GRUB RECOVERY

GRUB RECOVERY
GRUB RECOVERY IN UBUNTU
1. In many cases, the GRUB boot loader can mistakenly be deleted, corrupted, or
replaced by other operating systems.
The following steps detail the process on how GRUB is reinstalled on the master
boot record:
. Boot the system from an installation boot medium.
Create a directory
mkdir /mnt/root
Mount the root directory
mount /dev/sdx1 /mnt/root
mount -t proc none /mnt/root/proc
mount -o bind /dev /mnt/root/dev
chroot /mnt/root /bin/bash
grub-install /dev/sdx
GRUB RECOVERY IN CENTOS
2. In many cases, the GRUB boot loader can mistakenly be deleted, corrupted, or
replaced by other operating systems.
The following steps detail the process on how GRUB is reinstalled on the master boot record:
· Boot the system from an installation boot medium.
· Type linux rescue at the installation boot prompt to enter the rescue environment.
· Type chroot /mnt/sysimage to mount the root partition.
· Type /sbin/grub-install /dev/hda to reinstall the GRUB boot loader, where
/dev/hda is the boot partition.
· Review the /boot/grub/grub.conf file, as additional entries may be needed for GRUB to
control additional operating systems.
· Reboot the system.

Samba

What's Samba?

Samba allows linux computers to share files and printers across a network connection. By using its SMB protocol, your linux box can appear in Windows Network Neighborhood or My Network Places just like any other windows machine. You can share files this way, as well as printers. By using samba on my home network, for example, my Windows machines have access to a printer directly hooked up to my Linux box, and my Linux box has access to a printer directly hooked up to one of my Windows machines. In addition, everyone can access everyone else's shared files. You can see how samba can be very useful if you have a network of both Windows as well as Linux machines.

Samba configurations are slightly different depending on the distribution you're using. Therefore, this tutorial explains how it's done on a RedHat Linux machine, as this is my distro of choice, and the only one I've ever installed samba on. The following method has been used by me on RedHat 7.2, 7.3, and 8.

Installing Samba

The first step to configuring samba is, obviously, to make sure that it's installed. In most cases, this will already be the case. It is often a good idea to install the samba daemon package with the RedHat installation.

You can test to see if samba is installed by typing rpm -q samba in a terminal. This performs a query on the samba package. If installed, it will indicate the version. If not, it will indicate "package not installed".

If samba is not currently installed, there are a multitude of places to get it. The RPM package is available on the RedHat CDs, on the RedHat network, or straight from www.samba.org or one of the samba mirror sites. In addition, you might wish to find it at www.rpmfind.net, a nice resource for RPM packages.

Once you have the samba RPM package downloaded somewhere on your harddrive, it's time to install it. Browse to where the file is located and perform one of the following two operations:

if samba is not currently installed,

rpm -i samba.rpm

(replace samba.rpm with the full version name of the file)

if you wish to upgrade your samba version,

rpm -U samba.rpm

Now that samba is installed, we can work on configuring this program.

smb.conf file

All of samba is configured in one single file, the smb.conf file. This file, located at /etc/samba/smb.conf, allows you to specify which resources on the linux machine you wish to share and who they can be accessed by.

A fresh installation of samba will include a sample smb.conf file. This file is completely commented, pointing out all of your available options, and how you can change them. However, samba is an extremely powerful tool, and most casual users have no need for 3/4 of the contents of this sample file. Therefore, I'm providing my own smb.conf file below. If you wish to just share a few folders across a small home LAN, you might be better off basing your own smb.conf file off of mine, as opposed to the long-winded sample file.

[global]

workgroup = PUTIEVILLE

server string = My Lil Linux Box

hosts allow = 192.168. 127.

log file = /var/log/samba/%m.log

security = user

encrypt passwords = yes

smb passwd file = /etc/samba/smbpasswd

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

[Downloads]

comment = Downloads

path = /home/windisk/Downloads

browseable = yes

writable = yes

public = yes

read only = no

[homes]

comment = My Home Directory

browseable = yes

writable = yes

public = yes

read only = no

[printers]

path = /var/spool/samba

public = yes

guest ok = yes

printable = yes

browseable = yes

writable = yes

read only = no

Samba Users

Since we're using user level security (the best option when connecting to a WinNT based machine, such as Windows 2000 or Windows XP), we need to set up samba users.

