Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Closed TopicStart new topic
> Centos 4.0 Postfix + Ldap + Mailscanner +, Dovecot + Cyrus-SASL +Virtual Domains...
Robert83
post Apr 18 2005, 03:31 AM
Post #1


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069




-----------------------------------READ THIS----------------------------------------------
CHANGE MYCOMPANY.HOSTING TO YOUR REAL DOMAIN NAME , AND USE THAT EVERYWHERE
INSTEAD OF MYCOMPANY.HOSTING
FOR EXAMPLE IF YOUR DOMAIN NAME IS BIGCOMPANY.COM YOU WILL USE BIGCOMPANY.COM
EVERYWHERE IN THIS GUIDE INSTEAD OF MYCOMPANY.HOSTING!!!!


!!! READ THIS !!!
IF YOU USED BIGCOMPANY.COM FOR FQDN (MAIL.BIGCOMPANY.COM) , YOU CANNOT USE
THE SAME DOMAIN NAME FOR VIRTUAL DOMAINS, SINCE POSTFIX WILL NOT WORK, THIS IS
A CRITICAL ERROR I MADE IN THIS GUIDE, SORRY.


if you already set up the system, and postfix is complaining about mydestination and virtual domain
then do the following to correct the problem ( no need to reinstall )

stop all services (postfix,openldap...)
delete all files under /var/lib/ldap
change all the names from bigcompany.com (example) to bigcompany.org (example)
also change
/etc/hosts (use a editor to change bigcompany.com to bigcompany.org
and
/etc/sysconfig/network

basicaly all you have to do is go trough this guide again, and change all the domain names mycompany.hosting to something else ... if you used abmas.com for it , then you'll change it to (for example, but you can USE whatever you like) abmaz.biz , and that will solve all the problems, just make sure you change EVERYTHING.


-------------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------------
CHANGES :
-------------------------------------------------------------------------------------------

1. Correction at PART VI :
error :
CODE
DocumentRoot “/home/webpage/squirrelmail”
<Directory “/home/webpage/squirrelmail”>

correction :
CODE
DocumentRoot “/home/webpage/webmail”
<Directory “/home/webpage/webmail”>

2. Correction at PART I.
error :
/etc/openldap/slapd.conf
CODE
access to dn.regex=".*,jdv=([^,]+),o=hosting,dc=mycompany,dc=hosting"

correction
CODE
access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=mycompany,dc=hosting"


3. Correction at PART IX
forgot to mention :
CODE
yum install mod_ssl


4. Correction at PART VII

error :

CODE
jamm.ldap.search.base = o=hosting,dc=mycompany,dc=hosting
jamm.ldap.root.dn = cn=Manager,dc=mycompany,dc=hosting


correction :

CODE
jamm.ldap.search_base = o=hosting,dc=mycompany,dc=hosting
jamm.ldap.root_dn = cn=Manager,dc=mycompany,dc=hosting


5. Correction at PART V
Forgot to add
CODE
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine


-------------------------------------------------------------------------------------------
Special thanx to ethan for helping me out , thank you smile.gif
-------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------

Hello everyone,

...this one is going to be a...

CentOS 4.0 : Postfix + MailScanner(ClamAV+Spamassassin)+LDAP+Dovecot+Cyrus-SASL+TomCat+Jamm+Squirrelmail(MySQL)+Virtual Domain Hosting e-mail server guide

note: due to the fact that I wanted to keep this as simple as possible , you wont find to much explanation here of what a certain option does , for that you can check the following three places :

http://wanderingbarque.com/howtos/mailserv...mailserver.html
http://jamm.sourceforge.net/howto/single-h...mailserver.html
http://www.linuxhelp.ca/forums/index.php?a...=ST&f=15&t=3647

My guide is based on these three + I added some slight modifications to it.

So let's begin.




