Archives

All posts for the month March, 2017

How to Migrate a Hosted Server in 5 Easy Steps with Rsync

Posted by Dărescu Ionuț on March 15, 2017
Posted in: Uncategorized. Tagged: , , , , , , . Leave a Comment

In order to migrate the files on a VPS box from one provider to another, one of the best solutions for the job is to use a tool called Rsync.

Let’s take a closer look at Rsync and see how it can help you rapidly move virtual private servers from one provider to another.

About Rsync

Rsync is one of the most common ways to copy/backup/restore files and folders between two locations, regardless if these endpoints are local or remote servers.

It supports compression, encryption and incremental transfer which makes the app an extremely versatile and useful tool for systems administrators.

Note: Running Rsync does not require you to be logged in as root.

Since Rsync supports incremental file transfer, the first time you will run it, it will require the same time to copy all the files as any other command However, when you subsequently execute Rsync, it will determines which changes have been made and only transfers those files.

This mechanism is designed to save time for the system admin, load and bandwidth.
Getting Acquainted with Rsync

Let’s get started and copy our live running server in a new location in 5 easy steps.

Step 1) Ensure that your OS is in Place

In order to migrate your server to a new location, the first step is to install your operating system onto new infrastructure. You can determine what architecture your current server is running on with the following command:

uname –a

You will want to use a Linux distro and kernel as close as possible to the one installed on server you are migrating.

Most VPS providers will set this up for you when you buy your new VPS server.

Tip: You may only need to do this step if you are building out a server locally. Hypervisors such as VMware help administrators streamline the process of installing operating systems onto hardware.

Step 2) Check the connection between the 2 servers

Once you have the two systems up and running you will need to check to see if it will be possible to make a connection between the two servers.

You can easily do that with the command “ssh”. Assuming you are running SSH from the new server and trying to connect to the old one, if the old server asks for the password, you passed the test!

ssh user@oldserver

Step 3) Check Rsync

At this point you will have to verify that Rsync is installed on both systems and if not, it’s time to install it. You can check if the command is present in the following way:

which rsync

In case the tool should not be present, you can easily install it using the following commands:

apt-get install rsync (on Ubunbu based distros)
yum install rsync (on CentOS based distros)

Step 4) Prepare the Exclude List

You will now only need to decide which directories to exclude. This may vary from system to system, but I would never suggest you to include the following unless differently needed:

/etc/fstab
/etc/sysconfig/network-scripts/* (CentOS distros)
/etc/network/* (Ubuntu distros)
/proc/*
/tmp/*
/sys/*
/dev/*
/mnt/*
/boot/*

Step 5) Run Rsync

Some VPS administrators may be worried about running Rsync while a MySQL instance running.

In most cases, this won’t present a problem. You might consider running it outside of heavy load periods if your server is hosting a live system, but other than that you should not have any problems.

Of course you will not have a consistent copy of the DB unless you stop the service before beginning Rsync, so please keep that in mind.

In this instance, Rsync will create a copy and it will allow you to test the system on the new server, which is usually always a big plus.

An Example of Rsync at Work

Assuming you are logged into the destination server, you’d implement a command that looks like this:

rsync -auHxv –numeric-ids –exclude=/etc/fstab –exclude=/etc/network/* –exclude=/proc/* –exclude=/tmp/* –exclude=/sys/* –exclude=/dev/* –exclude=/mnt/* –exclude=/boot/* –exclude=/root/* root@SRC-IP:/* /

Once it finishes, simply reboot your destination server and you will notice that you will have a precise copy of the files located on your source VPS.

*source: HERE

How to Migrate a Hosted Server in 5 Easy Steps with Rsync

Posted by Dărescu Ionuț on March 15, 2017
Posted in: Uncategorized. Tagged: , , , , , , . Leave a Comment

In order to migrate the files on a VPS box from one provider to another, one of the best solutions for the job is to use a tool called Rsync.

Let’s take a closer look at Rsync and see how it can help you rapidly move virtual private servers from one provider to another.

About Rsync

Rsync is one of the most common ways to copy/backup/restore files and folders between two locations, regardless if these endpoints are local or remote servers.

It supports compression, encryption and incremental transfer which makes the app an extremely versatile and useful tool for systems administrators.

Note: Running Rsync does not require you to be logged in as root.

Since Rsync supports incremental file transfer, the first time you will run it, it will require the same time to copy all the files as any other command However, when you subsequently execute Rsync, it will determines which changes have been made and only transfers those files.

This mechanism is designed to save time for the system admin, load and bandwidth.
Getting Acquainted with Rsync

Let’s get started and copy our live running server in a new location in 5 easy steps.

Step 1) Ensure that your OS is in Place

In order to migrate your server to a new location, the first step is to install your operating system onto new infrastructure. You can determine what architecture your current server is running on with the following command:

uname –a

You will want to use a Linux distro and kernel as close as possible to the one installed on server you are migrating.

Most VPS providers will set this up for you when you buy your new VPS server.

Tip: You may only need to do this step if you are building out a server locally. Hypervisors such as VMware help administrators streamline the process of installing operating systems onto hardware.