First, lets create the smbpasswd file that we defined in the smb.conf file. The best way to go about this is to create it based on your existing /etc/passwd file. In other words, samba users are created based on existing linux users:

cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

Chmod 600 this file (/etc/samba/smbpasswd) so that only root has read and write permissions.

However, this file only copies over Linux users to samba users. It doesn't copy over their passwords, as well. Therefore, use the following command to set each samba user's password:

smbpasswd username

Obviously, replace username with each of your user's usernames. You will then be prompted to enter a password for this user account. I like to set my samba user's passwords the same as their linux user counterparts. However, this isn't necessary.

Now that everything has been configured, the final step is to start the samba service. Samba runs in the background as a linux daemon. Therefore, it can be controlled by typing:

service smb start

service smb stop

service smb restart

Note that once the computer is restarted or shutdown, the samba service won't start up again the next time. I use the GUI (xwindows) program serviceconf to set up all my services to execute automatically.

Connecting To A Samba Resource

Now that everything should be working, let's test it out. We use the samba client to connect to a samba resource. For testing purposes, we can connect to localhost.

smbclient //localhost/Downloads

You must specify the name of the computer as well as the resource you wish to connect to. In this case, I can connect to the Downloads resource because I specified this resource in my smb.conf file (note it points to /home/windisk/Downloads).

Since you are using the samba client while already logged in as a linux user, you will only be prompted for a password. The username will be assumed to be the samba counterpart of the linux username you're currently logged in as.

If you wish, you can go to a Windows machine such as Windows XP. If you open My Network Places, and browse to your workgroup, your linux machine should be listed. When trying to access it, you should be prompted with a username and password. This can be any of the samba users you previously created. Once logged in, you should see a listing of all available resources available.

Congratulations! Samba should now successfully be set up and working on your network!

