Difference between revisions of "Charity admin"

From ProgClub
Jump to: navigation, search
(John 2014-06-06: Install ViewVC...)
 
(160 intermediate revisions by 3 users not shown)
Line 1: Line 1:
This page chronicles the administrative changes to [[Charity|charity.progclub.org]]. If you make an administrative change you should document the change here. Changes are logged he in reverse chronological order with a time-stamp in the form YYYY-MM-DD hh:mm. You can use the time from whatever timezone you are in, or UTC if you're cool, but use 24 hour time. Don't worry if the changes you make have a time-stamp that is less than a time-stamp later in the page, put the latest changes at the top. Put a link to your wiki user account before the time-stamp so we know who's doing what.
+
This page chronicles the administrative changes to [[Charity|charity.progclub.org]]. If you make an administrative change you should document the change here. Changes are logged here in reverse chronological order with a time-stamp in the form YYYY-MM-DD hh:mm. You can use the time from whatever timezone you are in, or UTC if you're cool, but use 24 hour time. Don't worry if the changes you make have a time-stamp that is less than a time-stamp later in the page, put the latest changes at the top. Put a link to your wiki user account before the time-stamp so we know who's doing what. See the [[Administrative reference]] for other information.
 +
 
 +
= [[User:John|John]] 2014-06-06 =
 +
 
 +
== Install ViewVC ==
 +
 
 +
root@charity:/# apt-get install statsvn viewvc viewvc-query
 +
 
 +
= [[User:John|John]] 2014-04-10 =
 +
 
 +
== Whitelist John's IP in fail2ban ==
 +
 
 +
# vim /etc/fail2ban/jail.conf
 +
 
 +
ignoreip = 127.0.0.1 60.240.67.126
 +
 
 +
# reboot
 +
 
 +
== Allow SSH only for members of sudo group ==
 +
 
 +
Following [https://www.progclub.org/pipermail/programming/2014-April/000301.html these instructions]:
 +
 
 +
root@charity:/etc/ssh# vim sshd_config
 +
 
 +
AllowGroups sudo
 +
 
 +
jj5@charity:~$ sudo service ssh restart
 +
 
 +
= [[User:John|John]] 2014-04-07 =
 +
 
 +
== Git repos via HTTPS ==
 +
 
 +
Following [http://sourcevirtues.wordpress.com/2012/03/04/setup-git-server-with-https-on-debian-stable/ these instructions]:
 +
 
 +
root@charity:~# apt-get install git-core apache2 apache2-utils openssl
 +
root@charity:~# mkdir /var/git
 +
root@charity:~# cd /var/git
 +
root@charity:/var/git# mkdir test.git
 +
root@charity:/var/git# cd test.git/
 +
root@charity:/var/git/test.git# git init --bare
 +
root@charity:/var/git/test.git# chown -R www-data:www-data .
 +
 
 +
Edit /etc/apache2/sites-enabled/default-ssl:
 +
 
 +
  SetEnv GIT_PROJECT_ROOT /var/git
 +
  SetEnv GIT_HTTP_EXPORT_ALL
 +
  SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
 +
  ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
 +
  <Location /git/>
 +
    AuthType Basic
 +
    AuthName "ProgClub git"
 +
    AuthUserFile /etc/apache2/git.passwd
 +
    <LimitExcept GET HEAD>
 +
      Require valid-user
 +
    </LimitExcept>
 +
  </Location>
 +
  <Directory /usr/lib/git-core/>
 +
    AllowOverride None
 +
    Options +ExecCGI -Includes
 +
    Order allow,deny
 +
    Allow from all
 +
  </Directory>
 +
 
 +
root@charity:/etc/apache2/sites-enabled# apache2ctl graceful
 +
 
 +
And to set up a git repo for Chris:
 +
 
 +
root@charity:/var/git# mkdir pccipher-firefox-addon.git
 +
root@charity:/var/git# cd pccipher-firefox-addon.git/
 +
root@charity:/var/git/pccipher-firefox-addon.git# git init --bare
 +
Initialized empty Git repository in /var/git/pccipher-firefox-addon.git/
 +
root@charity:/var/git/pccipher-firefox-addon.git# chown -R www-data:www-data .
 +
 
 +
= [[User:John|John]] 2012-10-30 =
 +
 
 +
== Postfix RBL client restrictions ==
 +
 
 +
Better late than never! Modified /etc/postfix/main.cf to change this:
 +
 
 +
smtpd_recipient_restrictions =
 +
  permit_mynetworks,
 +
  permit_sasl_authenticated,
 +
  reject_unauth_destination
 +
 
