![]() |
![]() Advanced DNS Management |
New ZoneEdit. New Managment. FREE DNS Is Back Sign Up Now |
![]() |
![]()
Post
#1
|
|
![]() Its GNU/Linuxhelp.net ![]() ![]() ![]() ![]() ![]() ![]() ![]() Group: Support Specialist Posts: 1,439 Joined: 3-January 04 From: Germany Member No.: 2,069 ![]() |
-----------------------------------READ THIS---------------------------------------------- CHANGE MYCOMPANY.HOSTING TO YOUR REAL DOMAIN NAME , AND USE THAT EVERYWHERE INSTEAD OF MYCOMPANY.HOSTING FOR EXAMPLE IF YOUR DOMAIN NAME IS BIGCOMPANY.COM YOU WILL USE BIGCOMPANY.COM EVERYWHERE IN THIS GUIDE INSTEAD OF MYCOMPANY.HOSTING!!!! !!! READ THIS !!! IF YOU USED BIGCOMPANY.COM FOR FQDN (MAIL.BIGCOMPANY.COM) , YOU CANNOT USE THE SAME DOMAIN NAME FOR VIRTUAL DOMAINS, SINCE POSTFIX WILL NOT WORK, THIS IS A CRITICAL ERROR I MADE IN THIS GUIDE, SORRY. if you already set up the system, and postfix is complaining about mydestination and virtual domain then do the following to correct the problem ( no need to reinstall ) stop all services (postfix,openldap...) delete all files under /var/lib/ldap change all the names from bigcompany.com (example) to bigcompany.org (example) also change /etc/hosts (use a editor to change bigcompany.com to bigcompany.org and /etc/sysconfig/network basicaly all you have to do is go trough this guide again, and change all the domain names mycompany.hosting to something else ... if you used abmas.com for it , then you'll change it to (for example, but you can USE whatever you like) abmaz.biz , and that will solve all the problems, just make sure you change EVERYTHING. ------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------- CHANGES : ------------------------------------------------------------------------------------------- 1. Correction at PART VI : error : CODE DocumentRoot “/home/webpage/squirrelmail” <Directory “/home/webpage/squirrelmail”> correction : CODE DocumentRoot “/home/webpage/webmail” <Directory “/home/webpage/webmail”> 2. Correction at PART I. error : /etc/openldap/slapd.conf CODE access to dn.regex=".*,jdv=([^,]+),o=hosting,dc=mycompany,dc=hosting" correction CODE access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=mycompany,dc=hosting" 3. Correction at PART IX forgot to mention : CODE yum install mod_ssl 4. Correction at PART VII error : CODE jamm.ldap.search.base = o=hosting,dc=mycompany,dc=hosting jamm.ldap.root.dn = cn=Manager,dc=mycompany,dc=hosting correction : CODE jamm.ldap.search_base = o=hosting,dc=mycompany,dc=hosting jamm.ldap.root_dn = cn=Manager,dc=mycompany,dc=hosting 5. Correction at PART V Forgot to add CODE chown postfix.postfix /var/spool/MailScanner/incoming chown postfix.postfix /var/spool/MailScanner/quarantine ------------------------------------------------------------------------------------------- Special thanx to ethan for helping me out , thank you ![]() ------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------- Hello everyone, ...this one is going to be a... CentOS 4.0 : Postfix + MailScanner(ClamAV+Spamassassin)+LDAP+Dovecot+Cyrus-SASL+TomCat+Jamm+Squirrelmail(MySQL)+Virtual Domain Hosting e-mail server guide note: due to the fact that I wanted to keep this as simple as possible , you wont find to much explanation here of what a certain option does , for that you can check the following three places : http://wanderingbarque.com/howtos/mailserv...mailserver.html http://jamm.sourceforge.net/howto/single-h...mailserver.html http://www.linuxhelp.ca/forums/index.php?a...=ST&f=15&t=3647 My guide is based on these three + I added some slight modifications to it. So let's begin. ----------------------------------------------------------------------------------------------- PART I. Installing the operating system, and configuring OpenLDAP for mailer.mycompany.hosting ----------------------------------------------------------------------------------------------- Download the Centos 4.0 distro for you architecture from www.centos.org.Install CentOS 4.0 using the minimal install option. note : if you only want to set up a e-mail server using CentOS 4.0 and this guide, all you need to download is CD1 , no other CD is necesary in order to complete this guide. a.) insert CD1 into your CD drive and wait for the CentOS logo to show up , press [ENTER] b.) at the Installation Type choose Custom c.) Automatically partition d.) Network Configuration CODE eth0: ip address : 192.168.11.10 netmask : 255.255.255.0 hostname : mailer.mycompany.hosting gateway : 192.168.11.250 primary dns : 192.168.11.250 select No firewall (you might need to enable this, if you are not behind a firewall, and configure it properly) Enable SELinux? : Disabled enter the root password when promet and after that go down on the list and select minimal installation and click next. Once the installation is completed, login as root.And do the following : CODE cd /home wget http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4 rpm --import RPM-GPG-KEY-CentOS-4 yum update yum install openldap-servers openldap-clients Update all packages that need updating.Then install Midnight Commander. CODE yum install mc Download JAMM from http://jamm.sourceforge.net/ (you are going to love this) CODE wget http://belnet.dl.sourceforge.net/sourceforge/jamm/jamm-0.9.6-bin.tar.gz tar -zxvf jamm-0.9.6-bin.tar.gz slappasswd New password: Re-enter new password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx What you get here you shall type in to the /etc/openldap/slapd.conf as rootpw Copy jamm.schema from the /home/jamm-0.9.6 direcotry to /etc/openldap/schema/ Edit the file /etc/openldap/ldap.conf adding/modifying only the following parts CODE BASE dc=mycompany,dc=hosting Then edit the file /etc/openldap/slapd.conf CODE include /etc/openldap/schema/jamm.schema password-hash {CRYPT} database ldbm suffix "dc=mycompany,dc=hosting" rootdn "cn=Manager,dc=mycompany,dc=hosting" rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=mycompany,dc=hosting" attr=userPassword by self write by group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc=mycompany,dc=hosting" write by dn="cn=dovecot,dc=mycompany,dc=hosting" read by anonymous auth by * none access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=mycompany,dc=hosting" by self write by group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc=mycompany,dc=hosting" write by * read access to * by * read CODE cd /etc/openldap vi base.ldif CODE dn: dc=mycompany, dc=hosting objectClass: top objectClass: domain domainComponent: mycompany dn: cn=Manager, dc=mycompany, dc=hosting objectClass: top objectClass: organizationalRole cn: Manager dn: o=hosting, dc=mycompany, dc=hosting objectClass: top objectClass: organization o: hosting dn: cn=dovecot, dc=mycompany, dc=hosting objectClass: top objectClass: organizationalPerson cn: dovecot sn: dovecot delete all files in /var/lib/ldap/ CODE /etc/init.d/ldap start ldapadd -x -D "cn=Manager,dc=mycompany,dc=hosting" -W -f base.ldif ldappasswd -x -W -S -D "cn=Manager,dc=mycompany,dc=hosting" "cn=dovecot,dc=mycompany,dc=hosting" yyyyyyyyyyyyyyyyyyyyyyyyy ----------------------------------------------------------------------------------------------- PART II. Installing Postfix and configuring it with OpenLDAP ----------------------------------------------------------------------------------------------- CODE yum install postfix yum remove sendmail CODE adduser vmail check the users uid gid under /etc/password and use that uid gid in postfix main.cf /etc/passwd for examaple : vmail:x:500:500::/home/vmail:/sbin/nologin 500:500 is the one that is interesting to us under /etc/postfix create the following files ldap-accounts CODE server_host = localhost server_port = 389 search_base = o=hosting,dc=mycompany,dc=hosting query_filter = (&(objectClass=JammMailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE)) result_attribute = mailbox bind = no ldap-accountsmap CODE server_host = localhost server_port = 389 search_base = o=hosting,dc=mycompany,dc=hosting query_filter = (&(objectClass=JammMailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE)) result_attribute = mail bind = no ldap-aliases CODE server_host = localhost server_port = 389 search_base = o=hosting,dc=mycompany,dc=hosting query_filter = (&(objectClass=JammMailAlias)(mail=%s)(accountActive=TRUE)) result_attribute = maildrop bind = no ldap-domains CODE server_host = localhost server_port = 389 search_base = o=hosting,dc=mycompany,dc=hosting query_filter = (&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE)) result_attribute = jvd bind = no scope = one /etc/postfix/header_checks CODE /^Received:/ HOLD /etc/postfix/main.cf CODE header_checks = regexp:/etc/postfix/header_checks myhostname = mailer.mycompany.hosting mydomain = mycompany.hosting myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, $mydomain, localhost unknown_local_recipient_reject_code = 550 mynetworks_style = host relay_domains = $mydestination mail_spool_directory = /var/spool/mail smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks, reject_unauth_destination, permit smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtp_sasl_auth_enable = no smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/postfix/mycompany.key smtpd_tls_cert_file = /etc/postfix/mycompany.crt smtpd_tls_Cafile = /etc/postfix/mycompany.ca message_size_limit = 10485760 mailbox_size_limit = 104857600 virtual_alias_maps = ldap:/etc/postfix/ldap-accountsmap, ldap:/etc/postfix/ldap-aliases virtual_transport = virtual virtual_mailbox_base = /home/vmail/domains virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains virtual_minimum_uid = 500 virtual_uid_maps = static:500 virtual_gid_maps = static:500 /usr/share/ssl/misc CODE modify CA -newcert) # create a certificate $REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS RET=$? echo "Certificate (and private key) is in newreq.pem" ;; -newreq) # create a certificate request $REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS RET=$? echo "Request (and private key) is in newreq.pem" ;; /usr/share/ssl/openssl.cnf CODE ... [ CA_default ] dir = ./demoCA # Where everything is kept ... default_days = 3650 # How long to certify for ... [ req_distinguished_name ] countryName = Country Name (code) countryName_default = CS countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Vojvodina localityName = Locality Name (eg, city) localityName_default = Backa Topola 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Mycompany Hosting # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) #1.organizationName_default = World Wide Web Pty Ltd organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = Virtual Domain Hosting commonName = Common Name (eg, your name or your server's hostname) # (Very Important, in order to keep mail clients and other user agents from complaining, this name must # match exactly the name that the user will be entering into their client settings. Whether that be # domain.extension or mail.domain.extension or what. It must be a valid DNS name pointing at your # server. commonName_default = mailer.mycompany.hosting commonName_max = 64 emailAddress = Email Address emailAddress_default = postmaster@mycompany.hosting emailAddress_max = 64 CODE /usr/share/ssl/misc/CA –newca /usr/share/ssl/misc/CA –newreq /usr/share/ssl/misc/CA –sign /etc/newreq.pem only lines BEGIN RSA PRIVATE KEY till END RSA PRIVATE KEY are needed rename newreq.pem to mycompany.key rename newcert.pem to mycompany.crt rename cacert.pem to mycompany.ca and then copy the renamed files to /etc/postfix (like this) /etc/postfix/mycompany.key /etc/postfix/mycompany.crt /etc/postfix/mycompany.ca ----------------------------------------------------------------------------------------------- PART III. Installing CYRUS-SASL and configuring it with OpenLDAP ----------------------------------------------------------------------------------------------- /usr/lib/sasl2/smtpd.conf CODE pwcheck_method: saslauthd mech_list: login plain /etc/sysconfig/saslauthd CODE MECH=ldap /etc/saslauthd.conf CODE ldap_servers: ldap://127.0.0.1 ldap_search_base: o=hosting,dc=mycompany,dc=hosting ldap_filter: (&(objectClass=JammMailAccount)(mail=%u@%r)(accountActive=TRUE)(delete=FALSE)) ----------------------------------------------------------------------------------------------- PART IV. Installing Dovecot and configuring it with OpenLDAP ----------------------------------------------------------------------------------------------- CODE cd /home wget http://dag.wieers.com/packages/dovecot/dovecot-0.99.13-1.2.el4.test.i386.rpm yum install mysql postgresql-libs rpm –Uvh dovecot* /etc/dovecot.conf CODE protocols = imap imaps pop3 pop3s ssl_disable = no disable_plaintext_auth = no first_valid_uid = 500 last_valid_uid = 500 first_valid gid = 500 last_valid_gid = 500 default_mail_env = maildir:/home/vmail/domains/%d/%n auth = default auth_mechanisms = plain auth_userdb = ldap /etc/dovecot-ldap.conf auth_passdb = ldap /etc/dovecot-ldap.conf auth_user = root /etc/dovecot-ldap.conf CODE hosts = localhost dn = cn=dovecot,dc=mycompany,dc=hosting dnpass = yyyyyyyyyyyyyyyyyyyyyyyyy ldap_version = 3 base = o=hosting,dc=mycompany,dc=hosting deref = never scope = subtree user_attrs = mail,homeDirectory,,,, user_filter = (&(objectClass=JammMailAccount)(mail=%u)(accountActive=TRUE)(delete=FALSE)) pass_attrs = mail,userPassword pass_filter = (&(objectClass=JammMailAccount)(mail=%u)(accountActive=TRUE)(delete=FALSE)) default_pass_scheme = CRYPT user_global_uid = 500 user_global_gid = 500 ----------------------------------------------------------------------------------------------- PART V. Installing Mailscanner (Clamav+Spamassassin) ----------------------------------------------------------------------------------------------- CODE yum install spamassassin sendmail-devel bzip2-devel gmp-devel zlib-devel autoconf automake rpm-build rpm-devel gcc perl-CPAN curl-devel CODE cd /home wget http://crash.fce.vutbr.cz/crash-hat/2/clamav/clamav-0.83-1.src.rpm rpmbuild --rebuild clamav-0.74-1.src.rpm cd /usr/src/redhat/RPMS/i386 rpm -Uvh clamav-0.83-1.i386.rpm clamav-devel-0.83-1.i386.rpm cpan accept all the settings till you get to the mirror, there choose the closest mirror install Parse::RecDescent install Inline install Mail::ClamAV CODE cd /home wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.40.5-1.rpm.tar.gz tar -xvzf MailScanner-4.40.5-1.rpm.tar.gz cd MailScanner-4.40.5-1 export LANG=C; ./install.sh modify /etc/MailScanner/MailScanner.conf CODE %org-name% = mycompany.hosting %org-long-name% = MyCompany Hosting %web-site% = www.mycompany.com Run As User = postfix Run As Group = postfix MTA = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming File Timeout = 120 Maximum Archive Depth = 20 Virus Scanners = clamavmodule Monitors for ClamAV Updates = /var/lib/clamav/*.cvd Use SpamAssassin = yes SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin Spam List = ORDB-RBL SBL+XBL SORBS-DNSBL CBL RSL DSBL spamcop Allow IFrame Tags = yes Allow Script Tags = yes Allow Object Codebase Tags = yes Convert Dangerous HTML To Text = no Minimum Stars If On Spam List = 3 Spam Lists To Reach High Score = 3 Sign Clean Messages = yes Spam Actions = deliver High Scoring Spam Actions = deliver CODE mkdir /var/spool/MailScanner/spamassassin chown postfix.postfix /var/spool/MailScanner/spamassassin chown postfix.postfix /var/spool/MailScanner/incoming chown postfix.postfix /var/spool/MailScanner/quarantine modify /etc/MailScanner/virus.scanners.conf CODE clamav /usr/lib/MailScanner/clamav-wrapper /usr modify /etc/MailScanner/filename.rules.conf CODE allow .[a-z][a-z0-9]{2,3}s*.[a-z0-9]{3}$ Found possible filename hiding allow s{10,0} Filename contains lots of white space allow {[a-hA-H0-9-]{25,}} Filename trying to hide its real type allow .exe$ Windows/DOS Executable allow .bmp$ Windows bitmap file security vulnerability modify /etc/MailScanner/filetype.rules.conf CODE allow self-extract - - allow ELF - - allow executable - - CODE cd /home
wget http://dag.wieers.com/packages/unrar/unrar-3.4.3-1.2.el4.rf.i386.rpm rpm -Uvh unrar-3.4.3-1.2.el4.rf.i386.rpm -------------------- Robert Becskei
robert83@linuxhelp.net -------------------- May the source be with us! -------------------- AMD X2-3800 @ 2400Mhz 2048MB DDR 400Mhz DFI Lanparty UT4 NF4 ULTRA-D GeForce 7800GT 250GB+250GB Pioneer DVD-RW 17inch Samsung Syncmaster 757NF WinXP Pro (SP2)/ CentOS 4.3 -------------------- |
|
|
![]() |
![]()
Post
#2
|
|
![]() Its GNU/Linuxhelp.net ![]() ![]() ![]() ![]() ![]() ![]() ![]() Group: Support Specialist Posts: 1,439 Joined: 3-January 04 From: Germany Member No.: 2,069 ![]() |
In order to access JAMM to add new users
enter into your browser CODE http://ip_address_of_your_server:8080/jamm username : root password : the_one_you_used_for_rootpw (in /etc/openldap/slapd.conf) Once you are done adding the user with JAMM , you MUST create the directories for that user on the linux box. Access it via ssh CODE ssh ip_address_of_your_server CODE cd /home/vmail mkdir domain_name/user_name both domain_name and user_name directory must be rwxrwx--- vmail.vmail use chown vmail.vmail to change owner of dir (example chown vmail.vmail domain_name) use chmod 770 to change premission of dir (example chmod 770 domain_name) Once this is the the user will be able to recieve e-mail. To access the e-mail box via squirrelmail or a e-mail client you must enter the username and password like this (example) username : someuser@somedomain.com password : passwordforsomeuser Sincerely Robert B -------------------- Robert Becskei
robert83@linuxhelp.net -------------------- May the source be with us! -------------------- AMD X2-3800 @ 2400Mhz 2048MB DDR 400Mhz DFI Lanparty UT4 NF4 ULTRA-D GeForce 7800GT 250GB+250GB Pioneer DVD-RW 17inch Samsung Syncmaster 757NF WinXP Pro (SP2)/ CentOS 4.3 -------------------- |
|
|
![]() ![]() |
![]() |
Lo-Fi Version | Time is now: 23rd April 2018 - 11:41 PM |