Step 2) Check the connection between the 2 servers

Once you have the two systems up and running you will need to check to see if it will be possible to make a connection between the two servers.

You can easily do that with the command “ssh”. Assuming you are running SSH from the new server and trying to connect to the old one, if the old server asks for the password, you passed the test!

ssh user@oldserver

Step 3) Check Rsync

At this point you will have to verify that Rsync is installed on both systems and if not, it’s time to install it. You can check if the command is present in the following way:

which rsync

In case the tool should not be present, you can easily install it using the following commands:

apt-get install rsync (on Ubunbu based distros)
yum install rsync (on CentOS based distros)

Step 4) Prepare the Exclude List

You will now only need to decide which directories to exclude. This may vary from system to system, but I would never suggest you to include the following unless differently needed:

/etc/fstab
/etc/sysconfig/network-scripts/* (CentOS distros)
/etc/network/* (Ubuntu distros)
/proc/*
/tmp/*
/sys/*
/dev/*
/mnt/*
/boot/*

Step 5) Run Rsync

Some VPS administrators may be worried about running Rsync while a MySQL instance running.

In most cases, this won’t present a problem. You might consider running it outside of heavy load periods if your server is hosting a live system, but other than that you should not have any problems.

Of course you will not have a consistent copy of the DB unless you stop the service before beginning Rsync, so please keep that in mind.

In this instance, Rsync will create a copy and it will allow you to test the system on the new server, which is usually always a big plus.

An Example of Rsync at Work

Assuming you are logged into the destination server, you’d implement a command that looks like this:

rsync -auHxv –numeric-ids –exclude=/etc/fstab –exclude=/etc/network/* –exclude=/proc/* –exclude=/tmp/* –exclude=/sys/* –exclude=/dev/* –exclude=/mnt/* –exclude=/boot/* –exclude=/root/* root@SRC-IP:/* /

Once it finishes, simply reboot your destination server and you will notice that you will have a precise copy of the files located on your source VPS.

*source: HERE

HOW-TO: Install RAINLOOP Webmail interface with Apache

Posted by Dărescu Ionuț on March 11, 2017
Posted in: Mail Server. Leave a Comment

In this tutorial I’ll explain how to install and configure RAINLOOP webmail interface with Apache.

FEATURES

  • Modern user interface.
  • Complete support of IMAP and SMTP protocols including SSL and STARTTLS.
  • Sieve scripts (Filters and vacation message).
  • Minimalistic resources requirements.
  • Direct access to mail server is used (mails are not stored locally on web server).
  • Allows for adding multiple accounts to primary one, simultaneous access to different accounts in different browser tabs is supported. Additional identities.
  • Administrative panel for configuring main options.
  • Really simple installation and update (the product is updated from admin panel).
  • Integration with Facebook, Google, Twitter and Dropbox.
  • Managing folders list.
  • Simple look’n’feel customization.
  • Configurable multi-level caching system.
  • Extending functionality with plugins installed through admin panel.
  • Perfect rendering of complex HTML mails.
  • Drag’n’drop for mails and attachments.
  • Keyboard shortcuts support.
  • Autocompletion of e-mail addresses.

I. Installation 

Download the package, extract files from it and upload it to a directory intended for use by the application, for example, /var/www/rainloop, subsequent examples assume you’re using that directory, supply your actual directory path if you use a different one.

mkdir /var/www/rainloop && cd /var/www/rainloop
wget https://www.rainloop.net/repository/webmail/rainloop-community-latest.zip
unzip rainloop-community-latest.zip
Grant read/write permissions required by the application:
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;chown -R www-data:www-data .

Setup a new site with apache with this similar configuration:

<VirtualHost mail.example.com:80>
DocumentRoot /var/www/rainloop

ServerName mail.example.com

ErrorLog "/var/log/rainloop-error_log"
TransferLog "/var/log/rainloop-access_log"

<Directory />
Options +Indexes +FollowSymLinks +ExecCGI
AllowOverride All
Order deny,allow
Allow from all
Require all granted
</Directory>

</VirtualHost>

*Enable module rewrite for Apache, if it’s not enabled.

II. Configuration

To configure the product, use admin panel found at: http://mail.example.com/?admin

1.There are two ways to configure the product – with admin panel, or by modifying application.ini file manually.

Web interface allows for configuring basic options only, and that should suffice in most cases. But when modifying configuration manually, you’ll get access to all configuration options including experimental ones.

To access admin panel, use URL of the following kind: http://mail.example.com/?admin

Default login is “admin”, password is “12345”.

2.Configuration file application.ini is found within directory structure of a special kind, like this:
/var/www/rainloop/data/_data_/_default_/configs/application.ini

_default_ – is a subdirectory in a single domain installation, in case of multiple domain installaton, your web domain is placed instead of “_default_”.

The “application.ini” file is composed using typical structure of INI files, its configuration options are described inline in full.

That’s it, enjoy !!!

