt_Server_Port $TCP_State $Open_STO
112#pass in quick on $ExtIf inet6 proto tcp from $CMHome_Net_v6 to $Salt_v6 port $Salt_Server_Port $TCP_State $Open_STO
113#pass in quick on $ExtIf inet proto udp from $CMHome_Net_v4 to $Salt_v4 port $Salt_Server_Port $UDP_State $Open_STO
114#pass in quick on $ExtIf inet6 proto udp from $CMHome_Net_v6 to $Salt_v6 port $Salt_Server_Port $UDP_State $Open_STO
115
116# DNS/DHCP Server
117#pass in quick on $ExtIf inet proto tcp from any to ($ExtIf) port $DNS_Port $TCP_State $Open_STO
118#pass in quick on $ExtIf inet6 proto tcp from any to ($ExtIf) port $DNS_Port $TCP_State $Open_STO
119#pass in quick on $ExtIf inet proto udp from any to ($ExtIf) port $DNS_Port $UDP_State $Open_STO
120#pass in quick on $ExtIf inet6 proto udp from any to ($ExtIf) port $DNS_Port $UDP_State $Open_STO
121#pass in quick on $ExtIf inet proto tcp from any to ($ExtIf) port $DHCP4_Port $TCP_State
122#pass in quick on $ExtIf inet proto udp from any to ($ExtIf) port $DHCP4_Port $UDP_State
123#pass in quick on $ExtIf inet6 proto tcp from any to ($ExtIf) port $DHCP6_Port $TCP_State
124#pass in quick on $ExtIf inet6 proto udp from any to ($ExtIf) port $DHCP6_Port $UDP_State
125
126# Web services
127pass in on $ExtIf inet proto tcp from !($ExtIf) to ($ExtIf) port $Web_Port $TCP_State $Web_STO
128pass in on $ExtIf inet6 proto tcp from !($ExtIf) to ($ExtIf) port $Web_Port $TCP_State $Web_STO
129#pass in on $ExtIf inet proto tcp from !($ExtIf) to ($ExtIf) port $UniFi_TCP_Port $TCP_State $Web_STO
130#pass in on $ExtIf inet6 proto tcp from !($ExtIf) to ($ExtIf) port $UniFi_TCP_Port $TCP_State $Web_STO
131#pass in on $ExtIf inet proto udp from !($ExtIf) to ($ExtIf) port $UniFi_UDP_Port $UDP_State
132#pass in on $ExtIf inet6 proto udp from !($ExtIf) to ($ExtIf) port $UniFi_UDP_Port $UDP_State
133
134# Gogs services
135#pass in on $ExtIf inet proto tcp from !($ExtIf) to ($ExtIf) port $Gogs_SSH_Port $TCP_State $SSH_STO
136#pass in on $ExtIf inet6 proto tcp from !($ExtIf) to ($ExtIf) port $Gogs_SSH_Port $TCP_State $SSH_STO
137
138# Log collection
139#pass in on $ExtIf inet proto udp from $CMHome_Net_v4 to ($ExtIf) port $Syslog_Port $UDP_State
140#pass in on $ExtIf inet6 proto udp from $CMHome_Net_v6 to ($ExtIf) port $Syslog_Port $UDP_State
141
142# Filebeat (logstash)
143#pass in on $ExtIf inet proto tcp from !($ExtIf) to ($ExtIf) port $Filebeat_Port $TCP_State $SSH_STO
144#pass in on $ExtIf inet6 proto tcp from !($ExtIf) to ($ExtIf) port $Filebeat_Port $TCP_State $SSH_STO
145
146# Mail
147pass in on $ExtIf inet proto tcp from !($ExtIf) to ($ExtIf) port $Mail_Port $TCP_State $Mail_STO
148pass in on $ExtIf inet6 proto tcp from !($ExtIf) to ($ExtIf) port $Mail_Port $TCP_State $Mail_STO
149
150### Shouldn't need to modify below here ###
151
152# Zabbix Client queries