 +
To this:
 +
 
 +
smtpd_recipient_restrictions =
 +
  permit_mynetworks,
 +
  permit_sasl_authenticated,
 +
  reject_unauth_destination,
 +
  reject_rbl_client list.dsbl.org,
 +
  reject_rbl_client sbl-xbl.spamhaus.org,
 +
  reject_rbl_client cbl.abuseat.org,
 +
  reject_rbl_client dul.dnsbl.sorbs.net,
 +
  permit
 +
 
 +
Then:
 +
 
 +
root@charity:/etc/postfix# postfix reload
 +
 
 +
Hopefully that will stop a lot of the spam!
 +
 
 +
= [[User:John|John]] 2012-07-31 16:22 =
 +
 
 +
== Installing dpkg-dev ==
 +
 
 +
jj5@charity:~/mailman$ apt-get source mailman
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
NOTICE: 'mailman' packaging is maintained in the 'Svn' version control system at:
 +
svn://svn.debian.org/svn/pkg-mailman/trunk
 +
Need to get 8,303kB of source archives.
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main mailman 1:2.1.13-1ubuntu0.2 (dsc) [2,078B]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main mailman 1:2.1.13-1ubuntu0.2 (tar) [8,167kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main mailman 1:2.1.13-1ubuntu0.2 (diff) [134kB]
 +
Fetched 8,303kB in 1s (4,601kB/s)
 +
sh: dpkg-source: not found
 +
Unpack command 'dpkg-source -x mailman_2.1.13-1ubuntu0.2.dsc' failed.
 +
Check if the 'dpkg-dev' package is installed.
 +
E: Child process failed
 +
jj5@charity:~/mailman$ ll
 +
total 8.0M
 +
drwxr-xr-x  2 jj5 sudo 4.0K 2012-07-31 16:22 ./
 +
drwxr-xr-x 25 jj5 sudo 4.0K 2012-07-31 16:22 ../
 +
-rw-r--r--  1 jj5 sudo 132K 2011-02-23 07:08 mailman_2.1.13-1ubuntu0.2.diff.gz
 +
-rw-r--r--  1 jj5 sudo 2.1K 2011-02-23 07:08 mailman_2.1.13-1ubuntu0.2.dsc
 +
-rw-r--r--  1 jj5 sudo 7.8M 2010-01-18 19:05 mailman_2.1.13.orig.tar.gz
 +
jj5@charity:~/mailman$ sudo apt-get install dpkg-dev
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  build-essential fakeroot liblzma1 xz-utils
 +
Suggested packages:
 +
  debian-keyring debian-maintainers
 +
The following NEW packages will be installed:
 +
  build-essential dpkg-dev fakeroot liblzma1 xz-utils
 +
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 1,146kB of archives.
 +
After this operation, 3,330kB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main liblzma1 4.999.9beta+20091116-1 [151kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main xz-utils 4.999.9beta+20091116-1 [233kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main dpkg-dev 1.15.5.6ubuntu4.5 [654kB]
 +
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main build-essential 11.4build1 [7,278B]
 +
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main fakeroot 1.14.4-1ubuntu1 [101kB]
 +
Fetched 1,146kB in 1s (1,033kB/s)
 +
Selecting previously deselected package liblzma1.
 +
(Reading database ... 37323 files and directories currently installed.)
 +
Unpacking liblzma1 (from .../liblzma1_4.999.9beta+20091116-1_amd64.deb) ...
 +
Selecting previously deselected package xz-utils.
 +
Unpacking xz-utils (from .../xz-utils_4.999.9beta+20091116-1_amd64.deb) ...
 +
Selecting previously deselected package dpkg-dev.
 +
Unpacking dpkg-dev (from .../dpkg-dev_1.15.5.6ubuntu4.5_all.deb) ...
 +
Selecting previously deselected package build-essential.
 +
Unpacking build-essential (from .../build-essential_11.4build1_amd64.deb) ...
 +
Selecting previously deselected package fakeroot.
 +
Unpacking fakeroot (from .../fakeroot_1.14.4-1ubuntu1_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Setting up liblzma1 (4.999.9beta+20091116-1) ...
 +
 +
Setting up xz-utils (4.999.9beta+20091116-1) ...
 +
Setting up dpkg-dev (1.15.5.6ubuntu4.5) ...
 +
Setting up build-essential (11.4build1) ...
 +
Setting up fakeroot (1.14.4-1ubuntu1) ...
 +
update-alternatives: using /usr/bin/fakeroot-sysv to provide /usr/bin/fakeroot (fakeroot) in auto mode.
 +
 +
Processing triggers for libc-bin ...
 +
ldconfig deferred processing now taking place
 +
Committing to: /etc/
 +
added alternatives/faked.1.gz
 +
added alternatives/faked.es.1.gz
 +
added alternatives/faked.fr.1.gz
 +
added alternatives/faked.sv.1.gz
 +
added alternatives/fakeroot
 +
added alternatives/fakeroot.1.gz
 +
added alternatives/fakeroot.es.1.gz
 +
added alternatives/fakeroot.fr.1.gz
 +
added alternatives/fakeroot.sv.1.gz
 +
added dpkg/shlibs.default
 +
added dpkg/shlibs.override
 +
Committed revision 157.
 +
 