HOW-TO: Install RAINLOOP Webmail interface with Apache

Posted by Dărescu Ionuț on March 11, 2017
Posted in: Mail Server. Tagged: , , . Leave a Comment

In this tutorial I’ll explain how to install and configure RAINLOOP webmail interface with Apache.

FEATURES

  • Modern user interface.
  • Complete support of IMAP and SMTP protocols including SSL and STARTTLS.
  • Sieve scripts (Filters and vacation message).
  • Minimalistic resources requirements.
  • Direct access to mail server is used (mails are not stored locally on web server).
  • Allows for adding multiple accounts to primary one, simultaneous access to different accounts in different browser tabs is supported. Additional identities.
  • Administrative panel for configuring main options.
  • Really simple installation and update (the product is updated from admin panel).
  • Integration with Facebook, Google, Twitter and Dropbox.
  • Managing folders list.
  • Simple look’n’feel customization.
  • Configurable multi-level caching system.
  • Extending functionality with plugins installed through admin panel.
  • Perfect rendering of complex HTML mails.
  • Drag’n’drop for mails and attachments.
  • Keyboard shortcuts support.
  • Autocompletion of e-mail addresses.

 

I. Installation 

Download the package, extract files from it and upload it to a directory intended for use by the application, for example, /var/www/rainloop, subsequent examples assume you’re using that directory, supply your actual directory path if you use a different one.

mkdir /var/www/rainloop && cd /var/www/rainloop
wget https://www.rainloop.net/repository/webmail/rainloop-community-latest.zip
unzip rainloop-community-latest.zip
Grant read/write permissions required by the application:
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;chown -R www-data:www-data .

Setup a new site with apache with this similar configuration:

<VirtualHost mail.example.com:80>

DocumentRoot /var/www/rainloop

ServerName mail.example.com

ErrorLog "/var/log/rainloop-error_log"
TransferLog "/var/log/rainloop-access_log"

<Directory />
Options +Indexes +FollowSymLinks +ExecCGI
AllowOverride All
Order deny,allow
Allow from all
Require all granted
</Directory>

</VirtualHost>

*Enable module rewrite for Apache, if it’s not enabled.

 

II. Configuration

To configure the product, use admin panel found at: http://mail.example.com/?admin

1.There are two ways to configure the product – with admin panel, or by modifying application.ini file manually.

Web interface allows for configuring basic options only, and that should suffice in most cases. But when modifying configuration manually, you’ll get access to all configuration options including experimental ones.

To access admin panel, use URL of the following kind: http://mail.example.com/?admin

Default login is “admin”, password is “12345”.

 

2.Configuration file application.ini is found within directory structure of a special kind, like this:
/var/www/rainloop/data/_data_/_default_/configs/application.ini

_default_ – is a subdirectory in a single domain installation, in case of multiple domain installaton, your web domain is placed instead of “_default_”.

The “application.ini” file is composed using typical structure of INI files, its configuration options are described inline in full.

 

 

 

That’s it, enjoy !!!

 

HOW-TO: Install and configure a mail system(Dovecot and Postfix) on Ubuntu 16.04 with ViMbAdmin

Posted by Dărescu Ionuț on March 11, 2017
Posted in: Mail Server. Leave a Comment

In this tutorial I’ll guide you how to install and configure a mail system(Dovecot and Postfix) on Ubuntu 16.04 with ViMbAdmin as front-end for managing your domains.

At the end of this process, you’ll have:

  • ViMbAdmin installed and managing your virtual domains, mailboxes and aliases;
  • Postfix installed and configured for: Email delivery / acceptance to your virtual mailboxes and aliases;
  • TLS available on port 25;
  • SSL on port 465;
  • Email relay to authenticated users only.
  • Dovecot installed and configured for: IMAP over SSL;
  • POP3 over SSL;
  • ManageSieve with TLS support;
  • LMTP for local mail delivery to your virtual mailboxes.

Preparation:

Install required packages and dependancies:

apt-get install --yes php7.0-cgi php7.0-mcrypt php-memcache php7.0-mysql \
php7.0-json libapache2-mod-php7.0 php-gettext memcached git mysql-server \
subversion

PHP composer can be installed via:

php -r "readfile('https://getcomposer.org/installer');" | php
mv composer.phar /usr/local/bin/composer

Set your timezone in /etc/php/7.0/apache2/php.ini and /etc/php/7.0/cli/php.ini , such as:

date.timezone = "UTC"

I. ViMbAdmin

export INSTALL_PATH=/srv/vimbadmin
git clone https://github.com/opensolutions/ViMbAdmin.git $INSTALL_PATH
cd $INSTALL_PATH
composer install --dev

If you plan to run under Apache / other web server, ensure you set the ownership on the var/ directory appropriately:

chown -R www-data: $INSTALL_PATH/var

Database Setup

Log into your MySQL (or other) database and create a new user and database:

CREATE DATABASE `vimbadmin`;
GRANT ALL ON `vimbadmin`.* TO `vimbadmin`@`localhost` IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

Configuration

cp $INSTALL_PATH/application/configs/application.ini.dist $INSTALL_PATH/application/configs/application.ini

You now need to set your database parameters from above in this file. You’ll find these near the top and here is an example:

resources.doctrine2.connection.options.driver = 'pdo_mysql'
resources.doctrine2.connection.options.dbname = 'vimbadmin'
resources.doctrine2.connection.options.user = 'vimbadmin'
resources.doctrine2.connection.options.password = 'password'
resources.doctrine2.connection.options.host = 'localhost'
cp $INSTALL_PATH/public/.htaccess.dist $INSTALL_PATH/public/.htaccess

Database Creation

cd $INSTALL_PATH
./bin/doctrine2-cli.php orm:schema-tool:create

If all goes well, you should see:

$ ./bin/doctrine2-cli.php orm:schema-tool:create
ATTENTION: This operation should not be executed in a production environment.