Oracle Installation

Install Oracle database 11g. X Window system is needed for it.
Taken from http://server-world.info/
[1]Install some packages first for dependencies.
[root@www ~]#
yum -y install binutils compat-libstdc++-33 elfutils-libelf elfutils-libelf-devel glibc glibc-common
glibc-devel gcc gcc-c++ libaio libaio-devel libgcc libstdc++ libstdc++-devel make sysstat unixODBC
unixODBC-devel
[2] Edit kernel parameter.
[root@www ~]#
vi /etc/sysctl.conf
# add at the bottom
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 4194304
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 262144
[root@www ~]#
sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv4.icmp_echo_ignore_broadcasts = 0
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 32768 65000
net.core.rmem_default = 4194304
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 262144
[3]Create users and groups and set environment for Oracle.
[root@www ~]#
groupadd -g 200 oinstall
[root@www ~]#
groupadd -g 201 dba
[root@www ~]#
useradd -u 440 -g oinstall -G dba -d /usr/oracle oracle
[root@www ~]#
passwd oracle
Changing password for user oracle.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@www ~]#
chmod 755 /usr/oracle
[root@www ~]#
mkdir /usr/oracle/app
[root@www ~]#
chown -R oracle:oinstall /usr/oracle/app
[root@www ~]#
chmod -R 775 /usr/oracle/app
[root@www ~]#
mkdir /usr/oracle/oradata
[root@www ~]#
chown -R oracle:oinstall /usr/oracle/oradata
[root@www ~]#
chmod -R 775 /usr/oracle/oradata
[root@www ~]#
vi /etc/pam.d/login
# add at the bottom
session required /lib/security/pam_limits.so
session required pam_limits.so
[root@www ~]#
vi /etc/security/limits.conf
# add at the bottom
oracle soft nproc 2047
oracle hard nproc 16384
oracle soft nofile 1024
oracle hard nofile 65536
[root@www ~]#
vi /etc/profile
# add at the bottom
if [ $USER = "oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
[root@www ~]#
vi /usr/oracle/.bash_profile
# add at the bottom
umask 022
export ORACLE_BASE=/usr/oracle/app
[4]Downlodad and install Oracle 11g. Do them with a user "Oracle" taht is created on section [3].
[oracle@www ~]$
mkdir tmp
# create temporary dir
Download Oracle 11g for Linux from the site below. First, you have to register and login on the site.
http://www.oracle.com/technology/software/products/database/index.html
After downloading, unzip it and run installer like following example.
[oracle@www ~]$
cd tmp
[oracle@www tmp]$
unzip linux_x86_11gR1_database.zip
[oracle@www tmp]$ runInstaller
(1) Installer starts like below. uncheck "Create Starter Database" and Click "Next".
(2) It's OK, Go next.
(3) It's OK, Go next.
(4) Click "Install" button and start installation.
(5) Installation proceeds.
(6)
It's necessary to run config scripts that shows on the screen below with root user. After running,
come back to this screen and Click "OK" button.
[root@ns ~]#
/usr/oracle/oraInventory/orainstRoot.sh
Changing permissions of /usr/oracle/oraInventory to 770.
Changing groupname of /usr/oracle/oraInventory to oinstall.
The execution of the script is complete
[root@ns ~]#
/usr/oracle/app/product/11.1.0/db_2/root.sh
Running Oracle 11g root.sh script...
The following environment variables are set as:
ORACLE_OWNER= oracle
ORACLE_HOME= /usr/oracle/app/product/11.1.0/db_2
Enter the full pathname of the local bin directory: [/usr/local/bin]:
# Enter
Copying dbhome to /usr/local/bin ...
Copying oraenv to /usr/local/bin ...
Copying coraenv to /usr/local/bin ...
Creating /etc/oratab file...
Entries will be added to the /etc/oratab file as needed by
Database Configuration Assistant when a database is created
Finished running generic part of root.sh script.
Now product-specific root actions will be performed.
Finished product-specific root actions.
(7) Installation completes. Click "Exit" button.
[5]Set environment for Oracle user and remove temporary directory.
[oracle@www ~]$
vi .bash_profile
# add at the bottom
export ORACLE_HOME=$ORACLE_BASE/product/11.1.0/db_2
export PATH=$PATH:$ORACLE_HOME/bin
[oracle@www ~]$
. .bash_profile
[oracle@www ~]$
rm -rf tmp
Configure for remote connection to Oracle database.
[1]
Login X terminal with Oracle user and input
command "netca", Go next.
[2] Go next.
[3] Go next. If you'd like to change settings, change and go next.
[4] Go next. If you'd like to change settings, change and go next.
[5] Go next. If you'd like to change settings, change and go next.
[6] Go next. If you'd like to add more listener, do it and go next.