153pass in quick on $ExtIf inet proto tcp from $Zabbix_v4 to ($ExtIf) port $Zabbix_Client_Port $TCP_State $Open_STO
154pass in quick on $ExtIf inet6 proto tcp from $Zabbix_v6 to ($ExtIf) port $Zabbix_Client_Port $TCP_State $Open_STO
155pass in quick on $ExtIf inet proto udp from $Zabbix_v4 to ($ExtIf) port $Zabbix_Client_Port $UDP_State $Open_STO
156pass in quick on $ExtIf inet6 proto udp from $Zabbix_v6 to ($ExtIf) port $Zabbix_Client_Port $UDP_State $Open_STO
157
158# SSH
159pass in on $ExtIf inet proto tcp from !($ExtIf) to ($ExtIf) port $SSH_Port $TCP_State $SSH_STO
160pass in on $ExtIf inet6 proto tcp from !($ExtIf) to ($ExtIf) port $SSH_Port $TCP_State $SSH_STO
161
162# NTP Multicast
163pass in on $ExtIf inet6 proto udp from any to ff02::1010 port 123
164
165# mDNS
166pass in on $ExtIf inet6 proto udp from any to ff02::fb port 5353
167
168# ICMP
169pass in on $ExtIf inet proto icmp from !($ExtIf) to any icmp-type $ICMP4_Types $UDP_State $Open_STO
170pass in on $ExtIf inet6 proto ipv6-icmp from any to any icmp6-type $ICMP6_Types $UDP_State
171pass in on $ExtIf inet6 proto ipv6-icmp from any to FF02::/16 $UDP_State
172pass in on $ExtIf inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 $UDP_State
173pass in on $ExtIf inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 $UDP_State
174
175# Antiscan bits
176pass in on $ExtIf inet proto tcp from any to any port $Anti_Scan_Port $TCP_State $Anti_Scan_STO
177pass in on $ExtIf inet6 proto tcp from any to any port $Anti_Scan_Port $TCP_State $Anti_Scan_STO
178
179### $ExtIf outbound
180pass out on $ExtIf inet proto tcp from ($ExtIf) to any $TCP_State $Open_STO
181pass out on $ExtIf inet6 proto tcp from ($ExtIf) to any $TCP_State $Open_STO
182pass out on $ExtIf inet proto udp from ($ExtIf) to any $UDP_State $Open_STO
183pass out on $ExtIf inet6 proto udp from ($ExtIf) to any $UDP_State $Open_STO
184pass out on $ExtIf inet proto icmp from ($ExtIf) to any $UDP_State $Open_STO
185pass out on $ExtIf inet6 proto icmp6 from ($ExtIf) to any $UDP_State $Open_STO
186
187############# END of FreeBSD pf.conf https://calomel.org #######################
I’ve created a couple of persistent tables that you will need to create before pf will start.
- touch “/etc/pf_block_permanent”
- touch “/etc/pf_whitelist”
Now we can start pf with either:
- reboot
- service pf start
NOTE: If you choose the second, and you are connected over SSH, it will kill your connection. You will have to re-login.
What ports do we install?
There are a number of packages that need to be installed. Installing them will pull in many others as dependancies. My total list of installed ports is around 170.
I start off with a couple ports to make things easier.
1pkg install sudo tmux portmaster
Then I move on to install the rest of the ports that will be needed.