Creating database schema...
Database schema created successfully!

Apache2

You need to tell Apache where to find ViMbAdmin and what URL it should be served under. In this example, we’re going to serve it from /vimbadmin (e.g. www.example.com/vimbadmin). As such, we create an Apache configuration block as follows on our web server:

Alias /vimbadmin /srv/vimbadmin/public

<Directory /srv/vimbadmin/public>
Options FollowSymLinks
AllowOverride FileInfo

# For Apache <= 2.3:
Order allow,deny
allow from all

# For Apache >= 2.4
# Require all granted 
</Directory>

Ensure mod_rewrite is enabled:

a2enmod rewrite

Restart Apache and you can now browse to your new installation.

Welcome to Your New ViMbAdmin Installation
You should now be greeted with a page welcoming you. If you didn’t set the security salt above, then the installer will provide random strings for these. Place this in vimbadmin/application/configs/application.ini as instructed before continuing. If you did set it, then enter it in the Security Salt input box.

This is a security step to ensure that only the person performing the installation can create a super administrator.

Now enter a username (which must be an email address) and a password.

Once you click save, you’re done! Log in and work away.

II.Dovecot

Dovecot will provide support for:

  • IMAP mail access;
  • POP3 mail access;
  • the manage sieved service;
  • the local delivery protocol (LMTP) – Postfix passes emails it accepts for local delivery off to this process to be stored on the filesystem.

Install the Dovecot related packages via:

apt-get install --yes dovecot-core dovecot-imapd dovecot-managesieved \
dovecot-pop3d dovecot-sieve dovecot-mysql \
dovecot-lmtpd mail-stack-delivery

We will store all emails under /srv/vmail and we need to create a user with the appropriate uid and gid used in this example:

groupadd -g 2000 vmail
useradd -c 'Virtual Mailboxes' -d /srv/vmail -g 2000 -u 2000 -s /usr/sbin/nologin -m vmail

Configuring Dovecot

Remove (clear) an unnecessary file which will interfere with our configuration:

echo "" >/etc/dovecot/conf.d/99-mail-stack-delivery.conf

Go to /etc/dovecot/conf.d and replace the contents of these files:

*don’t forget to replace mail.example.com with your domain

dovecot-10-auth.conf

auth_mechanisms = plain login
!include auth-sql.conf.ext
Raw
dovecot-10-mail.conf
mail_location = maildir:/srv/vmail/%d/%n

namespace inbox {
inbox = yes
}

mail_uid = 2000
mail_gid = 2000

mail_privileged_group = vmail

first_valid_uid = 2000
last_valid_uid = 2000

maildir_copy_with_hardlinks = yes

dovecot-10-master.conf

service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}

service_count = 0
}

service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}

service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
}
}

service imap {
}

service pop3 {
}

service auth {
unix_listener auth-userdb {
mode = 0666
user = vmail
group = vmail
}

# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}

service auth-worker {
}

service dict {
unix_listener dict {
}
}

dovecot-10-ssl.conf

ssl = yes

ssl_cert = </etc/postfix/ssl/mail.example.com.pem
ssl_key = </etc/postfix/ssl/mail.example.com.pem

ssl_require_crl = no

dovecot-15-lda.conf

postmaster_address = postmaster@example.com
hostname = mail.example.com
quota_full_tempfail = yes
recipient_delimiter = +
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes

protocol lda {
mail_plugins = $mail_plugins sieve quota
}

dovecot-20-imap.conf

protocol imap {
mail_plugins = $mail_plugins quota imap_quota
}

dovecot-20-lmtp.conf

protocol lmtp {
postmaster_address = postmaster@example.com
mail_plugins = quota sieve
}

dovecot-20-managesieve.conf

service managesieve-login {
inet_listener sieve {
port = 4190
}

service_count = 1
}

service managesieve {
}

protocol sieve {
}

dovecot-20-pop3.conf

protocol pop3 {
mail_plugins = $mail_plugins quota
}

dovecot-auth-sql.conf.ext

passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}

userdb {
driver = prefetch
}

userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}

dovecot-sql.conf.ext

driver = mysql

connect = host=localhost user=vimbadmin password=password dbname=vimbadmin
default_pass_scheme = MD5

password_query = SELECT username as user, password as password, \
homedir AS userdb_home, maildir AS userdb_mail, \
concat('*:bytes=', quota) as userdb_quota_rule, uid AS userdb_uid, gid AS userdb_gid \
FROM mailbox \
WHERE username = '%Lu' AND active = '1' \
AND ( access_restriction = 'ALL' OR LOCATE( '%Us', access_restriction ) > 0 )

user_query = SELECT homedir AS home, maildir AS mail, \
concat('*:bytes=', quota) as quota_rule, uid, gid \
FROM mailbox WHERE username = '%u'