[7] Go next.
[8] Click "Finish".
Try to create a test database.
[1]
Login X terminal with Oracle user and input command "dbca", then . Go
next.
[2] Select "Create Database" and go next.
[3] Select "Custom Database" and go next.
[4]
Input global database name and SID.
ex: (any name you like).(domain name)
[5] Go next.
[6] Set password.
[7] Go next.
[8] Go next.
[9] Go next.
[10] Go next.
[11] Go next.
[12] Go next.
[13] Go next.
[14] Go next.
[15] Go next.
[16] Click "OK".
[17] Createing database starts.
[18] After creating DB, Click "Exit".
[19]
Access to the URL that is written in the section [18]. Then, following screen is shown and input
user name and password set in the section [6].
[20] Logined.
[1] Change settings like below.
[oracle@ns ~]$
vi /etc/oratab
# This file is used by ORACLE utilities. It is created by root.sh
# and updated by the Database Configuration Assistant when creating
# a database.
# A colon, ':', is used as the field terminator. A new line terminates
# the entry. Lines beginning with a pound sign, '#', are comments.
#
# Entries are of the form:
# $ORACLE_SID:$ORACLE_HOME::
#
# The first and second fields are the system identifier and home
# directory of the database respectively. The third filed indicates
# to the dbstart utility that the database should , "Y", or should not,
# "N", be brought up at system boot time.
#
# Multiple entries with the same $ORACLE_SID are not allowed.
## testdb:/usr/oracle/app/product/11.1.0/db_1:
Y
# change
testdb2:/usr/oracle/app/product/11.1.0/db_1:N
[2] Set ORACLE_SID
[oracle@ns ~]$
vi .bash_profile
# add at the bottom
export ORACLE_SID=testdb
[3] Create start-script.
[root@ns ~]$
vi /etc/rc.d/init.d/dbora
# This is an example.
#! /bin/bash
#
# oracle: Starting Oracle database 11g
#
# chkconfig: 345 95 94
# description: Oracle Database Server
# processname: ora_
. /etc/rc.d/init.d/functions
lockfile=/var/lock/subsys/dbora
ORACLE_HOME=/usr/oracle/app/product/11.1.0/db_1
ORACLE=oracle
case "$1" in
'start')
if [ -f $lockfile ]; then
echo $0 already started.
exit 1
fi
echo -n $"Starting Oracle Database:"
su - $ORACLE -c "$ORACLE_HOME/bin/lsnrctl start"
su - $ORACLE -c "$ORACLE_HOME/bin/dbstart $ORACLE_HOME"
su - $ORACLE -c "$ORACLE_HOME/bin/emctl start dbconsole"
touch $lockfile
;;
'stop')
if [ ! -f $lockfile ]; then
echo $0 already stopped.
exit 1
fi
echo -n $"Stopping Oracle Database:"
su - $ORACLE -c "$ORACLE_HOME/bin/lsnrctl stop"
su - $ORACLE -c "$ORACLE_HOME/bin/dbshut"
su - $ORACLE -c "$ORACLE_HOME/bin/emctl stop dbconsole"
rm -f $lockfile
;;
'restart')
$0 stop
$0 start
;;
'status')
if [ -f $lockfile ]; then
echo $0 started.
else
echo $0 stopped.
fi
;;
*)
echo "Usage: $0 [start|stop|status]"
exit 1
esac
exit 0
[root@ns ~]#
chmod 755 /etc/rc.d/init.d/dbora
[root@ns ~]#
/etc/rc.d/init.d/dbora start
Starting Oracle Database:
LSNRCTL for Linux: Version 11.1.0.6.0 - Production on 03-NOV-2008 16:55:48
Copyright (c) 1991, 2007, Oracle. All rights reserved.
Starting /usr/oracle/app/product/11.1.0/db_1/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 11.1.0.6.0 - Production
System parameter file is /usr/oracle/app/product/11.1.0/db_1/network/admin/listener.ora
Log messages written to /usr/oracle/app/diag/tnslsnr/ns/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ns.server-linux.info)
(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ns.server-linux.info)
(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.1.0.6.0 - Production
Start Date 03-NOV-2008 16:55:49
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /usr/oracle/app/product/11.1.0/db_1/network/admin/listener.ora
Listener Log File /usr/oracle/app/diag/tnslsnr/ns/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ns.server-linux.info)(PORT=1521)))
The listener supports no services
The command completed successfully
Processing Database instance "testdb": log file /usr/oracle/app/product/11.1.0/db_1/startup.log
Processing Database instance "testdb2": log file /usr/oracle/app/product/11.1.0/db_1/startup.log
Oracle Enterprise Manager 11g Database Control Release 11.1.0.6.0
Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
https://ns.server-linux.info:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 11g Database Control ......... started.
------------------------------------------------------------------
Logs are generated in directory /usr/oracle/app/product/11.1.0/db_1/ns.serverlinux.
info_testdb/sysman/log
[root@ns ~]#
chkconfig --add dbora
[root@ns ~]#
chkconfig dbora on