 +
 
 +
= [[User:John|John]] 2012-03-01 07:25 =
 +
 
 +
== Subscribing root@charity to log@progclub.org mailing list ==
 +
 
 +
Had a problem with some of the email being delivered to the log@progclub.org mailing list getting flagged as spam, but it's legitimate log email. I decided to subscribe the sender to the list so that it received its spam bonus so that future mail didn't get flagged as spam. The email address reported by the process that sends the logs is root@charity, which mailman won't accept because it's a badly formed email address. I [http://mail.python.org/pipermail/mailman-users/2012-February/072992.html asked about how to fix this problem] and [http://mail.python.org/pipermail/mailman-users/2012-February/073000.html received an answer], so following those instructions:
 +
 
 +
jj5@charity:~$ note Subscribing root@charity to log@progclub.org mailing list
 +
Session: /home/jj5/.session/2012/03/01/2012-03-01-073135
 +
Note: Subscribing root@charity to log@progclub.org mailing list
 +
 
 +
jj5@charity:~$ sudo -u list -s
 +
list@charity:~$ cd /var/lib/mailman/
 +
 
 +
list@charity:/var/lib/mailman$ bin/withlist log
 +
Loading list log (unlocked)
 +
The variable `m' is the log MailList instance
 +
>>> m.addNewMember('root@charity')
 +
Traceback (most recent call last):
 +
  File "<console>", line 1, in <module>
 +
  File "/var/lib/mailman/Mailman/OldStyleMemberships.py", line 173, in addNewMember
 +
    assert self.__mlist.Locked()
 +
AssertionError
 +
>>>
 +
Finalizing
 +
 
 +
That was a mistake, forgot the -l flag.
 +
 
 +
list@charity:/var/lib/mailman$ bin/withlist -l log
 +
Loading list log (locked)
 +
The variable `m' is the log MailList instance
 +
>>> m.addNewMember('root@charity')
 +
>>> m.Save()
 +
>>>
 +
Unlocking (but not saving) list: log
 +
Finalizing
 +
 
 +
list@charity:/var/lib/mailman$ note Third line of withlist commands was Ctrl+D.
 +
Note: Third line of withlist commands was Ctrl+D.
 +
 
 +
list@charity:/var/lib/mailman$ note Reviewed https://www.progclub.org/cgi-bin/mailman/admin/log/members and set root@chairty to nomail.
 +
Note: Reviewed https://www.progclub.org/cgi-bin/mailman/admin/log/members and set root@chairty to nomail.
 +
 
 +
= [[User:John|John]] 2012-02-28 13:50 =
 +
 
 +
== Configuring etckeeper email commit notifications ==
 +
 
 +
Following [https://www.progclub.org/pipermail/list/2012-February/000470.html these instructions].
 +
 
 +
jj5@charity:~$ echo $SESSION_PATH
 +
/home/jj5/.session/2012/02/28/2012-02-28-134559
 +
jj5@charity:~$ note Configuring etckeeper email commit notifications
 +
Note: Configuring etckeeper email commit notifications
 +
 
 +
jj5@charity:~$ sudo -s
 +
root@charity:~# cd /srv
 +
root@charity:/srv# mkdir bzr
 +
root@charity:/srv# cd bzr
 +
 
 +
root@charity:/srv/bzr# bzr branch lp:bzr-hookless-email
 +
You have not informed bzr of your Launchpad ID, and you must do this to
 +
write to Launchpad or access private data.  See "bzr help launchpad-login".
 +
Branched 30 revision(s).
 +
 