/etc/dovecot/dovecot.conf

!include_try /usr/share/dovecot/protocols.d/*.protocol
!include conf.d/*.conf
!include_try local.conf

III.Postfix

We will configure Postfix for the following purposes here:

  • accept mail for the domains / mailboxes / aliases configured in ViMbAdmin;
  • hand these messages off to Dovecot’s deliver – a local delivery agent;
  • allow mailboxes configured in ViMbAdmin to log into Postfix to relay mail.

First, we need to install the following packages:

apt-get install postfix postfix-mysql

When you are asked to choose a general type of mail configuration, choose No configuration. This should hopefully make these instructions reasonably generic.

Configuring Postfix

Replace /etc/postfix/main.cf with:

*don’t forget to replace mail.example.com with your domain

# Sample Postfix configuration for use with ViMbAdmin :: Virtual Mailbox Administration
 #
 # See: https://github.com/opensolutions/ViMbAdmin
 #
 # By Barry O'Donovan - 2014-02 - http://www.barryodonovan.com/

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
 biff = no

# appending .domain is the MUA's job.
 append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
 delay_warning_time = 4h

readme_directory = no

# TLS parameters
 smtpd_tls_cert_file = /etc/postfix/ssl/mail.example.com.pem
 smtpd_tls_key_file = /etc/postfix/ssl/mail.example.com.pem
 smtpd_use_tls = yes
 smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
 smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
 smtpd_tls_loglevel = 1
 smtpd_tls_auth_only = yes
 smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
 smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
 smtpd_tls_eecdh_grade = strong

myhostname = mail.example.com

myorigin = mail.example.com

mydestination = localhost localhost.$mydomain

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

mailbox_size_limit = 0
 recipient_delimiter = +

inet_protocols = all
 inet_interfaces = all

notify_classes = resource, software
 error_notice_recipient = admin@example.com

# relay_domains =
 # transport_maps = hash:/etc/postfix/transport
 virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf
 virtual_gid_maps = static:2000
 virtual_mailbox_base = /srv/vmail
 virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_domains_maps.cf
 virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
 virtual_minimum_uid = 2000
 virtual_uid_maps = static:2000
 #dovecot_destination_recipient_limit = 1
 virtual_transport = lmtp:unix:private/dovecot-lmtp

smtpd_sasl_auth_enable = yes
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
 broken_sasl_auth_clients = yes
 message_size_limit = 40000000
 home_mailbox = Maildir/
 smtpd_sasl_authenticated_header = yes
 smtpd_sasl_security_options = noanonymous
 smtpd_sasl_local_domain = $myhostname
 #mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"

smtp_use_tls = yes
 smtpd_tls_received_header = yes
 smtpd_tls_mandatory_protocols = SSLv3, TLSv1
 smtpd_tls_mandatory_ciphers = medium
 tls_random_source = dev:/dev/urandom
 smtpd_recipient_restrictions =
  reject_unknown_sender_domain,
  reject_unknown_recipient_domain,
  reject_unauth_pipelining,
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination
 # reject_non_fqdn_hostname,
 # reject_invalid_hostname

#smtpd_helo_restrictions =
 # check_helo_access hash:/etc/postfix/ehlo_whitelist,
 # reject_non_fqdn_hostname,
 # reject_invalid_hostname
 # check_helo_access hash:/etc/postfix/ehlo_whitelist,
 # reject_unknown_helo_hostname

smtpd_helo_required = yes

smtpd_sender_restrictions =
  reject_unknown_sender_domain
 # check_sender_access hash:/etc/postfix/sender_access,

smtpd_data_restrictions =
  reject_unauth_pipelining

smtpd_client_restrictions =
  permit_sasl_authenticated
 # check_client_access hash:/etc/postfix/client_access,
 # reject_rbl_client zen.spamhaus.org

You need to edit /etc/postfix/master.conf to enable smtps (SMTP over SSL on port 465′ TLS is supported over port 25 as part of our configuration):

smtps inet n - - - - smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

ViMbAdmin Integration

Postfix integrates with our ViMbAdmin database via settings in the above Gist and by creating the following files form the samples provided (all under /etc/postfix/mysql):

  • virtual_alias_maps.cf
  • virtual_domains_maps.cf
  • virtual_mailbox_maps.cf
  • virtual_transport_maps.cf

virtual_alias_maps.cf

user = vimbadmin
 password = password
 hosts = 127.0.0.1
 dbname = vimbadmin
 query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'
virtual_domains_maps.cf
 user = vimbadmin
 password = password
 hosts = 127.0.0.1
 dbname = vimbadmin
 query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'
virtual_mailbox_maps.cf
 user = vimbadmin
 password = password
 hosts = 127.0.0.1
 dbname = vimbadmin
 table = mailbox
 select_field = maildir
 where_field = username
virtual_transport_maps.cf
 user = vimbadmin
 password = password
 hosts = 127.0.0.1
 dbname = vimbadmin
 table = domain
 select_field = transport
 where_field = domain
 additional_conditions = and backupmx = '0' and active = '1'

Postfix with SSL
The above referenced Gist includes support for TLS/SSL (encrypted) support with Postfix. We can create a self-signed certificate for testing as follows.

