User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
amber_build [2011/05/31 12:12]
SLUUG Administration
amber_build [2018/07/12 15:16] (current)
SLUUG Administration old revision restored (2018/05/28 02:17)
Line 11: Line 11:
 selinux is disabled by 'echo 0 > /​selinux/​enforce'​ selinux is disabled by 'echo 0 > /​selinux/​enforce'​
 +FIXME There is an admin panel to access the VM. We need to document it.
 ===== Apache ===== ===== Apache =====
Line 45: Line 47:
 In /​etc/​httpd/​conf.d/​ssl.conf,​ we set the following two values: In /​etc/​httpd/​conf.d/​ssl.conf,​ we set the following two values:
-''​SSLCertificateFile /​etc/​pki/​tls/​certs/​apache.pem''​+''​SSLCertificateFile /​etc/​pki/​tls/​certs/​sluug.pem''​
-''​SSLCertificateKeyFile /​etc/​pki/​tls/​certs/​apache.pem''​+''​SSLCertificateKeyFile /​etc/​pki/​tls/​certs/​sluug.pem''​
 And then changed: And then changed:
Line 67: Line 69:
 ===== Mysql ===== ===== Mysql =====
 +Install mysql:
 +''#​ yum install mysql mysql-server''​
 +''#​ mysql_secure_installation''​
 +Edit /​etc/​my.cnf. Notice that we are bound to, and don't accept queries over the network. Also, the query log is set to /​var/​log/​mysql_query.log. This is good for troubleshooting,​ but should be turned off for normal use.
 +# Default to using old password format for compatibility with mysql 3.x
 +# clients (those using the mysqlclient10 compatibility package).
 +# Disabling symbolic-links is recommended to prevent assorted security risks;
 +# to do so, uncomment this line:
 +# symbolic-links=0
 ===== Postfixadmin ===== ===== Postfixadmin =====
 +Postfixadmin is a web tool for managing virtual mailboxes across multiple domains. In our case, the mailboxes and domains are both defined in mysql, while the actual mail spools live under /​home/​vmail/​user@domain.tld. When receiving mail, postfix looks in mysql to see what to do with the mail. It knows exactly where to look based on the contents of the /​etc/​postfix/​mysql* files. Similarly, when courier gets an IMAP or POP3 request, it looks in mysql to authenticate users and to learn where their mail spools are. Postfixadmin lets us easily populate the database with the needed records and avoid manually running SQL.
 +Download postfixadmin from [[http://​​projects/​postfixadmin/​]]. Untar it into /​srv/​www/​ and create a symlink postfixadmin->​postfixadmin.x.y.z.
 +Log into mysql as the root user. Run:
 +mysql> CREATE DATABASE postfix;
 +mysql> CREATE USER postfix@localhost IDENTIFIED BY '​xxxxxxx';​
 +mysql> GRANT ALL PRIVILEGES ON postfix.* TO postfix;
 +mysql> flush privileges;
 +Navigate to https://​​postfixadmin/​setup.php. Generate the setup password as prompted and copy it into /​srv/​www/​​postfixadmin/​ as $CONF['​setup_password'​]. ​
 +Also in that file, set:
 +$CONF['​database_type'​] = '​mysqli';​
 +$CONF['​database_host'​] = '​localhost';​
 +$CONF['​database_user'​] = '​postfix';​
 +$CONF['​database_password'​] = '​xxxxxxx';​
 +$CONF['​database_name'​] = '​postfix';​
 +$CONF['​database_prefix'​] = '';​
 +$CONF['​encrypt'​] = '​md5crypt';​
 +Then go back to https://​​postfixadmin/​setup.php. It will create an admin user and build the database structure.
 +After postfixadmin is set up, mailboxes can be manually created, or we can do a bulk populate. The bulk populate script is ~jmuse/​ It expects to find a file called ~jmuse/​.md5,​ of the format:
 +''​accountname:​md5_hash:​Real Name''​
 +Each account name needs to be on a separate line. The script should really be smart enough to check for duplicates, or accounts already present, but it isn't at the moment. Running the script without arguments will populate the mailbox table and create the appropriate maildir under /​home/​vmail. Because we only have one domain at the moment, it assumes that the domain part is '​'​. If we ever expected to need this tool after the migration, these would be good changes to make. The script works on the principle that we can copy md5 hashes from /etc/shadow on bud into the postfix DB. 
 +# Script to take data in the form
 +# accountname:​md5_hash:​real_name
 +# and put it into the postfix database
 +# Warning: no error checking or duplicate checking!