-----------------------------------------------------------------------------------------------
PART I. Installing the operating system, and configuring OpenLDAP for mailer.mycompany.hosting
-----------------------------------------------------------------------------------------------




Download the Centos 4.0 distro for you architecture from www.centos.org.Install
CentOS 4.0 using the minimal install option.

note : if you only want to set up a e-mail server using CentOS 4.0 and this guide,
all you need to download is CD1 , no other CD is necesary in order to complete
this guide.

a.) insert CD1 into your CD drive and wait for the
CentOS logo to show up , press [ENTER]

b.) at the Installation Type choose Custom

c.) Automatically partition

d.) Network Configuration

CODE
eth0:
ip address  : 192.168.11.10
netmask : 255.255.255.0
hostname :
mailer.mycompany.hosting
gateway : 192.168.11.250
primary dns : 192.168.11.250


select No firewall (you might need to enable this, if you are not behind a firewall, and configure it properly)
Enable SELinux? : Disabled

enter the root password when promet and after that go down on the list and select
minimal installation and click next.

Once the installation is completed, login as root.And do the following :

CODE
cd /home
wget http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4
rpm --import RPM-GPG-KEY-CentOS-4
yum update
yum install openldap-servers openldap-clients

Update all packages that need updating.Then install Midnight Commander.
CODE
yum install mc

Download JAMM from http://jamm.sourceforge.net/ (you are going to love this)
CODE
wget http://belnet.dl.sourceforge.net/sourceforge/jamm/jamm-0.9.6-bin.tar.gz
tar -zxvf jamm-0.9.6-bin.tar.gz
slappasswd
New password:
Re-enter new password:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

What you get here you shall type in to the /etc/openldap/slapd.conf as
rootpw


Copy jamm.schema from the /home/jamm-0.9.6 direcotry to /etc/openldap/schema/

Edit the file /etc/openldap/ldap.conf adding/modifying only the following parts

CODE
BASE dc=mycompany,dc=hosting


Then edit the file /etc/openldap/slapd.conf

CODE
include          /etc/openldap/schema/jamm.schema

password-hash {CRYPT}

database       ldbm
suffix            "dc=mycompany,dc=hosting"
rootdn          "cn=Manager,dc=mycompany,dc=hosting"
rootpw          {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=mycompany,dc=hosting"
        attr=userPassword
   by self write
   by group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc=mycompany,dc=hosting" write
   by dn="cn=dovecot,dc=mycompany,dc=hosting" read
   by anonymous auth
   by * none

access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=mycompany,dc=hosting"
   by self write
   by group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc=mycompany,dc=hosting" write
   by * read

access to *
   by * read


CODE
cd /etc/openldap
vi base.ldif

CODE
dn: dc=mycompany, dc=hosting
objectClass: top
objectClass: domain
domainComponent: mycompany

dn: cn=Manager, dc=mycompany, dc=hosting
objectClass: top
objectClass: organizationalRole
cn: Manager

dn: o=hosting, dc=mycompany, dc=hosting
objectClass: top
objectClass: organization
o: hosting

dn: cn=dovecot, dc=mycompany, dc=hosting
objectClass: top
objectClass: organizationalPerson
cn: dovecot
sn: dovecot


delete all files in /var/lib/ldap/
CODE
/etc/init.d/ldap start
ldapadd -x -D "cn=Manager,dc=mycompany,dc=hosting" -W -f base.ldif
ldappasswd -x -W -S -D "cn=Manager,dc=mycompany,dc=hosting" "cn=dovecot,dc=mycompany,dc=hosting"
yyyyyyyyyyyyyyyyyyyyyyyyy





-----------------------------------------------------------------------------------------------
PART II. Installing Postfix and configuring it with OpenLDAP
-----------------------------------------------------------------------------------------------




CODE
yum install postfix
yum remove sendmail


CODE
adduser vmail


check the users uid gid under /etc/password and use that uid gid in postfix main.cf
/etc/passwd
for examaple : vmail:x:500:500::/home/vmail:/sbin/nologin 500:500 is the one that is interesting to us

under /etc/postfix create the following files

ldap-accounts
CODE
server_host = localhost
server_port = 389
search_base = o=hosting,dc=mycompany,dc=hosting
query_filter = (&(objectClass=JammMailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE))
result_attribute = mailbox
bind = no


ldap-accountsmap
CODE
server_host = localhost
server_port = 389
search_base = o=hosting,dc=mycompany,dc=hosting
query_filter = (&(objectClass=JammMailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE))
result_attribute = mail
bind = no


ldap-aliases
CODE
server_host = localhost
server_port = 389
search_base = o=hosting,dc=mycompany,dc=hosting
query_filter = (&(objectClass=JammMailAlias)(mail=%s)(accountActive=TRUE))
result_attribute = maildrop
bind = no


ldap-domains
CODE
server_host = localhost
server_port = 389
search_base = o=hosting,dc=mycompany,dc=hosting
query_filter = (&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE))
result_attribute = jvd
bind = no
scope = one