When asked to enter Common Name (eg, YOUR name) []:, ensure you enter the fully qualified name of your mail server:

*don’t forget to replace mail.example.com with your domain

mkdir -p /etc/postfix/ssl
 openssl req -new -x509 -days 3650 -nodes \
  -out /etc/postfix/ssl/mail.example.com.pem \
  -keyout /etc/postfix/ssl/mail.example.com.pem
 chmod 0600 /etc/postfix/ssl/mail.example.com.pem

We also need to create the Diffe Hellman parameters:

for len in 512 1024; do
  openssl genpkey -genparam -algorithm DH -out /etc/postfix/dh_${len}.pem \
  -pkeyopt dh_paramgen_prime_len:${len}
 done

Enjoy !!!

source: https://github.com/opensolutions/ViMbAdmin/wiki

HOW-TO: Install and configure a mail system(Dovecot and Postfix) on Ubuntu 16.04 with ViMbAdmin

Posted by Dărescu Ionuț on March 11, 2017
Posted in: Mail Server. Tagged: , , , , , . Leave a Comment

In this tutorial I’ll guide you how to install and configure a mail system(Dovecot and Postfix) on Ubuntu 16.04 with ViMbAdmin as front-end for managing your domains.

At the end of this process, you’ll have:

  • ViMbAdmin installed and managing your virtual domains, mailboxes and aliases;
  • Postfix installed and configured for: Email delivery / acceptance to your virtual mailboxes and aliases;
  • TLS available on port 25;
  • SSL on port 465;
  • Email relay to authenticated users only.
  • Dovecot installed and configured for: IMAP over SSL;
  • POP3 over SSL;
  • ManageSieve with TLS support;
  • LMTP for local mail delivery to your virtual mailboxes.

Preparation:

Install required packages and dependancies:

apt-get install --yes php7.0-cgi php7.0-mcrypt php-memcache php7.0-mysql \
php7.0-json libapache2-mod-php7.0 php-gettext memcached git mysql-server \
subversion

PHP composer can be installed via:

php -r "readfile('https://getcomposer.org/installer');" | php
mv composer.phar /usr/local/bin/composer

Set your timezone in /etc/php/7.0/apache2/php.ini and /etc/php/7.0/cli/php.ini , such as:

date.timezone = "UTC"

 

I. ViMbAdmin

export INSTALL_PATH=/srv/vimbadmin
git clone https://github.com/opensolutions/ViMbAdmin.git $INSTALL_PATH
cd $INSTALL_PATH
composer install --dev

If you plan to run under Apache / other web server, ensure you set the ownership on the var/ directory appropriately:

chown -R www-data: $INSTALL_PATH/var

Database Setup

Log into your MySQL (or other) database and create a new user and database:

CREATE DATABASE `vimbadmin`;
GRANT ALL ON `vimbadmin`.* TO `vimbadmin`@`localhost` IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

Configuration

cp $INSTALL_PATH/application/configs/application.ini.dist $INSTALL_PATH/application/configs/application.ini

You now need to set your database parameters from above in this file. You’ll find these near the top and here is an example:

resources.doctrine2.connection.options.driver = 'pdo_mysql'
resources.doctrine2.connection.options.dbname = 'vimbadmin'
resources.doctrine2.connection.options.user = 'vimbadmin'
resources.doctrine2.connection.options.password = 'password'
resources.doctrine2.connection.options.host = 'localhost'
cp $INSTALL_PATH/public/.htaccess.dist $INSTALL_PATH/public/.htaccess

Database Creation

cd $INSTALL_PATH
./bin/doctrine2-cli.php orm:schema-tool:create

If all goes well, you should see:

$ ./bin/doctrine2-cli.php orm:schema-tool:create
ATTENTION: This operation should not be executed in a production environment.

Creating database schema...
Database schema created successfully!

Apache2

You need to tell Apache where to find ViMbAdmin and what URL it should be served under. In this example, we’re going to serve it from /vimbadmin (e.g. www.example.com/vimbadmin). As such, we create an Apache configuration block as follows on our web server:

Alias /vimbadmin /srv/vimbadmin/public

<Directory /srv/vimbadmin/public>
Options FollowSymLinks
AllowOverride FileInfo

# For Apache <= 2.3:
Order allow,deny
allow from all

# For Apache >= 2.4
# Require all granted 
</Directory>

Ensure mod_rewrite is enabled:

a2enmod rewrite

Restart Apache and you can now browse to your new installation.