 +
root@charity:/srv/bzr# cd bzr-hookless-email/
 +
root@charity:/srv/bzr/bzr-hookless-email# bzr pull
 +
Using saved parent location: http://bazaar.launchpad.net/~bzr/bzr-hookless-email/trunk-2a/
 +
No revisions to pull.
 +
 
 +
root@charity:/srv/bzr/bzr-hookless-email# cd /etc/cron.d
 +
root@charity:/etc/cron.d# vim etckeeper-commit-notification
 +
root@charity:/etc/cron.d# cat etckeeper-commit-notification
 +
*/5 * * * * root /srv/bzr/bzr-hookless-email/bzr_hookless_email.py -e log@progclub.org -r /etc
 +
 
 +
= [[User:John|John]] 2012-02-28 12:43 =
 +
 
 +
== Installing and configuring logcheck ==
 +
 
 +
root@charity:/etc# apt-get install logcheck syslog-summary
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  libipc-signal-perl libmime-types-perl libproc-waitstat-perl
 +
  logcheck-database logtail mime-construct python-magic
 +
Suggested packages:
 +
  python-magic-dbg
 +
The following NEW packages will be installed:
 +
  libipc-signal-perl libmime-types-perl libproc-waitstat-perl logcheck
 +
  logcheck-database logtail mime-construct python-magic syslog-summary
 +
0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 361kB of archives.
 +
After this operation, 1,982kB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libipc-signal-perl 1.00-6 [7,016B]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libmime-types-perl 1.28-1 [31.5kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libproc-waitstat-perl 1.00-4 [7,806B]
 +
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main mime-construct 1.10 [19.4kB]
 +
Get:5 http://archive.ubuntu.com/ubuntu/ lucid-updates/main logtail 1.3.7ubuntu2 [57.8kB]
 +
Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main logcheck 1.3.7ubuntu2 [75.7kB]
 +
Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/main logcheck-database 1.3.7ubuntu2 [115kB]
 +
Get:8 http://archive.ubuntu.com/ubuntu/ lucid/universe syslog-summary 1.14-1 [10.2kB]
 +
Get:9 http://archive.ubuntu.com/ubuntu/ lucid/main python-magic 5.03-5ubuntu1 [35.7kB]
 +
Fetched 361kB in 1s (306kB/s)
 +
Committing to: /etc/
 +
modified group
 +
modified group-
 +
modified gshadow
 +
modified gshadow-
 +
modified apt/apt.conf.d/50unattended-upgrades
 +
modified bind/named.conf.options
 +
modified fail2ban/jail.local
 +
modified logwatch/conf/logwatch.conf
 +
Committed revision 144.
 +
Selecting previously deselected package libipc-signal-perl.
 +
(Reading database ... 33389 files and directories currently installed.)
 +
Unpacking libipc-signal-perl (from .../libipc-signal-perl_1.00-6_all.deb) ...
 +
Selecting previously deselected package libmime-types-perl.
 +
Unpacking libmime-types-perl (from .../libmime-types-perl_1.28-1_all.deb) ...
 +
Selecting previously deselected package libproc-waitstat-perl.
 +
Unpacking libproc-waitstat-perl (from .../libproc-waitstat-perl_1.00-4_all.deb) ...
 +
Selecting previously deselected package mime-construct.
 +
Unpacking mime-construct (from .../mime-construct_1.10_all.deb) ...
 +
Selecting previously deselected package logtail.
 +
Unpacking logtail (from .../logtail_1.3.7ubuntu2_all.deb) ...
 +
Selecting previously deselected package logcheck.
 +
Unpacking logcheck (from .../logcheck_1.3.7ubuntu2_all.deb) ...
 +
Selecting previously deselected package logcheck-database.
 +
Unpacking logcheck-database (from .../logcheck-database_1.3.7ubuntu2_all.deb) ...
 +
Selecting previously deselected package syslog-summary.
 +
Unpacking syslog-summary (from .../syslog-summary_1.14-1_all.deb) ...
 +
Selecting previously deselected package python-magic.
 +
Unpacking python-magic (from .../python-magic_5.03-5ubuntu1_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Setting up libipc-signal-perl (1.00-6) ...
 +
Setting up libmime-types-perl (1.28-1) ...
 +
Setting up libproc-waitstat-perl (1.00-4) ...
 +
Setting up mime-construct (1.10) ...
 +
Setting up logtail (1.3.7ubuntu2) ...
 +
Setting up logcheck (1.3.7ubuntu2) ...
 +
Adding user logcheck to group adm
 +
 +
Setting up logcheck-database (1.3.7ubuntu2) ...
 +
 +
Setting up syslog-summary (1.14-1) ...
 +
Setting up python-magic (5.03-5ubuntu1) ...
 +
Committing to: /etc/
 +
modified .etckeeper