LTSP

LTSP 5 Server Installation ( Amd 64 bit / 32 bits )
1. Ubuntu alternate cd 9.10
Once you boot up the CD, hit F4. The "Modes" menu will pop up. Select "Install an LTSP Server".
Now just move on with the install.
Towards the end of the install the installer will start to build the client environment from the packages
on the CD.
Which then will be compressed into an image...
If the installer is done and has rebooted into your new system you will be able to boot your first Thin
Client right away.
Installing on top of an already running desktop system
You need to set up one static network interface where you will attach the thin clients, install two
packages and run one command.
Configure your spare interface for the thin clients to have the IP 192.168.0.1 (and make sure it is up
and running). If you can't get the new GNOME network manager to work you can always install the
older, simpler version of network manager by going to the "add/remove" window and searching
"network". Make sure to search "all available packages" and "apply" the changes. You will find the new
network manager under settings -> network. Then follow the instructions below.
sudo apt-get install ltsp-server-standalone openssh-server
Now create your Thin Client environment on the server with.
sudo ltsp-build-client
•
• If you are on a 64-bit system but your clients have another architecture use the --arch
option eg. sudo ltsp-build-client --arch i386 ( sudo ltsp-build-client -a i386 -b /opt/ltsp )
After that, you will be able to boot your first thin client. If it doesn't boot try rebooting the server.
• Note that if you want to use another IP than the above, you need to edit
the /etc/ltsp/dhcpd.conf file to match the IP values and restart the dhcp server.
Comments and hints
If you change the IP data after you have done the initial setup, please run the command sudo ltspupdate-
sshkeys to make the ssh server aware of the change.
This workstation isn't authorized to connect to server error message on client, please run commands
sudo ltsp-update-sshkeys and sudo ltsp-update-image (in this order) reference:
https://bugs.launchpad.net/ubuntu/+source/ltsp/+bug/144296
Dont use the ltsp-utils package from universe (only available in dapper) with this ltsp
implementation, it is for a different ltsp version, installing them together will break.

