miercuri, 21 decembrie 2011

Change password from the terminal for email users
postfix + dovecot + mysql + SquirrelMail( Debian / Ubuntu)

root@ubuntu:~#mysql -uuser -ppassword mail -e "update users set password=ENCRYPT('parola') where email='user@domeniu.ro';"


miercuri, 14 decembrie 2011

Postfix + SpamAssassin + ClamAV + Procmail on Debian 6/Ubuntu

This is part 2 of my series on mail servers on Debian 6/Ubuntu 10.04, it should work on other versions of each though. For part 1, go here.

SpamAssassin

First off we'll get SpamAssassin installed and configured.

apt-get install spamassassin

We'll be configuring SpamAssassin as a daemon that Postfix interfaces with using spamc.

SpamAssassin on Debian and Ubuntu runs as root which is NOT a good thing so we'll need to make some changes.

We'll add a group called spamd with GID 5001.

groupadd -g 5001 spamd

Next we add a user spamd with UID 5001 and add it to the spamd group, as well as set it's home directory as /var/lib/spamassassin and make sure it has no shell access or SSH access.

useradd -u 5001 -g spamd -s /usr/sbin/nologin -d /var/lib/spamassassin spamd

Now we make that users home directory.

mkdir /var/lib/spamassassin

And finally change the permissions of that directory so the spamd user can write there.

chown spamd:spamd /var/lib/spamassassin

Next up we have to enabled the daemon and configure it. Open up /etc/default/spamassassin and make the following changes.

ENABLED=1

This will actually allow the spamassassin daemon to start. We also need to configure it's new home directory and more.

SAHOME="/var/lib/spamassassin/"
OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir ${SAHOME} -s /var/log/spamd.log"
PIDFILE="${SAHOME}spamd.pid"

Next up we'll make some changes to /etc/spamassassin/local.cf

rewrite_header Subject ***** SPAM _SCORE_ *****
report_safe 1

use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1

These changes will rewrite the email subject to show that it is spam and add the spam score too, like this ***** SPAM 6.0 *****, report_safe will attach the spam email as a plain text attachment to the email to filter out any bad stuff. The 3 bayes options enabled the Bayesian classifier and enable auto learn functionality. For more info on Bayesian cliassifier, go here.

SpamAssassin is now configured but Postfix doesn't know how to talk to it, we'll configure that later. Now on to...

ClamAV

apt-get install clamsmtp clamav-freshclam

Once installed you'll have an SMTP wrapper for ClamAV installed and a daemon that automatically updates your anti-virus database.

Open up /etc/clamsmtpd.conf and make the following changes

OutAddress: 10026

and

Listen: 127.0.0.1:10025

Now we move on to...

Procmail

apt-get install procmail

Now we need to create /etc/procmailrc and add the following to it

DROPPRIVS=YES
ORGMAIL=$HOME/Maildir
MAILDIR=$ORGMAIL
DEFAULT=$ORGMAIL

This tells Procmail to deliver email to your Maildir folder instead of /var/mail/

And now to glue it all together!

Postfix

Open up /etc/postfix/main.cf and add the following lines

content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings

This tells Postfix to scan content using ClamAV which is listening on port 10025.

Now add the following to tell Postfix to deliver mail locally using Procmail.

mailbox_command = procmail -a "$EXTENSION"

Next open up /etc/postfix/master.cf and change

smtp inet n - - - - smtpd

to

smtp inet n - - - - smtpd

-o content_filter=spamassassin

Then add the following lines to the end of the file

scan unix - - n - 16 smtp

-o smtp_send_xforward_command=yes

127.0.0.1:10026 inet n - n - 16 smtpd

-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

spamassassin unix - n n - - pipe

user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}

These changes tell Postfix to talk to ClamAV and SpamAssassin.

Finally

/etc/init.d/spamassassin restart

/etc/init.d/clamsmtp restart

/etc/init.d/postfix restart

That should be everything done, good luck!