/etc/postfix/header_checks
CODE
/^Received:/ HOLD


/etc/postfix/main.cf
CODE
header_checks = regexp:/etc/postfix/header_checks
myhostname = mailer.mycompany.hosting
mydomain = mycompany.hosting
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, $mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks_style = host
relay_domains = $mydestination
mail_spool_directory = /var/spool/mail

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks, reject_unauth_destination, permit
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtp_sasl_auth_enable = no

smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/mycompany.key
smtpd_tls_cert_file = /etc/postfix/mycompany.crt
smtpd_tls_Cafile = /etc/postfix/mycompany.ca

message_size_limit = 10485760
mailbox_size_limit = 104857600

virtual_alias_maps = ldap:/etc/postfix/ldap-accountsmap, ldap:/etc/postfix/ldap-aliases

virtual_transport = virtual
virtual_mailbox_base = /home/vmail/domains
virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts
virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains
virtual_minimum_uid = 500
virtual_uid_maps = static:500
virtual_gid_maps = static:500


/usr/share/ssl/misc
CODE
modify CA
-newcert)
   # create a certificate
   $REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS
   RET=$?
   echo "Certificate (and private key) is in newreq.pem"
;;
-newreq)
   # create a certificate request
   $REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
   RET=$?
   echo "Request (and private key) is in newreq.pem"
;;


/usr/share/ssl/openssl.cnf
CODE
...
[ CA_default ]

dir             = ./demoCA         # Where everything is kept
...
default_days    = 3650             # How long to certify for
...

[ req_distinguished_name ]
countryName                     = Country Name (code)
countryName_default             = CS
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Vojvodina

localityName                    = Locality Name (eg, city)
localityName_default            = Backa Topola

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Mycompany Hosting

# we can do this but it is not needed normally :-)
#1.organizationName             = Second Organization Name (eg, company)
#1.organizationName_default     = World Wide Web Pty Ltd

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Virtual Domain Hosting

commonName                      = Common Name (eg, your name or your server's hostname)
# (Very Important, in order to keep mail clients and other user agents from complaining, this name must
# match exactly the name that the user will be entering into their client settings.  Whether that be
# domain.extension or mail.domain.extension or what.  It must be a valid DNS name pointing at your
# server.
commonName_default              = mailer.mycompany.hosting
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_default            = postmaster@mycompany.hosting
emailAddress_max                = 64


CODE
/usr/share/ssl/misc/CA –newca
/usr/share/ssl/misc/CA –newreq
/usr/share/ssl/misc/CA –sign


/etc/newreq.pem
only lines BEGIN RSA PRIVATE KEY till END RSA PRIVATE KEY are needed

rename newreq.pem to mycompany.key
rename newcert.pem to mycompany.crt
rename cacert.pem to mycompany.ca

and then copy the renamed files to /etc/postfix (like this)

/etc/postfix/mycompany.key
/etc/postfix/mycompany.crt
/etc/postfix/mycompany.ca




-----------------------------------------------------------------------------------------------
PART III. Installing CYRUS-SASL and configuring it with OpenLDAP
-----------------------------------------------------------------------------------------------




/usr/lib/sasl2/smtpd.conf
CODE
pwcheck_method: saslauthd
mech_list: login plain


/etc/sysconfig/saslauthd
CODE
MECH=ldap


/etc/saslauthd.conf
CODE
ldap_servers: ldap://127.0.0.1
ldap_search_base: o=hosting,dc=mycompany,dc=hosting
ldap_filter: (&(objectClass=JammMailAccount)(mail=%u@%r)(accountActive=TRUE)(delete=FALSE))





-----------------------------------------------------------------------------------------------
PART IV. Installing Dovecot and configuring it with OpenLDAP
-----------------------------------------------------------------------------------------------



CODE
cd /home
wget http://dag.wieers.com/packages/dovecot/dovecot-0.99.13-1.2.el4.test.i386.rpm
yum install mysql postgresql-libs
rpm –Uvh dovecot*