 +
modified aliases
 +
modified aliases.db
 +
modified group
 +
modified group-
 +
modified gshadow
 +
modified gshadow-
 +
modified passwd
 +
modified passwd-
 +
modified shadow
 +
modified shadow-
 +
added syslog-summary
 +
added cron.d/logcheck
 +
added logcheck/cracking.d
 +
added logcheck/cracking.ignore.d
 +
added logcheck/header.txt
 +
added logcheck/logcheck.conf
 +
added logcheck/logcheck.logfiles
 +
added logcheck/violations.d
 +
added logcheck/cracking.d/kernel
 +
added logcheck/cracking.d/rlogind
 +
added logcheck/cracking.d/rsh
 +
added logcheck/cracking.d/smartd
 +
added logcheck/cracking.d/tftpd
 +
added logcheck/cracking.d/uucico
 +
added logcheck/ignore.d.paranoid/bind
 +
added logcheck/ignore.d.paranoid/cron
 +
added logcheck/ignore.d.paranoid/incron
 +
added logcheck/ignore.d.paranoid/logcheck
 +
added logcheck/ignore.d.paranoid/postfix
 +
added logcheck/ignore.d.paranoid/ppp
 +
added logcheck/ignore.d.paranoid/pureftp
 +
added logcheck/ignore.d.paranoid/qpopper
 +
added logcheck/ignore.d.paranoid/squid
 +
added logcheck/ignore.d.paranoid/ssh
 +
added logcheck/ignore.d.paranoid/stunnel
 +
added logcheck/ignore.d.paranoid/sysklogd
 +
added logcheck/ignore.d.paranoid/telnetd
 +
added logcheck/ignore.d.paranoid/tripwire
 +
added logcheck/ignore.d.paranoid/usb
 +
added logcheck/ignore.d.server/acpid
 +
added logcheck/ignore.d.server/amandad
 +
added logcheck/ignore.d.server/anacron
 +
added logcheck/ignore.d.server/anon-proxy
 +
added logcheck/ignore.d.server/apache
 +
added logcheck/ignore.d.server/apcupsd
 +
added logcheck/ignore.d.server/arpwatch
 +
added logcheck/ignore.d.server/automount
 +
added logcheck/ignore.d.server/bind
 +
added logcheck/ignore.d.server/bluez-utils
 +
added logcheck/ignore.d.server/courier
 +
added logcheck/ignore.d.server/cpqarrayd
 +
added logcheck/ignore.d.server/cpufreqd
 +
added logcheck/ignore.d.server/cracklib
 +
added logcheck/ignore.d.server/cron
 +
added logcheck/ignore.d.server/cron-apt
 +
added logcheck/ignore.d.server/cups-lpd
 +
added logcheck/ignore.d.server/cvs-pserver
 +
added logcheck/ignore.d.server/cvsd
 +
added logcheck/ignore.d.server/cyrus
 +
added logcheck/ignore.d.server/dcc
 +
added logcheck/ignore.d.server/ddclient
 +
added logcheck/ignore.d.server/dhclient
 +
added logcheck/ignore.d.server/dhcp
 +
added logcheck/ignore.d.server/dictd
 +
added logcheck/ignore.d.server/dkfilter
 +
added logcheck/ignore.d.server/dkim-filter
 +
added logcheck/ignore.d.server/dnsmasq
 +
added logcheck/ignore.d.server/dovecot
 +
added logcheck/ignore.d.server/dspam
 +
added logcheck/ignore.d.server/epmd
 +
added logcheck/ignore.d.server/exim4
 +
added logcheck/ignore.d.server/fcron
 +
added logcheck/ignore.d.server/ftpd
 +
added logcheck/ignore.d.server/gnu-imap4d
 +
added logcheck/ignore.d.server/gps
 +
added logcheck/ignore.d.server/grinch
 +
added logcheck/ignore.d.server/horde3
 +
added logcheck/ignore.d.server/hplip
 +
added logcheck/ignore.d.server/hylafax
 +
added logcheck/ignore.d.server/ikiwiki
 +
added logcheck/ignore.d.server/imap
 +
added logcheck/ignore.d.server/imapproxy
 +
added logcheck/ignore.d.server/imp
 +
added logcheck/ignore.d.server/imp4
 +
added logcheck/ignore.d.server/innd
 +
added logcheck/ignore.d.server/ipppd
 +
added logcheck/ignore.d.server/isdnlog
 +
added logcheck/ignore.d.server/isdnutils
 +
added logcheck/ignore.d.server/jabberd
 +
added logcheck/ignore.d.server/kernel
 +
added logcheck/ignore.d.server/klogind
 +
added logcheck/ignore.d.server/krb5-kdc
 +
added logcheck/ignore.d.server/libpam-mount
 +
added logcheck/ignore.d.server/logcheck
 +
added logcheck/ignore.d.server/login
 +
added logcheck/ignore.d.server/maradns
 +
added logcheck/ignore.d.server/mldonkey-server
 +
added logcheck/ignore.d.server/mon
 +
added logcheck/ignore.d.server/mountd
 +
added logcheck/ignore.d.server/nagios
 +
added logcheck/ignore.d.server/netconsole
 +
added logcheck/ignore.d.server/nfs
 +
added logcheck/ignore.d.server/nntpcache
 +
added logcheck/ignore.d.server/nscd
 +
added logcheck/ignore.d.server/nslcd
 +
added logcheck/ignore.d.server/openvpn
 +
added logcheck/ignore.d.server/otrs
 +
added logcheck/ignore.d.server/passwd