« Part 1 - Postfix + Dovecot (IMAP/IMAPS) + SASL + Maildir
Part 2 - Postfix + DK (DomainKeys) + DKIM + SPF »

Postfix + Dovecot (IMAP/IMAPS) + SASL + Maildir on Debian 6/Ubuntu

This guide is part 1 of what I plan will be a couple of guides that take you through installing a base mail system, SpamAssassin, DKIM and much more. Stay tuned.

This guide was written for Debian 6 but should be the same or similar for Debian 5 and Ubuntu 10.04 and above.

The installation

apt-get install dovecot-imapd postfix sasl2-bin libsasl2-2 libsasl2-modules

Choose "Internet site" when prompted and enter the fully qualified name of your server.

Once all this is done installing we'll need to make some changes, first off will be Postfix.

Postfix

Open up /etc/postfix/main.cf and add the following to the end of the file:

home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks,

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unknown_sender_domain,

Here we basically tell Postfix to store all email in maildir format in the user's home directory. We then enable SASL with and tell it to not allow anonymous auth and, tell it the hostname and enabled broken SASL auth clients, just in-case.

The next section tells Postfix to allow users to send if they pass SASL auth or are listed in the allowed networks section.

Finally we set Postfix's recipient rules where we allow our networks, SASL auth and reject any unauthorised destinations and unknown senders.

Dovecot

Open up /etc/dovecot/dovecot.conf

Uncomment the IMAP and IMAPS protocols

protocols = imap imaps

Next we configure the protocols, add the following lines just below the protocols option

protocol imap {

listen = *:143
ssl_listen = *:993

}

Search through the file for "mail_location =" without the quotes, make sure it's commented out and add the following below it:

mail_location = maildir:~/Maildir/

Now we need to search down the file and comment out everything within the "auth default" section and add the following below it:

auth default {

mechanisms = plain login

passdb pam {
}

userdb passwd {
}

socket listen {

client {

path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix

}

}

}

Just to explain what we've done, we've enabled IMAP and IMAPS protocols and configured the ports to be used, both ports are the standard ports.

Next up we configure Dovecot to handle Maildir, just like with Postfix.

And finally we set up our auth mechanism, specifying that it needs to do so via Postfix.

SASL

Open up the following file /etc/default/saslauthd, we need to modify a couple of things. Set START to yes and MECHANISMS to pam.

START=yes
MECHANISMS="pam"

Due to the fact Postfix will be chrooted we need to make a few system changes for SASL.

First we remove the default SASL run location.

rm -r /var/run/saslauthd/

Now we make one within the Postfix chroot.

mkdir -p /var/spool/postfix/var/run/saslauthd

Symlink it back to /var/run so things work.

ln -s /var/spool/postfix/var/run/saslauthd /var/run

Change the group for the directory we created.

chgrp sasl /var/spool/postfix/var/run/saslauthd

And finally add the Postfix user to the SASL group.

adduser postfix sasl

Finally

Now we just need to restart our services.

/etc/init.d/dovecot restart
/etc/init.d/postfix restart
/etc/init.d/saslauthd restart

If all went according to plan normal system users should now be able to send and receive mail.


duminică, 11 decembrie 2011

How to move mysql database to another drive or partition

So you need to physically move around your mysql databases, typically because you want to put them on a another partition or hard drive, or on some network device ? This is how you can do it.

Debian or Ubuntu distribution.

First stop the mysql service :

root@box:~/# /etc/init.d/mysql stop
* Stopping MySQL database server mysqld [ OK ]

Then go to your current mysql data directory, by default in Debian / Ubuntu it should be /var/lib/mysql. Check that your databases are there (in this example I have 2 bases - the default ‘mysql’ base and a user-created ‘wpdb’ base) :

root@box:~/# cd /var/lib/mysql
root@box:~/# ls
total 21M
-rw-rw---- 1 mysql 10M 2008-05-01 14:39 ibdata1
-rw-rw---- 1 mysql 5.0M 2008-05-01 14:39 ib_logfile0
-rw-rw---- 1 mysql 5.0M 2008-04-27 20:57 ib_logfile1
drwxr-xr-x 2 mysql 4.0K 2008-04-27 20:57 mysql
-rw------- 1 root 6 2008-04-27 20:57 mysql_upgrade_info
drwx------ 2 mysql 4.0K 2008-04-28 19:28 wpdb