/etc/dovecot.conf
CODE
protocols = imap imaps pop3 pop3s
ssl_disable = no
disable_plaintext_auth = no
first_valid_uid = 500
last_valid_uid = 500
first_valid gid = 500
last_valid_gid = 500
default_mail_env = maildir:/home/vmail/domains/%d/%n
auth = default
auth_mechanisms = plain
auth_userdb = ldap /etc/dovecot-ldap.conf
auth_passdb = ldap /etc/dovecot-ldap.conf
auth_user = root


/etc/dovecot-ldap.conf
CODE
hosts = localhost
dn = cn=dovecot,dc=mycompany,dc=hosting
dnpass = yyyyyyyyyyyyyyyyyyyyyyyyy
ldap_version = 3
base = o=hosting,dc=mycompany,dc=hosting
deref = never
scope = subtree
user_attrs = mail,homeDirectory,,,,
user_filter = (&(objectClass=JammMailAccount)(mail=%u)(accountActive=TRUE)(delete=FALSE))
pass_attrs = mail,userPassword
pass_filter = (&(objectClass=JammMailAccount)(mail=%u)(accountActive=TRUE)(delete=FALSE))
default_pass_scheme = CRYPT
user_global_uid = 500
user_global_gid = 500



-----------------------------------------------------------------------------------------------
PART V. Installing Mailscanner (Clamav+Spamassassin)
-----------------------------------------------------------------------------------------------


CODE
yum install spamassassin sendmail-devel bzip2-devel gmp-devel zlib-devel autoconf automake rpm-build
rpm-devel gcc perl-CPAN curl-devel


CODE
cd /home
wget http://crash.fce.vutbr.cz/crash-hat/2/clamav/clamav-0.83-1.src.rpm
rpmbuild --rebuild clamav-0.74-1.src.rpm
cd /usr/src/redhat/RPMS/i386
rpm -Uvh clamav-0.83-1.i386.rpm clamav-devel-0.83-1.i386.rpm
cpan
accept all the settings till you get to the mirror, there choose the closest mirror
install Parse::RecDescent
install Inline
install Mail::ClamAV


CODE
cd /home
wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.40.5-1.rpm.tar.gz
tar -xvzf MailScanner-4.40.5-1.rpm.tar.gz
cd MailScanner-4.40.5-1
export LANG=C; ./install.sh


modify /etc/MailScanner/MailScanner.conf
CODE
%org-name% = mycompany.hosting
%org-long-name% = MyCompany Hosting
%web-site% = www.mycompany.com


Run As User = postfix
Run As Group = postfix
MTA = postfix

Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming

File Timeout = 120
Maximum Archive Depth = 20
Virus Scanners = clamavmodule
Monitors for ClamAV Updates = /var/lib/clamav/*.cvd
Use SpamAssassin = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

Spam List = ORDB-RBL SBL+XBL SORBS-DNSBL CBL RSL DSBL spamcop
Allow IFrame Tags = yes
Allow Script Tags = yes
Allow Object Codebase Tags = yes
Convert Dangerous HTML To Text = no
Minimum Stars If On Spam List = 3
Spam Lists To Reach High Score = 3
Sign Clean Messages = yes
Spam Actions = deliver
High Scoring Spam Actions = deliver


CODE
mkdir /var/spool/MailScanner/spamassassin
chown postfix.postfix /var/spool/MailScanner/spamassassin
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine


modify /etc/MailScanner/virus.scanners.conf
CODE
clamav    /usr/lib/MailScanner/clamav-wrapper    /usr


modify /etc/MailScanner/filename.rules.conf
CODE
allow    .[a-z][a-z0-9]{2,3}s*.[a-z0-9]{3}$    Found possible filename hiding
allow    s{10,0}    Filename contains lots of white space
allow    {[a-hA-H0-9-]{25,}}    Filename trying to hide its real type
allow    .exe$    Windows/DOS Executable
allow    .bmp$    Windows bitmap file security vulnerability


modify /etc/MailScanner/filetype.rules.conf
CODE
allow    self-extract    -      -
allow    ELF  -      -
allow    executable    -      -


CODE
cd /home
wget http://dag.wieers.com/packages/unrar/unrar-3.4.3-1.2.el4.rf.i386.rpm
rpm -Uvh unrar-3.4.3-1.2.el4.rf.i386.rpm


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
Robert83
post May 18 2005, 06:30 AM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069




--------------------------------------------------------------
PART VII. Installing TOMCAT 4.x and configuring it (very basic)
--------------------------------------------------------------


Download http://java.sun.com/j2se/1.4.2/download.html Java 2 SDK from that website.