Welcome to Your New ViMbAdmin Installation
You should now be greeted with a page welcoming you. If you didn’t set the security salt above, then the installer will provide random strings for these. Place this in vimbadmin/application/configs/application.ini as instructed before continuing. If you did set it, then enter it in the Security Salt input box.

This is a security step to ensure that only the person performing the installation can create a super administrator.

Now enter a username (which must be an email address) and a password.

Once you click save, you’re done! Log in and work away.

 

II.Dovecot

Dovecot will provide support for:

  • IMAP mail access;
  • POP3 mail access;
  • the manage sieved service;
  • the local delivery protocol (LMTP) – Postfix passes emails it accepts for local delivery off to this process to be stored on the filesystem.

Install the Dovecot related packages via:

apt-get install --yes dovecot-core dovecot-imapd dovecot-managesieved \
dovecot-pop3d dovecot-sieve dovecot-mysql \
dovecot-lmtpd mail-stack-delivery

We will store all emails under /srv/vmail and we need to create a user with the appropriate uid and gid used in this example:

groupadd -g 2000 vmail
useradd -c 'Virtual Mailboxes' -d /srv/vmail -g 2000 -u 2000 -s /usr/sbin/nologin -m vmail

Configuring Dovecot

Remove (clear) an unnecessary file which will interfere with our configuration:

echo "" >/etc/dovecot/conf.d/99-mail-stack-delivery.conf

Go to /etc/dovecot/conf.d and replace the contents of these files:

*don’t forget to replace mail.example.com with your domain

dovecot-10-auth.conf

auth_mechanisms = plain login
!include auth-sql.conf.ext
Raw
dovecot-10-mail.conf
mail_location = maildir:/srv/vmail/%d/%n

namespace inbox {
inbox = yes
}

mail_uid = 2000
mail_gid = 2000

mail_privileged_group = vmail

first_valid_uid = 2000
last_valid_uid = 2000

maildir_copy_with_hardlinks = yes

dovecot-10-master.conf

service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}

service_count = 0
}

service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}

service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
}
}

service imap {
}

service pop3 {
}

service auth {
unix_listener auth-userdb {
mode = 0666
user = vmail
group = vmail
}

# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}

service auth-worker {
}

service dict {
unix_listener dict {
}
}

dovecot-10-ssl.conf

ssl = yes

ssl_cert = </etc/postfix/ssl/mail.example.com.pem
ssl_key = </etc/postfix/ssl/mail.example.com.pem

ssl_require_crl = no

dovecot-15-lda.conf

postmaster_address = postmaster@example.com
hostname = mail.example.com
quota_full_tempfail = yes
recipient_delimiter = +
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes

protocol lda {
mail_plugins = $mail_plugins sieve quota
}

dovecot-20-imap.conf

protocol imap {
mail_plugins = $mail_plugins quota imap_quota
}

dovecot-20-lmtp.conf

protocol lmtp {
postmaster_address = postmaster@example.com
mail_plugins = quota sieve
}

dovecot-20-managesieve.conf

service managesieve-login {
inet_listener sieve {
port = 4190
}

service_count = 1
}

service managesieve {
}

protocol sieve {
}

dovecot-20-pop3.conf

protocol pop3 {
mail_plugins = $mail_plugins quota
}

dovecot-auth-sql.conf.ext

passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}

userdb {
driver = prefetch
}

userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}

dovecot-sql.conf.ext

driver = mysql

connect = host=localhost user=vimbadmin password=password dbname=vimbadmin
default_pass_scheme = MD5

password_query = SELECT username as user, password as password, \
homedir AS userdb_home, maildir AS userdb_mail, \
concat('*:bytes=', quota) as userdb_quota_rule, uid AS userdb_uid, gid AS userdb_gid \
FROM mailbox \
WHERE username = '%Lu' AND active = '1' \
AND ( access_restriction = 'ALL' OR LOCATE( '%Us', access_restriction ) > 0 )

user_query = SELECT homedir AS home, maildir AS mail, \
concat('*:bytes=', quota) as quota_rule, uid, gid \
FROM mailbox WHERE username = '%u'

/etc/dovecot/dovecot.conf

!include_try /usr/share/dovecot/protocols.d/*.protocol
!include conf.d/*.conf
!include_try local.conf

 

III.Postfix

We will configure Postfix for the following purposes here:

  • accept mail for the domains / mailboxes / aliases configured in ViMbAdmin;
  • hand these messages off to Dovecot’s deliver – a local delivery agent;
  • allow mailboxes configured in ViMbAdmin to log into Postfix to relay mail.

First, we need to install the following packages:

apt-get install postfix postfix-mysql

When you are asked to choose a general type of mail configuration, choose No configuration. This should hopefully make these instructions reasonably generic.