 +
added logcheck/ignore.d.server/pdns
 +
added logcheck/ignore.d.server/perdition
 +
added logcheck/ignore.d.server/policyd
 +
added logcheck/ignore.d.server/popa3d
 +
added logcheck/ignore.d.server/postfix
 +
added logcheck/ignore.d.server/postfix-policyd
 +
added logcheck/ignore.d.server/ppp
 +
added logcheck/ignore.d.server/pptpd
 +
added logcheck/ignore.d.server/procmail
 +
added logcheck/ignore.d.server/proftpd
 +
added logcheck/ignore.d.server/puppetd
 +
added logcheck/ignore.d.server/pure-ftpd
 +
added logcheck/ignore.d.server/pureftp
 +
added logcheck/ignore.d.server/qpopper
 +
added logcheck/ignore.d.server/rbldnsd
 +
added logcheck/ignore.d.server/rpc_statd
 +
added logcheck/ignore.d.server/rsnapshot
 +
added logcheck/ignore.d.server/rsync
 +
added logcheck/ignore.d.server/sa-exim
 +
added logcheck/ignore.d.server/samba
 +
added logcheck/ignore.d.server/saned
 +
added logcheck/ignore.d.server/sasl2-bin
 +
added logcheck/ignore.d.server/saslauthd
 +
added logcheck/ignore.d.server/schroot
 +
added logcheck/ignore.d.server/scponly
 +
added logcheck/ignore.d.server/slapd
 +
added logcheck/ignore.d.server/smartd
 +
added logcheck/ignore.d.server/smbd_audit
 +
added logcheck/ignore.d.server/smokeping
 +
added logcheck/ignore.d.server/snmpd
 +
added logcheck/ignore.d.server/snort
 +
added logcheck/ignore.d.server/spamc
 +
added logcheck/ignore.d.server/spamd
 +
added logcheck/ignore.d.server/squid
 +
added logcheck/ignore.d.server/ssh
 +
added logcheck/ignore.d.server/stunnel
 +
added logcheck/ignore.d.server/su
 +
added logcheck/ignore.d.server/sudo
 +
added logcheck/ignore.d.server/sympa
 +
added logcheck/ignore.d.server/syslogd
 +
added logcheck/ignore.d.server/teapop
 +
added logcheck/ignore.d.server/telnetd
 +
added logcheck/ignore.d.server/tftpd
 +
added logcheck/ignore.d.server/thy
 +
added logcheck/ignore.d.server/ucd-snmp
 +
added logcheck/ignore.d.server/upsd
 +
added logcheck/ignore.d.server/uptimed
 +
added logcheck/ignore.d.server/userv
 +
added logcheck/ignore.d.server/vsftpd
 +
added logcheck/ignore.d.server/watchdog
 +
added logcheck/ignore.d.server/webmin
 +
added logcheck/ignore.d.server/wu-ftpd
 +
added logcheck/ignore.d.server/xinetd
 +
added logcheck/ignore.d.workstation/automount
 +
added logcheck/ignore.d.workstation/bind
 +
added logcheck/ignore.d.workstation/bluetooth-alsa
 +
added logcheck/ignore.d.workstation/bluez-utils
 +
added logcheck/ignore.d.workstation/bonobo
 +
added logcheck/ignore.d.workstation/dhcpcd
 +
added logcheck/ignore.d.workstation/francine
 +
added logcheck/ignore.d.workstation/gconf
 +
added logcheck/ignore.d.workstation/gdm
 +
added logcheck/ignore.d.workstation/hald
 +
added logcheck/ignore.d.workstation/hcid
 +
added logcheck/ignore.d.workstation/ifplugd
 +
added logcheck/ignore.d.workstation/ippl
 +
added logcheck/ignore.d.workstation/kdm
 +
added logcheck/ignore.d.workstation/kernel
 +
added logcheck/ignore.d.workstation/libpam-gnome-keyring
 +
added logcheck/ignore.d.workstation/logcheck
 +
added logcheck/ignore.d.workstation/login
 +
added logcheck/ignore.d.workstation/net-acct
 +
added logcheck/ignore.d.workstation/nntpcache
 +
added logcheck/ignore.d.workstation/polypaudio
 +
added logcheck/ignore.d.workstation/postfix
 +
added logcheck/ignore.d.workstation/ppp
 +
added logcheck/ignore.d.workstation/proftpd
 +
added logcheck/ignore.d.workstation/pump
 +
added logcheck/ignore.d.workstation/sendfile
 +
added logcheck/ignore.d.workstation/squid
 +
added logcheck/ignore.d.workstation/udev
 +
added logcheck/ignore.d.workstation/wdm
 +
added logcheck/ignore.d.workstation/winbind
 +
added logcheck/ignore.d.workstation/wpasupplicant
 +
added logcheck/ignore.d.workstation/xdm
 +
added logcheck/ignore.d.workstation/xlockmore
 +
added logcheck/ignore.d.workstation/xscreensaver
 +
added logcheck/violations.d/kernel
 +
added logcheck/violations.d/logcheck
 +
added logcheck/violations.d/smartd
 +
added logcheck/violations.d/su
 +
added logcheck/violations.d/sudo
 +
added logcheck/violations.ignore.d/logcheck-su
 +
added logcheck/violations.ignore.d/logcheck-sudo
 +
added syslog-summary/ignore.rules
 +
Committed revision 145.
 +
 