1archivers/arc
2archivers/arj
3archivers/cabextract
4archivers/freeze
5archivers/lha
6archivers/libarchive
7archivers/liblz4
8archivers/libmspack
9archivers/libzip
10archivers/lzo2
11archivers/lzop
12archivers/p5-Archive-Zip
13archivers/p7zip
14archivers/php56-bz2
15archivers/php56-zip
16archivers/php56-zlib
17archivers/rar
18archivers/rpm2cpio
19archivers/unarj
20archivers/unrar
21archivers/unzoo
22archivers/zoo
23converters/libiconv
24converters/p5-Convert-BinHex
25converters/p5-Convert-TNEF
26converters/p5-Convert-UUlib
27converters/p5-Encode-Detect
28converters/p5-JSON-PP
29converters/php56-iconv
30converters/php56-mbstring
31converters/tnef
32databases/db5
33databases/gdbm
34databases/p5-BerkeleyDB
35databases/p5-DBD-Pg
36databases/p5-DBI
37databases/pgbouncer
38databases/php56-pdo
39databases/php56-pdo_pgsql
40databases/php56-pgsql
41databases/phppgadmin
42databases/postgresql96-client
43databases/py-gdbm
44databases/py-sqlite3
45databases/sqlite3
46devel/apr1
47devel/autoconf
48devel/autoconf-wrapper
49devel/automake
50devel/automake-wrapper
51devel/bison
52devel/boehm-gc
53devel/boost-jam
54devel/boost-libs
55devel/cmake
56devel/cmake-modules
57devel/gettext-runtime
58devel/gettext-tools
59devel/git
60devel/glib20
61devel/gmake
62devel/icu
63devel/jansson
64devel/json-c
65devel/jsoncpp
66devel/libatomic_ops
67devel/libedit
68devel/libev
69devel/libevent
70devel/libffi
71devel/libltdl
72devel/libsigsegv
73devel/libtool
74devel/libunistring
75devel/libuv
76devel/llvm36
77devel/m4
78devel/nasm
79devel/npth
80devel/oniguruma5
81devel/p5-Algorithm-C3
82devel/p5-B-Hooks-EndOfScope
83devel/p5-CPAN-Meta
84devel/p5-Cache-FastMmap
85devel/p5-Canary-Stability
86devel/p5-Carp-Clan
87devel/p5-Class-C3
88devel/p5-Class-Data-Inheritable
89devel/p5-Class-Inspector
90devel/p5-Class-Method-Modifiers
91devel/p5-Class-Singleton
92devel/p5-Config-IniFiles
93devel/p5-Data-OptList
94devel/p5-Date-Calc
95devel/p5-DateTime
96devel/p5-DateTime-Format-Mail
97devel/p5-DateTime-Locale
98devel/p5-DateTime-TimeZone
99devel/p5-Devel-GlobalDestruction
100devel/p5-Devel-StackTrace
101devel/p5-Dist-CheckConflicts
102devel/p5-Eval-Closure
103devel/p5-Exception-Class
104devel/p5-Exporter-Tiny
105devel/p5-File-ShareDir
106devel/p5-File-ShareDir-Install
107devel/p5-File-Slurp
108devel/p5-FileHandle-Unget
109devel/p5-IO-Multiplex
110devel/p5-IO-stringy
111devel/p5-IPC-Signal
112devel/p5-List-AllUtils
113devel/p5-List-SomeUtils
114devel/p5-List-SomeUtils-XS
115devel/p5-List-UtilsBy
116devel/p5-Locale-gettext
117devel/p5-Log-Dispatch
118devel/p5-Log-Log4perl
119devel/p5-MRO-Compat
120devel/p5-Module-Build
121devel/p5-Module-Implementation
122devel/p5-Module-Runtime
123devel/p5-Package-Stash
124devel/p5-Package-Stash-XS
125devel/p5-Params-Util
126devel/p5-Params-Validate
127devel/p5-Params-ValidationCompiler
128devel/p5-Proc-WaitStat
129devel/p5-Role-Tiny
130devel/p5-Specio
131devel/p5-Sub-Exporter
132devel/p5-Sub-Exporter-Progressive
133devel/p5-Sub-Identify
134devel/p5-Sub-Install
135devel/p5-Term-ANSIColor
136devel/p5-Test-NoWarnings
137devel/p5-Time-Local