CODE
cd /home
./j2sdk-1.2.4.rpm.bin    
it will extract a rpm file from this one
rpm –Uvh j2sdk-1_4_2_07-i586.rpm


add to the end of /etc/profile

CODE
export JAVA_HOME=/usr/java/j2sdk1.4.2_07
export PATH=$JAVA_HOME/bin:$PATH:$HOME/bin:/sbin:/usr/sbin


CODE
wget http://linux.cs.lewisu.edu/apache/jakarta/tomcat-4/v4.1.31/bin/jakarta-tomcat-4.1.31.tar.gz


(this is about 7.68 MB)

CODE
tar –xvzf jakarta-tomcat-4.1.31.tar.gz

then copy the contents of jakarta-tomcat-4.1.31 to /usr/local/tomcat

extract /home/jamm/jamm-0.9.6.war (pressing ENTER on it while in Midnight Commander) and copy it
to /usr/local/tomcat/webapps/jamm

extract jamm cleaner from jamm directory to /home/jammCleaner

CODE
vi jammcleanerhelper
/home/jammCleaner/bin/jammCleaner –b “o=hosting,dc=mycompany,dc=hosting” –D  “cn=Manager,dc=mycompany,dc=hosting" -w xxxxxxxxxxxxxxxxxxx -y


CODE
vi /home/job
10 * * * * /home/jammcleanerhelper
crontab /home/job


cd /usr/local/tomcat/webapps/jamm/WEB-INF
using MC F6 rename jamm.properties.dist to jamm.properties

modify the file /usr/local/tomcat/webapps/jamm/WEB-INF/jamm.properties

CODE
jamm.ldap.search.base = o=hosting,dc=mycompany,dc=hosting
jamm.ldap.root.dn = cn=Manager,dc=mycompany,dc=hosting


add to the file /etc/rc.d/rc.local
CODE
export JAVA_HOME=/usr/java/j2sdk1.4.2_07
export PATH=$JAVA_HOME/bin:$PATH:$HOME/bin:/sbin:/usr/sbin
./usr/local/tomcat/bin/startup.sh




--------------------------------------------------------------
PART VIII. Adding MYSQL support to Squirrelmail
--------------------------------------------------------------


CODE
yum install php-devel


modify /etc/php.ini
CODE
include_path = ".:/php/includes:/usr/share/pear"


CODE
yum install php-mysql mysql mod_auth_mysql mysql-server
chkconfig mysqld on
/etc/init.d/mysqld start


CODE
mysqladmin create squirrelmail
GRANT select,insert,update,delete ON squirrelmail.* TO squirreluser@localhost IDENTIFIED BY 'sqpassword';
use squirrelmail

CREATE TABLE address (
   owner varchar(128) DEFAULT '' NOT NULL,
   nickname varchar(16) DEFAULT '' NOT NULL,
   firstname varchar(128) DEFAULT '' NOT NULL,
   lastname varchar(128) DEFAULT '' NOT NULL,
   email varchar(128) DEFAULT '' NOT NULL,
   label varchar(255),
   PRIMARY KEY (owner,nickname),
   KEY firstname (firstname,lastname)
 );

CREATE TABLE userprefs (
  user varchar(128) DEFAULT '' NOT NULL,
  prefkey varchar(64) DEFAULT '' NOT NULL,
  prefval BLOB DEFAULT '' NOT NULL,
  PRIMARY KEY (user,prefkey)
);

Quit


CODE
cd /home/webpage/webmail/config
./conf.pl


In the menu, select Database, then select DSN for Address Book. Enter your string, mine is this:
CODE
mysql://squirreluser:sqpassword@localhost/squirrelmail

Now pick DSN for Preferences and enter the same thing again. (Remember, the format is mysql://user:password@host/database)