Configuring Postfix

Replace /etc/postfix/main.cf with:

*don’t forget to replace mail.example.com with your domain

# Sample Postfix configuration for use with ViMbAdmin :: Virtual Mailbox Administration
 #
 # See: https://github.com/opensolutions/ViMbAdmin
 #
 # By Barry O'Donovan - 2014-02 - http://www.barryodonovan.com/

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
 biff = no

# appending .domain is the MUA's job.
 append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
 delay_warning_time = 4h

readme_directory = no

# TLS parameters
 smtpd_tls_cert_file = /etc/postfix/ssl/mail.example.com.pem
 smtpd_tls_key_file = /etc/postfix/ssl/mail.example.com.pem
 smtpd_use_tls = yes
 smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
 smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
 smtpd_tls_loglevel = 1
 smtpd_tls_auth_only = yes
 smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
 smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
 smtpd_tls_eecdh_grade = strong

myhostname = mail.example.com

myorigin = mail.example.com

mydestination = localhost localhost.$mydomain

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

mailbox_size_limit = 0
 recipient_delimiter = +

inet_protocols = all
 inet_interfaces = all

notify_classes = resource, software
 error_notice_recipient = admin@example.com

# relay_domains =
 # transport_maps = hash:/etc/postfix/transport
 virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf
 virtual_gid_maps = static:2000
 virtual_mailbox_base = /srv/vmail
 virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_domains_maps.cf
 virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
 virtual_minimum_uid = 2000
 virtual_uid_maps = static:2000
 #dovecot_destination_recipient_limit = 1
 virtual_transport = lmtp:unix:private/dovecot-lmtp

smtpd_sasl_auth_enable = yes
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
 broken_sasl_auth_clients = yes
 message_size_limit = 40000000
 home_mailbox = Maildir/
 smtpd_sasl_authenticated_header = yes
 smtpd_sasl_security_options = noanonymous
 smtpd_sasl_local_domain = $myhostname
 #mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"

smtp_use_tls = yes
 smtpd_tls_received_header = yes
 smtpd_tls_mandatory_protocols = SSLv3, TLSv1
 smtpd_tls_mandatory_ciphers = medium
 tls_random_source = dev:/dev/urandom
 smtpd_recipient_restrictions =
  reject_unknown_sender_domain,
  reject_unknown_recipient_domain,
  reject_unauth_pipelining,
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination
 # reject_non_fqdn_hostname,
 # reject_invalid_hostname

#smtpd_helo_restrictions =
 # check_helo_access hash:/etc/postfix/ehlo_whitelist,
 # reject_non_fqdn_hostname,
 # reject_invalid_hostname
 # check_helo_access hash:/etc/postfix/ehlo_whitelist,
 # reject_unknown_helo_hostname

smtpd_helo_required = yes

smtpd_sender_restrictions =
  reject_unknown_sender_domain
 # check_sender_access hash:/etc/postfix/sender_access,

smtpd_data_restrictions =
  reject_unauth_pipelining

smtpd_client_restrictions =
  permit_sasl_authenticated
 # check_client_access hash:/etc/postfix/client_access,
 # reject_rbl_client zen.spamhaus.org

You need to edit /etc/postfix/master.conf to enable smtps (SMTP over SSL on port 465′ TLS is supported over port 25 as part of our configuration):

smtps inet n - - - - smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

ViMbAdmin Integration

Postfix integrates with our ViMbAdmin database via settings in the above Gist and by creating the following files form the samples provided (all under /etc/postfix/mysql):

  • virtual_alias_maps.cf
  • virtual_domains_maps.cf
  • virtual_mailbox_maps.cf
  • virtual_transport_maps.cf

virtual_alias_maps.cf

user = vimbadmin
 password = password
 hosts = 127.0.0.1
 dbname = vimbadmin
 query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'
virtual_domains_maps.cf
 user = vimbadmin
 password = password
 hosts = 127.0.0.1
 dbname = vimbadmin
 query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'
virtual_mailbox_maps.cf
 user = vimbadmin
 password = password
 hosts = 127.0.0.1
 dbname = vimbadmin
 table = mailbox
 select_field = maildir
 where_field = username
virtual_transport_maps.cf
 user = vimbadmin
 password = password
 hosts = 127.0.0.1
 dbname = vimbadmin
 table = domain
 select_field = transport
 where_field = domain
 additional_conditions = and backupmx = '0' and active = '1'

Postfix with SSL
The above referenced Gist includes support for TLS/SSL (encrypted) support with Postfix. We can create a self-signed certificate for testing as follows.

When asked to enter Common Name (eg, YOUR name) []:, ensure you enter the fully qualified name of your mail server:

*don’t forget to replace mail.example.com with your domain

mkdir -p /etc/postfix/ssl
 openssl req -new -x509 -days 3650 -nodes \
  -out /etc/postfix/ssl/mail.example.com.pem \
  -keyout /etc/postfix/ssl/mail.example.com.pem
 chmod 0600 /etc/postfix/ssl/mail.example.com.pem

We also need to create the Diffe Hellman parameters:

for len in 512 1024; do
  openssl genpkey -genparam -algorithm DH -out /etc/postfix/dh_${len}.pem \
  -pkeyopt dh_paramgen_prime_len:${len}
 done

Enjoy !!!

source: https://github.com/opensolutions/ViMbAdmin/wiki