Postfix Mail Server

POSTFIX MAIL SERVER
Switch to Postfix from Sendmail
1. Click System, select Administration, and click Mail Transport Agent Switcher. This
will launch the system-switch-mail window.
2. In the system-switch-mail window, select Postfix and click Ok
Configure Postfix
1. Click Applications, select System Tools then click File Browser. This will launch the
File Browser window.
2. In the Location field, type in /etc/postfix and press Enter. If you don’t see the Location
field, click the notepad button to toggle to text-based location bar.
3. Double click on the file main.cf to open it for editing. We need to make it listen to
network request, accept mails bound to our domain and use maildir which is a better
mailbox format than mbox the default.
Find the following keys and change its values as follows
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
home_mailbox = Maildir/
In main.cf, lines starting with # are comments. Save the file after completing your
changes.
Make sure that all mail_spool_directory lines are commented out. Otherwise, it
will override the setting in the home_mailbox line above.
4. Restart the postfix service
[root@mail ~]# telnet localhost smtp
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 mail.acme.local ESMTP Postfix
ehlo host
250-mail.acme.local
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: johndoe
250 2.1.0 Ok
rcpt to: johndoe
250 2.1.5 Ok
data
354 End data with .
test
.
250 2.0.0 Ok: queued as 9729067C17
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@mail ~]#
To check if the mail indeed exists
[root@mail ~]# cd /home/johndoe/Maildir/new
[root@mail new]# ls
1185669817.Vfd00I18012M795756.mail.acme.local
[root@mail new]# cat 1185669817.Vfd00I18012M795756.mail.acme.local
Don’t worry, you don’t have to type in the whole filename above. Just type in the first
few characters say 118 then press Tab to activate automatic completion.
From johndoe@mail.acme.local Thu Feb 22 21:48:28 2007
Return-Path:
X-Original-To: johndoe
Delivered-To: johndoe@mail.acme.local
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by mail.acme.local (Postfix) with SMTP id 9729067C17
for ; Thu, 22 Feb 2007 21:48:26 -0500 (EST)
Message-Id: <20070222134827.9729067c17@mail.acme.local>
Date: Thu, 22 Feb 2007 21:48:26 -0500 (EST)
From: johndoe@mail.acme.local
To: undisclosed-recipients:;
test
Installing and setting up Dovecot in Red Hat Enterprise Linux 5 or CentOS 5 is easy. All
we have to do is to enable the services we would like to provide and we are good to go.
1. Click Applications, select System Tools then click File Browser. This will launch the
File Browser window.
2. In the Location field, type in /etc and press Enter. If you don’t see the Location field,
click the notepad button to toggle to text-based location bar.
3. Double click on the file dovecot.conf to open it for editing. We need to change a few
key items.
Find the following keys and change its values as follows
protocols = pop3 pop3s imap imaps
mail_location = maildir:~/Maildir/
pop3_uidl_format = %08Xu%08Xv
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
For 64-bit users: Add the line login_process_size = 64 in the file
/etc/dovecot.conf.
Lines starting with # are comments. The last two line enables workarounds for various
client bugs. Save the file after completing your changes.
4. Start the dovecot service.
1. Click Applications, select Accessories, and click Terminal. This will launch the
Terminal window
2. In the Terminal window, type in the highlighted commands below.
Sample dovecot session. Replace johndoe and password with any valid user name and
password.
[root@mail ~]# telnet localhost pop3
+OK dovecot ready.
user johndoe
+OK
pass password
+OK Logged in.
list
+OK 1 messages:
1 622
.
retr 1
+OK 622 octets
Return-Path:
X-Original-To: johndoe
Delivered-To: johndoe@mail.acme.local
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by mail.acme.local (Postfix) with SMTP id 9729067C17
for ; Thu, 22 Feb 2007 09:06:37 -0500 (EST)
Message-Id: <20070222140640.9729067c17@mail.acme.local>
Date: Thu, 22 Feb 2007 09:06:37 -0500 (EST)
From: johndoe@mail.acme.local
To: undisclosed-recipients:;
X-IMAPbase: 1172153557 1
Status: O
X-UID: 1
Content-Length: 5
X-Keywords:
test
.
quit
+OK Logging out.
Connection closed by foreign host.
SMTP Authentication (SMTP Auth) provides an access control mechanism that can be
used to allow legitimate users to relay mail while denying relay service to unauthorized
users, such as spammers.
Thanks to the new SASL support in Dovecot 1.0 and the new Dovecot SASL support in
Postfix 2.3, setting up SMTP authentication is now easier. Instead of setting up two
separate authentication for Postfix and Dovecot, we can now just setup the authentication
in Dovecot and just let Postfix talk to Dovecot.
Configure Postfix and Dovecot
1. Edit the file /etc/dovecot.conf and make sure your auth default section has the lines
below.
auth default {
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
mechanisms = plain login
}
2. Edit /etc/postfix/main.cf, find the keys below and change its values
as follows or add it at the bottom of the file if the key (the word
before the = sign) cannot be found.
mynetworks = 127.0.0.0/8
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_invalid_hostname, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org, reject_rbl_client
dul.dnsbl.sorbs.net, reject_unlisted_recipient, check_policy_service
unix:postgrey/socket, check_client_access
regexp:/etc/postfix/blacklist_clients
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
vi /etc/postfix/blacklist_clients
# IP
/^10\.10\.1\.2$/ REJECT UCE black-listed
P
/^10\.10\.1\.2$/ REJECT UCE black-listed
# IP block
/^10\.10\.1/ REJECT UCE black-listed
# exact domain
/^example\.com$/ REJECT UCE black-listed
# everything in a domain
/example\.com$/ REJECT UCE black-listed
# specific hosts
/^uce-relay\.example\.com$/ REJECT UCE black-listed
The first line says trust only localhost, meaning only localhost can send email outside the
network (relay). The last line is there to support old clients like Microsoft Outlook
Express 4.0 and Microsoft Exchange 5.0 just in case someone is still using it.
Lines starting with # are comments. Save the file after completing your changes.
3. Restart the Dovecot and Postfix service. But if you installed MailScanner, restart
MailScanner instead of Postfix.
In a Terminal window, type in the highlighted commands below.
telnet mail smtp
Replace mail with the name of your server. We should not use localhost since
localhost is a trusted client ip address.
Trying 192.168.0.1...
Connected to mail.acme.local (192.168.0.1).
Escape character is '^]'.
220 mail.acme.local ESMTP Postfix
ehlo host
250-mail.acme.local
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Note the new 250-AUTH lines. See the old SMTP Telnet Test.
mail from: johndoe
250 2.1.0 Ok
rcpt to: test@domain.local
554 5.7.1 : Relay access denied
It works, now to check if we can send it after authenticating.
auth plain AGpvaG5kb2VAYWNtZS5sb2NhbABwYXNzd29yZA==
235 2.0.0 Authentication successful
rcpt to: test@domain.local
250 2.1.5 Ok
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@mail ~]#
Starting the Web Server
1. If you did not add Web Server and squirrelmail during installation, you can add it now.
Using the Package Manager tool, add the Web Server package in the Servers category.
Also add the optional package squirrelmail located in the Mail Server package under the
category Servers.
2. Start the httpd service.
1. Click the globe icon at the top near the System menu to launch the Firefox web
browser.
If an error occurs, you probably did not install the Graphical Internet package. You can
add it now using the Package Manager tool.
2. In the address box, type in http://localhost/webmail and press Enter. Type in a valid
username and password and click Login.
3. That’s it, it’s working.
Locating SquirrelMail into the domain root
By default, SquirrelMail is located in the /webmail of your domain. If you prefer to
access SquirrelMail from the root of your domain, follow the steps below.
1. Create the file /etc/httpd/conf.d/sqroot.conf containing the lines below.