138devel/p5-TimeDate
139devel/p5-Variable-Magic
140devel/p5-namespace-autoclean
141devel/p5-namespace-clean
142devel/pcre
143devel/pecl-intl
144devel/php56-json
145devel/pkgconf
146devel/py-Jinja2
147devel/py-babel
148devel/py-backports_abc
149devel/py-botocore
150devel/py-dateutil
151devel/py-enum34
152devel/py-futures
153devel/py-ioflo
154devel/py-jmespath
155devel/py-msgpack-python
156devel/py-pytz
157devel/py-singledispatch
158devel/py-six
159devel/py-yaml
160devel/py27-setuptools
161devel/re2c
162devel/readline
163devel/scons
164devel/t1lib
165dns/bind-tools
166dns/c-ares
167dns/idnkit
168dns/libidn
169dns/p5-Net-DNS
170dns/p5-Net-DNS-Resolver-Programmable
171dns/p5-Net-Domain-TLD
172dns/p5-Net-LibIDN
173editors/vim
174emulators/open-vm-tools-nox11
175emulators/tpm-emulator
176ftp/curl
177graphics/gd
178graphics/jbigkit
179graphics/jpeg-turbo
180graphics/p5-GD
181graphics/p5-GD-Graph
182graphics/p5-GD-Graph3d
183graphics/p5-GD-TextUtil
184graphics/php56-exif
185graphics/php56-gd
186graphics/png
187graphics/py-imagesize
188graphics/tiff
189lang/expect
190lang/gawk
191lang/p5-Error
192lang/p5-Scalar-List-Utils
193lang/p5-Try-Tiny
194lang/perl5.20
195lang/php56
196lang/python2
197lang/python27
198lang/ruby23
199lang/tcl86
200mail/dcc-dccd
201mail/dovecot2
202mail/dovecot2-antispam-plugin
203mail/dovecot2-pigeonhole
204mail/dspam
205mail/mb2md
206mail/mime-construct
207mail/opendkim
208mail/p5-Email-Valid
209mail/p5-MIME-Charset
210mail/p5-MIME-EncWords
211mail/p5-MIME-Tools
212mail/p5-MIME-Types
213mail/p5-Mail-DKIM
214mail/p5-Mail-Mbox-MessageParser
215mail/p5-Mail-MboxParser
216mail/p5-Mail-SPF
217mail/p5-Mail-Sender
218mail/p5-Mail-Sendmail
219mail/p5-Mail-Tools
220mail/p5-Net-SMTP-SSL
221mail/panda-cclient
222mail/pflogsumm
223mail/php56-imap
224mail/policyd2
225mail/postfix
226mail/postfixadmin
227mail/procmail
228mail/pyzor
229mail/razor-agents
230mail/roundcube
231mail/roundcube-sieverules
232mail/spamassassin
233math/gmp
234math/p5-Bit-Vector
235misc/compat10x
236misc/compat9x
237misc/dejagnu
238misc/getopt
239misc/help2man
240misc/py-progressbar
241net-mgmt/net-snmp
242net-mgmt/p5-Net-CIDR
243net-mgmt/p5-NetAddr-IP
244net-mgmt/zabbix32-agent
245net/GeoIP
246net/libdnet
247net/libzmq4
248net/mtr-nox11
249net/norm
250net/openldap24-client
251net/openpgm
252net/p5-Geo-IP
253net/p5-IO-Socket-INET6
254net/p5-IO-Socket-IP
255net/p5-Net-Server
256net/p5-Socket
257net/p5-Socket6
258net/p5-URI
259net/php56-xmlrpc
260net/py-libcloud
261net/py-pyzmq
262net/py-raet
263net/rsync
264ports-mgmt/dialog4ports
265ports-mgmt/pkg
266ports-mgmt/portmaster
267print/freetype2
268print/indexinfo
269print/libpaper
270print/texinfo
271security/amavisd-new
272security/apache-xml-security-c
273security/ca_root_nss
274security/clamav
275security/clamav-unofficial-sigs
276security/gnupg
277security/gnupg1
278security/gnutls
279security/heimdal
280security/libassuan
281security/libgcrypt
282security/libgpg-error
283security/libksba
284security/libmcrypt
285security/libsodium
286security/libtasn1
287security/logcheck
288security/nettle