 +
root@charity:/etc# cd /etc/logcheck
 +
root@charity:/etc/logcheck# ls
 +
cracking.d        ignore.d.paranoid    logcheck.conf      violations.ignore.d
 +
cracking.ignore.d  ignore.d.server      logcheck.logfiles
 +
header.txt        ignore.d.workstation  violations.d
 +
 
 +
root@charity:/etc/logcheck# vim logcheck.conf
 +
root@charity:/etc/logcheck# cat logcheck.conf
 +
# The following variable settings are the initial default values,
 +
# which can be uncommented and modified to alter logcheck's behaviour
 +
 +
# Controls the format of date-/time-stamps in subject lines:
 +
# Alternatively, set the format to suit your locale
 +
 +
#DATE="$(date +'%Y-%m-%d %H:%M')"
 +
 +
# Controls the presence of boilerplate at the top of each message:
 +
# Alternatively, set to "0" to disable the introduction.
 +
#
 +
# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt
 +
# are present their contents will be read and used as the header and
 +
# footer of any generated mails.
 +
 +
#INTRO=1
 +
 +
# Controls the level of filtering:
 +
# Can be Set to "workstation", "server" or "paranoid" for different
 +
# levels of filtering. Defaults to server if not set.
 +
 +
REPORTLEVEL="server"
 +
 +
# Controls the address mail goes to:
 +
# *NOTE* the script does not set a default value for this variable!
 +
# Should be set to an offsite "emailaddress@some.domain.tld"
 +
 +
SENDMAILTO="log@progclub.org"
 +
 +
# Send the results as attachment or not.
 +
# 0=not as attachment; 1=as attachment
 +
# Default is 0
 +
 +
MAILASATTACH=0
 +
 +
# Should the hostname in the subject of generated mails be fully qualified?
 +
 +
FQDN=1
 +
 +
# Controls whether "sort -u" is used on log entries (which will
 +
# eliminate duplicates but destroy the original ordering); the
 +
# default is to use "sort -k 1,3 -s":
 +
# Alternatively, set to "1" to enable unique sorting
 +
 +
#SORTUNIQ=0
 +
 +
# Controls whether /etc/logcheck/cracking.ignore.d is scanned for
 +
# exceptions to the rules in /etc/logcheck/cracking.d:
 +
# Alternatively, set to "1" to enable cracking.ignore support
 +
 +
#SUPPORT_CRACKING_IGNORE=0
 +
 +
# Controls the base directory for rules file location
 +
# This must be an absolute path
 +
 +
#RULEDIR="/etc/logcheck"
 +
 +
# Controls if syslog-summary is run over each section.
 +
# Alternatively, set to "1" to enable extra summary.
 +
# HINT: syslog-summary needs to be installed.
 +
 +
SYSLOGSUMMARY=1
 +
 +
# Controls Subject: lines on logcheck reports:
 +
 +
#ATTACKSUBJECT="Security Alerts"
 +
#SECURITYSUBJECT="Security Events"
 +
#EVENTSSUBJECT="System Events"
 +
 +
# Controls [logcheck] prefix on Subject: lines
 +
 +
#ADDTAG="no"
 +
 +
# Set a different location for temporary files than /tmp
 +
# this is useful if your /tmp is small and you are getting
 +
# errors such as:
 +
# cp: writing `/tmp/logcheck.y12449/checked': No space left on device
 +
# /usr/sbin/logcheck: line 161: cannot create temp file for here document: No space left on device
 +
# mail: /tmp/mail.RsXXXXpc2eAx: No space left on device
 +
# Null message body; hope that's ok
 +
#
 +
# If this is happening, likely you will want to change the following to be some other
 +
# location, such as /var/tmp
 +
 +
TMP="/tmp"
 +
 