DocumentRoot /usr/share/squirrelmail

2. Restart the httpd service.
3. Now try browsing http://localhost
How to add a password change utility.
If you are using Linux system accounts as your mail accounts, you can install the
change_passwd plugin to enable SquirrelMail to provide a password change utility.
Install the SquirrelMail Change Password Plugin
1. Connect to your SquirrelMail server and note down its version.
2. Download the Change Passwd 4.2 and Compatibility 2.0.11 plugins.
3. Extract the downloaded files and put them into the /usr/share/squirrelmail/plugins
directory.
4. From a Terminal window, type in /usr/share/squirrelmail/config/conf.pl and
press Enter. This will launch the SquirrelMail Configuration utility.
If your Terminal window has a white background, make sure that the colors are off by
looking for the command Turn color on. If the command is Turn color off, type in
C and press Enter to turn the colors off. This will ensure that you will be able to read all
of the text.
5. Type in 8 and press Enter to list the Plugins submenu.
6. Install the change_passwd plugin by typing in the number corresponding to it and
press Enter. When you are done, type in q and press Enter to quit then type in y and press
Enter to save your changes.
7. If your version of SquirrelMail is not 1.4.13 and higher or 1.5.1 and higher, you need
to patch your SquirrelMail source. Go to /usr/share/squirrelmail/plugins/compatibility
and apply the compatibility patch by typing in the command below.
patch -p0 < patches/compatibility_patch-1.4.8.diff
Replace 1.4.8 with your SquirrelMail version.
8. In the /usr/share/squirrelmail/plugins/change_passwd directory, copy the file
config.sample.php and save it as config.php. Edit config.php and review the default
settings.
Here are some useful settings in config.php
· $minimumPasswordLength - Minimum length of the password.
· $seeOutput - Shows the output of the change password program. Useful for
tracing problems.
· $changePasswdInLogin - Change password from the login form.
Test the SquirrelMail Change Password
1. Login to SquirrelMail and go to the Options page. You should see the new Change
Password section.
2. Click the Change Password link to view the new Change Password page.
Increase the size of attachment
Edit /etc/php.ini
upload_max_filesize = 10M
From a Terminal window, type in /usr/share/squirrelmail/config/conf.pl and
press Enter. This will launch the SquirrelMail Configuration utility.
1 ) Change the Server name
2) Add the Plugins and etc
Configure the Firewall
Red Hat Enterprise Linux 5 and its derivative CentOS 5 includes a graphical tool called
Security Level Configuration for configuring the firewall options. This guide describes
how to use this tool to open up the ports necessary for providing an email server.
1. Click System, select Administration and click Security Level and Firewall. This will
launch the Security Level Configuration window.
2. For a mail server with webmail, check Mail (SMTP), Secure WWW (HTTPS) and
WWW (HTTP) in the Trusted services list.
3. 3. We also need to open the ports for the POP3 and IMAP services. In the Other ports
field, add the port numbers below.
Service
Port
POP3
110:tcp
POP3S
995:tcp
IMAP
143:tcp
IMAPS
993:tcp
Mail Scanner
To install MailScanner, we are going to download the latest source code from the
MailScanner web site and build it. For this to work, it needs the Development Tools
package. If you did not include this during installation, you must add it now.
Getting MailScanner
1. Click the globe icon at the top near the System menu to launch the Firefox web
browser.
If an error occurs, you probably did not install the Graphical Internet package. You can
add it now using the Package Manager tool.
2. In the address box, type in http://www.mailscanner.info/downloads.html and press
Enter. Download the stable version for RedHat, Fedora and Mandrake Linux.
Building and Installing MailScanner
1. The MailScanner source code should now be on your desktop. Right click the newly
downloaded file and click Extract Here.
2. After extracting, a MailScanner folder should be found on your Desktop. Double click
the MailScanner folder to open it.
3. Next, double click the file install.sh. On the Run or Display window, select Run in
Terminal. This will now build and install MailScanner. This will take a while so just wait
until the Terminal window disappears.
ANTIVIRUS CLAMAV
Adding RPMForge to Yum
1. Launch Firefox and go to http://dag.wieers.com/rpm/FAQ.php#B2. Click on the
package appropriate for your version of Red Hat Enterprise Linux or CentOS.
2. Choose Open with Software Installer (default) and click Ok.
3. The Installing packages window will appear. Click Apply to proceed.
4. Finally click Ok. You now have access to an extensive library of precompiled binaries.
Installing Clam AntiVirus
If you prefer not to use the GUI tool below, you can also install the Clam AntiVirus by
typing in yum install clamd in a Terminal window.
1. Click Applications then click Add/Remove Software. This will launch the Package
Manager window.
2. Click the Search tab. Next type in clamd and click the Search button.