289security/openssl
290security/p11-kit
291security/p5-Authen-SASL
292security/p5-Crypt-OpenSSL-Bignum
293security/p5-Crypt-OpenSSL-RSA
294security/p5-Crypt-OpenSSL-Random
295security/p5-Digest-HMAC
296security/p5-Digest-SHA1
297security/p5-GSSAPI
298security/p5-IO-Socket-SSL
299security/p5-Net-SSLeay
300security/php56-filter
301security/php56-mcrypt
302security/php56-openssl
303security/pinentry
304security/pinentry-tty
305security/py-certifi
306security/py-libnacl
307security/py-pycrypto
308security/rhash
309security/sudo
310security/trousers
311shells/bash
312shells/ksh93
313sysutils/apcupsd
314sysutils/beadm
315sysutils/colorize
316sysutils/file
317sysutils/fusefs-libs
318sysutils/lsof
319sysutils/p5-Unix-Syslog
320sysutils/php56-fileinfo
321sysutils/py-salt
322sysutils/tmux
323textproc/asciidoc
324textproc/aspell
325textproc/docbook
326textproc/docbook-sgml
327textproc/docbook-xml
328textproc/docbook-xsl
329textproc/expat2
330textproc/gsed
331textproc/iso8879
332textproc/libxml2
333textproc/libxslt
334textproc/libyaml
335textproc/p5-Net-IDN-Encode
336textproc/php56-ctype
337textproc/php56-dom
338textproc/php56-pspell
339textproc/php56-simplexml
340textproc/php56-xml
341textproc/py-MarkupSafe
342textproc/py-alabaster
343textproc/py-docutils
344textproc/py-pygments
345textproc/py-pygtail
346textproc/py-pystemmer
347textproc/py-snowballstemmer
348textproc/py-sphinx
349textproc/py-sphinx_rtd_theme
350textproc/ripole
351textproc/sdocbook-xml
352textproc/xerces-c3
353textproc/xmlcatmgr
354textproc/xmlcharent
355textproc/xmlto
356www/apache24
357www/h2o
358www/libnghttp2
359www/nghttp2
360www/p5-CGI
361www/p5-HTML-Parser
362www/p5-HTML-Tagset
363www/p5-HTTP-Date
364www/p5-Mozilla-CA
365www/php56-session
366www/py-requests
367www/py-tornado
368www/spdylay
369www/w3m
370x11-fonts/fontconfig
NOTE You can generate this list with
1pkg info -aoq
Because a number of these have custom options, I suggest building everything from source. The easiest way to install these is probably with portmaster (already installed).
Put this list into a text file. I called mine ‘installed-port-list’. Now that portmaster(8) is installed, you can run:
1sudo portmaster `cat /path/to/installed-port-list`
Optionally, you can install the VM tools pkg if you’re not running on actual hardware.
1sudo portmaster emulators/open-vm-tools-nox11
Don’t forget to add the following lines to /etc/rc.conf
1sudo sysrc vmware_guest_vmblock_enable=YES
2sudo sysrc vmware_guest_vmhgfs_enable=YES
3sudo sysrc vmware_guest_vmmemctl_enable=YES
4sudo sysrc vmware_guest_vmxnet_enable=YES
5sudo sysrc vmware_guestd_enable=YES
The ports that I made changes to the build options are shown below. Any port not shown was left as defaults. They are in no particular order.
Port | Screenshot |
---|---|
databases/postgresql94-server | |
ftp/curl | |
mail/opendkim | |
mail/opendmarc | |
mail/panda-cclient | |
mail/php56-imap | |
mail/policyd2 | |
mail/postfix-current | |
mail/postfixadmin | |
www/roundcube |
Next
The next article will start the process of configuring the various processes.
Comments