Restart the webserver with the command:
CODE
/etc/init.d/httpd restart



--------------------------------------------------------------
PART IX. Securing the webmail, autmaticaly rewriting url for webmail access to https
--------------------------------------------------------------


CODE
yum install mod_ssl


modify/add to file /etc/httpd/conf/httpd.conf
CODE
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On
RewriteCond    %{SERVER_PORT} !^443$
RewriteRule    ^/webmail(.*)$ https://192.168.11.10/webmail/$1 [L,R]



modify/add to file /etc/httpd/conf.d/ssl.conf
CODE
<Directory "/home/webpage/webmail/">
    Options +Indexes
    SSLOptions +StrictRequire
    SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
    Order deny,allow
    Deny from all
    Satisfy any
</Directory>


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
Robert83
post May 18 2005, 01:55 PM
Post #3


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



In order to access JAMM to add new users

enter into your browser

CODE
http://ip_address_of_your_server:8080/jamm


username : root
password : the_one_you_used_for_rootpw (in /etc/openldap/slapd.conf)

Once you are done adding the user with JAMM , you MUST create the directories for that user
on the linux box.

Access it via ssh
CODE

ssh ip_address_of_your_server


CODE
cd /home/vmail
mkdir domain_name/user_name


both domain_name and user_name directory must be rwxrwx--- vmail.vmail

use chown vmail.vmail to change owner of dir (example chown vmail.vmail domain_name)
use chmod 770 to change premission of dir (example chmod 770 domain_name)

Once this is the the user will be able to recieve e-mail.

To access the e-mail box via squirrelmail or a e-mail client you must enter the username and password like this (example)

username : someuser@somedomain.com
password : passwordforsomeuser

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
Robert83
post Feb 15 2006, 11:31 AM
Post #4


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

when you update to latest cyrus-sasl , it will work no more with my current setup...

so you must do this , modify your /etc/init.d/saslauthd

CODE
MECH=shadow
FLAGS="-O /etc/saslautdh.conf -r -n 0"


see saslautdh --help for options , the most important thing is about -r here.

/etc/sysconfig/saslauthd
CODE
MECH=ldap


Also, if I forgot to tell, you can only use smtp trough ssl, you have to config your mail client to use smtp with ssl.

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
Robert83
post Feb 22 2006, 01:33 PM
Post #5


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Using Amavisd New instead of MailScanner (if you have problems with MailScanner like me)

CODE
rpm -e MailScanner
rm -f /etc/MailScanner
rm -f /var/spool/MailScanner


then add the following two lines to the end of your /etc/yum.repos.d/CentOS-Base.repos
CODE
[dag]
name=Dag RPM Repostory for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt

[kbs-CentOS-Misc]
name=CentOS.Karan.Org-EL$releasever - Stable
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
gpgcheck=1
enabled=1
baseurl=http://centos.karan.org/el$releasever/misc/stable/$basearch/RPMS/



then we install Amavisd New

CODE
yum install amavisd-new
yum install clamd


Then we configure /etc/amavisd.conf like this
CODE
$mydomain = 'yourdomainname.com';


$virus_admin               = "postmaster@$mydomain";

$mailform_notify_admin        = "postmaster@$mydomain";
$mailform_notify_recip         = "postmaster@$mydomain";
$mailform_notify_spamadmin = "postmaster@$mydomain";
$mailform_to_quarantine = '';

$final_spam_destiny   =  D_DISCARD;

qr'.. (vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
# qr'^.(exe-ms)$',       # banned file(1) types
# qr'^.(lha|tnef)$',       # banned file(1) types

['ClamAV-clamd',
     &ask_daemon, ["CONTSCAN {}n", "/var/run/clamav/clamd.sock"],
    qr/bOK$/, qr/bFOUND$/,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],


Only uncomment the above ClamAV-clamd lines, and make sure /var/run/clamav/clamd.sock is there intead of /var/run/clamav/clamd.