 +use warnings;
 +use strict;
 +use DBI;
 +open (FILE,"/​home/​jmuse/​.md5"​) or die $!;
 +my $dbuser='​postfix';​
 +my $dbpass='​xxxxxx';​
 +my $db='​postfix';​
 +my $dbh=DBI->​connect('​DBI:​mysql:​postfix',​$dbuser,​$dbpass) || die $!;
 +while (<​FILE>​) {
 +        my $line=$_;
 +        my ($user,​$pass,​$realname)=split(":",​$line);​
 +        my $mailuser=$user . '​';​
 +        my $mailboxname=$user. '​';​
 +        my $query="​INSERT INTO mailbox (username,​password,​name,​maildir,​quota,​local_part,​domain,​created,​modified,​active) VALUES (?,?,?,?,​0,?,'​','​2011-05-21 12:​44:​58','​2011-05-21 12:​44:​58',​1)";​
 +        my $query_handle=$dbh->​prepare($query);​
 +        $query_handle->​execute($mailuser,​$pass,​$realname,​$mailboxname,​$user);​
 +        system("/​usr/​lib/​courier-imap/​bin/​maildirmake /​home/​vmail/​$mailboxname"​);​
 +        system ("/​bin/​chown -R vmail:vmail /​home/​vmail/​$mailboxname"​);​
 ===== Postfix/​Amavisd-new/​Spamassassin/​ClamAV/​Postgrey ====== ===== Postfix/​Amavisd-new/​Spamassassin/​ClamAV/​Postgrey ======
Line 173: Line 270:
 virtual_transport = virtual virtual_transport = virtual
 </​code>​ </​code>​
 +Also in /​etc/​postfix/​,​ add or uncomment line "​recipient_delimiter = +". This specifies the separator between user names and address extensions (user+foo).
 +Also in /​etc/​postfix/​,​ add "​disable_vrfy_command=yes"​. Disable VRFY....From Jeff's presentation.
 Now, edit the mapping files. **IMPORTANT:​ These files contain database passwords! They need to be root:​postfix 640!** Now, edit the mapping files. **IMPORTANT:​ These files contain database passwords! They need to be root:​postfix 640!**
Line 244: Line 345:
   * Set $mydomain, $myhostname in /​etc/​amavisd.conf   * Set $mydomain, $myhostname in /​etc/​amavisd.conf
   * Uncomment $MYHOME,​$helpers_home,​$lock_file,​$pid_file   * Uncomment $MYHOME,​$helpers_home,​$lock_file,​$pid_file
-  * Uncomment the clamav block in amavisd.conf. Make sure the patch to the socket +  * Uncomment the clamav block in amavisd.conf. Make sure the path to the socket is /​var/​run/​clamav/​clamd.sock (must match the LocalSocket setting in clamd.conf) 
-is /​var/​run/​clamav/​clamd.sock (must match the LocalSocket setting in clamd.conf) +  * Change setting $sa_tag_level_deflt to -9999 instead of 2.0.  This means the SpamAssassin score headers are added to all mail. 
 +  * Uncomment the sample $final_spam_destiny line and change the value from D_PASS to D_DISCARD. Due to the default changing from bounce to pass. 
 +  * Try to be a little more lenient on mail relayed by our users. ​ Add "​spam_kill_level_maps => [10.0],"​ to the "​$policy_bank{'​ORIGINATING'​}"​ section.
 Append the following to /​etc/​postfix/​​ Append the following to /​etc/​postfix/​​
Line 303: Line 405:
   * courier-authlib-devel   * courier-authlib-devel
-As an unprivilged ​user, do:+As an unprivileged ​user, do:
 <​code>​ <​code>​
 mkdir $HOME/rpm mkdir $HOME/rpm
Line 375: Line 477:
 Mailman wouldn'​t start because the mailman list was missing. Mailman wouldn'​t start because the mailman list was missing.
-FIXME Did someone rsync over lists from bud? What happened in this step? +FIXME Did someone rsync over lists from bud? What happened in this step? It should have been lists/, data/, archives/, followed by /​usr/​local/​mailman/​bin/​genaliases.
- +
 +See [[build:​lists|MailMan]] for configuration files and options,
 +including Apache.
 +===== Webmail=====
 +We have installed roundcube as our [[build:​webmail|Webmail]] tool.
amber_build.1306861926.txt.gz · Last modified: 2011/05/31 12:12 by SLUUG Administration