3. Select the latest version of clamd then click Apply. Next click on Continue until it
proceeds with the installation.
4. After installation, click Ok. You now have successfully installed Clam Antivirus.
5. Start the clamd service.
6. To test ClamAV AntiVirus, type in the command clamscan in a terminal window.
Configuring MailScanner
1. Edit the file /etc/MailScanner/MailScanner.conf
Find the following keys and change the values as follows
%org-name% = your organization name
%org-long-name% = your full organization name
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Incoming Work Group = clamav
Incoming Work Permissions = 0640
MTA = postfix
Virus Scanners = clamd
Clamd Socket = /tmp/clamd.socket
Use SpamAssassin = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
2. Click Applications and click File Browser to launch the File Browser window and go
to the /var/spool/MailScanner directory.
3. In the File Browser window, click File and click Create Folder. Name the new folder
spamassassin.
4. Right click on the folder incoming and click Properties.
5. In the Properties window, click the Permissions tab. In the Permissions page, set the
Owner as postfix and its Folder Access as Create and delete files. Set the Group as
clamav and its Folder Access as Access files. Finally, set the Folder Access of Others as
None. Click Close when you are done. Repeat this for the quarantine and spamassassin
folders.
6. From a terminal window, type in
ln -s /usr/bin/freshclam /usr/local/bin/freshclam
MailScanner will be looking for freshclam in the /usr/local/bin directory so we’ll create a
symbolic link to it in that directory.
Integrating MailScanner into Postfix
1. Edit the file /etc/postfix/main.cf and remove the # in front of the line below
header_checks = regexp:/etc/postfix/header_checks
2. Edit the file /etc/postfix/header_checks and add the line below to the bottom of the file
/^Received:/ HOLD
This will now place all incoming mail into the holding area until released by
MailScanner.
3. MailScanner should now be the one to start the Postfix service. Stop the Postfix service
and start the MailScanner service in that order.
4. Test if Postfix is still working
Postgrey, Anti-Spam for Postfix
Postgrey is a simple and powerful anti-spam tool for Postfix. It works by using a
technique called Greylisting. Adding greylisting in Postfix will give your Postfix mail
server a simple and effective first line of defense against spam, at a cost of a few minor
delays for newly identified senders. To install Postgrey, we are going to use the
precompiled binaries from Dag Wieers RPM packages for Red Hat, RHEL, CentOS and
Fedora.
Adding RPMForge to Yum
1. Launch
Firefox and go to http://dag.wieers.com/rpm/FAQ.php#B2. Click on the package
appropriate for your version of Red Hat Enterprise Linux or CentOS.. Choose Open with
Software Installer (default) and click Ok.
3. The Installing packages window will appear. Click Apply to proceed.
4. Finally click Ok. You now have access to an extensive library of precompiled binaries.
Installing Postgrey Greylisting Policy Server
If you are using Red Hat Enterprise Linux 4 or CentOS 4, you have an older version of
the Package Manager tool. Instead of using the GUI tool below, you can use the
command yum install postgrey in a Terminal window to install Postgrey.
1. Click Applications then click Add/Remove Software. This will launch the Package
Manager window.
2. Click the Search tab. Next type in postgrey and click the Search button.
3. Select the latest version of postgrey then click Apply. Next click on Continue until it
proceeds with the installation.
4. After installation, click Ok. You now have successfully installed Postgrey Postfix
Greylisting Policy Server.
Configuring Postfix
1. Edit /etc/postfix/main.cf and add reject_unlisted_recipient and check_policy_service
unix:postgrey/socket to the value of smtpd_recipient_restrictions.
check_policy_service unix:postgrey/socket performs the greylisting while adding
reject_unlisted_recipient before it enables Postfix to immediately reject unknown
recipients instead of having clients go through the greylisting process before being
informed that the recipient does not exist. 2. Start Postgrey and restart Postfix or
MailScanner (if you have installed MailScanner). Learn how to start and restart services
here3. Test Postfix. Do not use localhost to connect to Postfix since localhost will bypass
Postgrey. After typing in the rcpt to command, it should reply with Recipient
address rejected: Greylisted and it should work if you try it again after at least five
minutes.
Configuring the Whitelist in Postgrey
Whitelist enables you to disable greylisting for certain email accounts or client ip
addresses or hostnames. 1. To disable greylisting for certain email accounts, add their
address into the file /etc/postfix/postgrey_whitelist_recipients.
2. To disable greylisting for certain IP addresses or hostnames, add the IP address,
hostname or regular expression to match hostnames into the file
/etc/postfix/postgrey_whitelist_clients.local. Hostnames are identified by performing a
reverse DNS on the client’s IP address. For sample entries, view the file
/etc/postfix/postgrey_whitelist_clients.