Configuring postfix

/etc/postfix/main.cf

remove the first line with

CODE
header_checks = regexp:/etc/postfix/header_checks


add this line at the end

CODE
content_filter = smtp-amavis:[127.0.0.1]:10024


/etc/postfix/master.cf

CODE
smtp-amavis unix        -       -       n       -       2       smtp
   -o disable_dns_lookups=yes
127.0.0.1:10025 inet    n       -       n       -       -       smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o smtpd_client_restrictions=permit_mynetworks,reject
   -o mynetworks=127.0.0.0/8


configure /etc/clamd.conf

CODE
Localsocket = /var/run/clamav/clamd.sock
# TCPSocket 3310


check if clamav is in group with amavis
CODE
groups clamav

should show clamav amavis

CODE
chkconfig clamd on
/etc/init.d/clamd start
freshclam -d -c 10


then we start amavis and postfix
CODE
chkconfig amavisd on
/etc/init.d/amavisd start
/etc/init.d/postfix start


This is it , now you have Amavis New instead of MailScanner

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
Robert83
post Feb 28 2006, 04:34 PM
Post #6


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Using Rules Du Joure to get rid of even more spam, tested on live e-mail server, and it works really good. Noticable.

CODE
cd /home
wget http://sandgnat.com/rdj/rules_du_jour
chmod 755 rules_du_jour


Using your favorite editor modify the following lines :

SA_DIR="/etc/mail/spamassassin";
MAIL_ADDRESS="root";
SA_RESTART"/etc/init.d/spamassassin restart";

for me I only modified the MAIL_ADDRESS , the other options were good, but check just in case.

Then create a directory in /etc
/etc/rulesdujour/
in here create the file config
so it looks like thi /etc/rulesdujour/config
edit the config file and put the following into it

CODE
TRUSTED_RULESETS="TRIPWIRE ANTIDRUG SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 BLACKLIST BLACKLIST_URI RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_FRAUD_PRE25X SARE_BML SARE_BML_PRE25X SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER SARE_HEADER0 SARE_HEADER1 SARE_HEADER2 SARE_HEADER3 SARE_HEADER_ENG SARE_HEADER_X264_X30 SARE_HEADER_X30 SARE_HTML SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 SARE_HTML4 SARE_HTML_ENG SARE_HTML_PRE300 SARE_SPECIFIC SARE_OBFU SARE_OBFU0 SARE_OBFU1 SARE_OBFU2 SARE_OBFU3 SARE_REDIRECT SARE_REDIRECT_POST300 SARE_SPAMCOP_TOP200 SARE_GENLSUBJ SARE_GENLSUBJ0 SARE_GENLSUBJ1 SARE_GENLSUBJ2 SARE_GENLSUBJ3 SARE_GENLSUBJ_X30 SARE_GENLSUBJ_ENG SARE_HIGHRISK SARE_UNSUB SARE_URI0 SARE_URI1 SARE_URI3 SARE_URI_ENG SARE_WHITELIST SARE_WHITELIST_PRE30"


Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
Robert83
post Mar 22 2006, 01:55 PM
Post #7


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



ONLY DO THIS IF YOU HAVE PROBLEMS

Hello everyone,

In case you are getting :
postfix/smtpd[xxxx]: warning: dict_ldap_lookup: Search error -5: Timed out.

this will happen to you probably if you use a a domain name with lots of aliases pointing to some other domain.

example
mail for user1@domain.com goes to user1.domain2.com.

You need to do the following :

/etc/postfix/ldap-accounts
/etc/postfix/ldap-aliasses
/etc/postfix/ldap-accountsmap
/etc/postfix/ldap-domains

add the following line to the end of the above four files.

CODE
timeout = 30


then edit /etc/postfix/main.cf (only add proxy: in front of the following files)

CODE
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-accountsmap,proxy:ldap:/etc/postfix/ldap-aliases
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-domains


then restart postfix
CODE
/etc/init.d/postfix restart



Sincerely
Robert Becskei


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
Robert83
post Mar 23 2006, 04:22 PM
Post #8


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Installing MailGraph for postfix