Create a new directory for your data (in this example, the /var/www directory which is located on another partition) and give ownership on it to the mysql user :

root@box:~/# mkdir /var/www/mysql_datadir
root@box:~/# chown -R mysql:mysql /var/www/mysql_datadir

Copy your databases to the new dir and update ownership if needed. Only move the databases dirs, don’t touch the other files.

root@box:~/# cp -r mysql /var/www/mysql_datadir/
root@box:~/# cp -r wpdb /var/www/mysql_datadir/
root@box:~/# chown -R mysql:mysql /var/www/mysql_datadir/*

Then update your my.conf file to make it point to the new dir :

root@box:~/# nano /etc/mysql/my.conf

Find the following statement :

datadir = /var/lib/mysql

and update with the new location :

datadir = /var/www/mysql_datadir

And finally restart the mysql service

root@box:~/# /etc/init.d/mysql start
* Starting MySQL database server mysqld [ OK ]

When restarting, mysql re-created files ibdata1, ib_logfile0, etc. in the new data dir.
If everything went OK, you can now remove the original directory.

Debian or Ubuntu Linux runlevel configuration tool to start service


Q. Under Red Hat or Cent OS chkconfig command provides a simple command-line tool for maintaining the /etc/rc[0-6].d directory hierarchy by relieving system administrators of the task of directly manipulating the numerous symbolic links in those directories. How do I control (or maintain Ubuntu runlevel) startup service under Debian or Ubuntu Linux with command line tool?

A. chkconfig is Redhat and friends only command. Debian or Ubuntu Linux offers different tools or command for same task.

Task: Command line tool to manage services / Ubuntu runlevel

update-rc.d automatically updates the System V style init script links /etc/rcrunlevel.d/NNname to scripts /etc/init.d/name. These are run by init when changing runlevels and are generally used to start and stop. For example turn on ssh service type the command:
# update-rc.d ssh defaultsOR$ sudo update-rc.d ssh defaults

Task: Remove service

Again use update-rc.d command:
# update-rc.d SERVICE-NAME removeOR$ sudo update-rc.d SERVICE-NAME remove

Task: Use Text based GUI Runlevel configuration tool to add or remove services

rcconf is Debian runlevel configuration tool. Rcconf allows you to control which services are started when the system boots up or reboots. It displays a menu of all the services which could be started at boot. The ones that are configured to do so are marked and you can toggle individual services on and off. If rcconf is not installed use apt-get command:
# apt-get install rcconfOR$ sudo apt-get install rcconfNow run rcconf and just follow on screen instructions:
# rcconfhttp://www.cyberciti.biz/faq/howto-runlevel-configuration-tool-to-start-service/

Repararea unei baze de date MySQL din consola

Se intampla uneori ca mai multe baze de date sa fie corupte datorita unei incarcari foarte mari sau a opririi fortate (kill -9) a serverului de baze de date. In cazul acesta exista posibilitatea recuperarii bazelor de date corupte folosind comanda myisamchk. Operatiunea va trebui facuta in felul urmator:

1. Se opreste serverul MySQL

# /usr/local/etc/rc.d/mysql-server stop
E posibil sa difere calea si numele scriptului de pornire. In Linux se foloseste de obicei
# /etc/rc.d/init.d/mysql stop
# /etc/init.d/mysql stop (Debian, Ubuntu)

2. Se intra in directorul bazei de date si se ruleaza comanda myisamchk:

# cd /var/db/mysql/user_NumeDB/
# cd /var/lib/mysql/user_NumeDB/ (Debian, Ubuntu)
# myisamchk -r *.MYI

3. Se reporneste serverul MySQL

# /usr/local/etc/rc.d/mysql-server start
# /etc/init.d/mysql start (Debian, Ubuntu)

Daca sunt mai multe baze de date corupte comenzile de la pasul 2 se pot inlocui cu:

# cd /var/db/mysql
# cd /var/lib/mysql/user_NumeDB/ (Debian, Ubuntu)
# find . -type f -name "*.MYI" | xargs myismachk -r