First you need to download rrdtool :
CODE
yum install rrdtool perl-rrdtool


Then we need to install the following two perl modules via cpan

CODE
cpan


then type
CODE
install File::Tail
install Time:HiRes
quit


then we'll download mailgraph from here http://people.ee.ethz.ch/~dws/software/mailgraph/
CODE
cd /home
wget http://people.ee.ethz.ch/~dws/software/mailgraph/pub/mailgraph-1.12.tar.gz
tar zxvf mailgraph-1.12.tar.gz
rm -f mailgraph-1.12.tar.gz


then we copy the file mailgraph.pl to /usr/local/bin

CODE
cp mailgraph.pl /usr/local/bin
cp mailgraph.cgi /var/www/cgi-bin
cd /var/www/cgi-bin
chmod 755 mailgraph.cgi


then we create the directory for the rrd's
CODE
mkdir /var/lib/mailgraph


then we rename mailgraph-init to mailgraph
CODE
cd /home/mailgraph-1.12
mv mailgraph-init mailgraph
chmod 755 mailgraph
vi mailgraph


modify the following lines
CODE
RRD_DIR=/var/lib/mailgraph
MAILGRAPH_PL=/usr/local/bin/mailgraph.pl
MAIL_LOG=/var/log/maillog


then copy the file to /etc/init.d
CODE
cp mailgraph /etc/init.d
chkconfig --add mailgraph
chkconfig --list mailgraph


it should show that mailgraph is on for 2,3,4,5 (if it's not)
CODE
chkconfig mailgraph on


then we type
CODE
/etc/init.d/mailgraph start


and then we can access http://hostname/cgi-bin/mailgraph.cgi

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
Robert83
post Jul 28 2006, 03:51 AM
Post #9


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Catching some more spam

You need to modify you /etc/postfix/main.cf file (the following line)

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_rbl
_client sbl-xbl.spamhaus.org,reject_rbl_client list.dsbl.org,reject_rbl_client combined.njabl.org,reject_rbl_client bl.spamcop.net
,permit

we added

reject_rbl_client sbl-xbl.spamhaus.org,reject_rbl_client list.dsbl.org,reject_rbl_client combined.njabl.org,reject_rbl client bl.spamcop.net


Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
Robert83
post Aug 17 2006, 03:51 PM
Post #10


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Aditional things to do in order to block spam mails :

/etc/postfix/main.cf

add the following to this :


CODE
smtpd_recipient_restrictions =  
                                             reject_invalid_hostname,


insert the following 4 lines right bellow reject_invalid_hostname

CODE
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain


Now we will install PostGrey which will help us in our war against spammers :

CODE
yum install perl-IO-Multiplex perl-BerkeleyDB
cd /home
wget http://www.lfarkas.org/linux/packages/el4/i386/RPMS/postgrey-1.27-0.noarch.rpm
rpm -Uvh postgrey*.rpm


now we type in the following line in main.cf right after reject_unauth_destination (in a new line)
CODE
check_policy_service unix:/var/spool/postfix/postgrey/socket,


now we start postgrey service
CODE
/etc/init.d/postgrey start
chkconfig postgrey on


we also add the following ruleset by hand to /etc/mail/spamassassin/ directory

name it SURBL.cf

the contents of the file are :

CODE
urirhssub        URIBL_JP_SURBL multi.surbl.org         A       64
body             URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe         URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
tflags           URIBL_JP_SURBL net

score            URIBL_JP_SURBL 3.0


now we do a restart for spamassassin

CODE
/etc/init.d/spamassassin restart


we will also use from now one sa-update, but in order to run it we need to install the following package :

CODE

yum install perl-libwww-perl


after that we can run the following command manualy or create a cron job for it.

CODE
sa-update


or

/home/job.cron
CODE
21 4 * * *      /usr/bin/sa-update


then add the job (or jobs)

CODE
crontab /home/job.cron


Also edit /etc/mail/spamassassin/local.cf file
CODE
bayes_autolearn 1
bayes_auto_learn_treshold_nonspam 0.1
bayes_auto_learn_treshold_spam 5.0


what I do in adition by hand is, spam that is spam and still gets trough, I go from mdir to mdir , and copy all the spam messages
to one location say /home/spam

then I do a
CODE
sa-learn --spam /home/spam


I repeat I've selected my SPAM messages by hand, those I know are 100% spam and still get trough, don't you ever copy
all your mails without looking here and marking them as spam.

Sincerely
Robert B

ps. : don't PANIC when seeing that all mails in /var/log/maillog are marked as NOQUEUE REJECTED!, because after 5 mins they will be able to pass, this behaviour is normal, for more information please read the documentation for PostGrey


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 21st November 2017 - 04:21 PM