 +
Then you need to patch syslog-summary to change the python2.5 env to python2:
 +
 
 +
root@charity:/# vim /usr/bin/syslog-summary
 +
root@charity:/# head /usr/bin/syslog-summary
 +
#!/usr/bin/env python2
 +
 
 +
= [[User:John|John]] 2012-02-28 11:50 =
 +
 
 +
== Configuring new log@progclub mailing list ==
 +
 
 +
Added a new mailing list for logs at ProgClub and configured fail2ban to use it:
 +
 
 +
root@charity:/etc/fail2ban# vim jail.local
 +
root@charity:/etc/fail2ban# head jail.local
 +
[DEFAULT]
 +
ignoreip = 127.0.0.1
 +
bantime  = 3600
 +
maxretry = 3
 +
destemail = log@progclub.org
 +
banaction = iptables-multiport
 +
mta = sendmail
 +
action = %(action_mwl)s
 +
[ssh]
 +
enabled = true
 +
root@charity:/etc/fail2ban# /etc/init.d/fail2ban restart
 +
  * Restarting authentication failure monitor fail2ban                    [ OK ]
 +
 
 +
Also configured logwatch to use it:
 +
 
 +
root@charity:/etc/logwatch/conf# vim logwatch.conf
 +
root@charity:/etc/logwatch/conf# grep log@ logwatch.conf
 +
MailTo = log@progclub.org
 +
 
 +
And also configured Unattended Upgrades to use it:
 +
 
 +
root@charity:/etc/apt/apt.conf.d# vim 50unattended-upgrades
 +
root@charity:/etc/apt/apt.conf.d# grep log@ 50unattended-upgrades
 +
Unattended-Upgrade::Mail "log@progclub.org";
 +
 
 +
One other thing to note is that the 'root' email alias (where Cron sends its email) has been changed for all hosts to forward to log@progclub instead of admin@progclub.
 +
 
 +
= [[User:John|John]] 2012-02-28 06:48 =
 +
 
 +
== Disabling EDNS in bind9 ==
 +
 
 +
Following [https://www.progclub.org/pipermail/programming/2012-February/000018.html these instructions from Justin]:
 +
 
 +
root@charity:/etc/bind# vim named.conf.options
 +
root@charity:/etc/bind# cat named.conf.options
 +
options {
 +
  directory "/var/cache/bind";
 +
 +
  // If there is a firewall between you and nameservers you want
 +
  // to talk to, you may need to fix the firewall to allow multiple
 +
  // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
 +
 +
  // If your ISP provided one or more IP addresses for stable
 +
  // nameservers, you probably want to use them as forwarders.
 +
  // Uncomment the following block, and insert the addresses replacing
 +
  // the all-0's placeholder.
 +
 +
  forwarders {
 +
    //0.0.0.0;
 +
    10.183.96.229;
 +
    10.183.96.34;
 +
  };
 +
 +
  auth-nxdomain no;    # conform to RFC1035
 +
  listen-on-v6 { any; };
 +
 +
};
 +
 +
server ::/0 {
 +
  edns no;
 +
}
 +
 +
server 0.0.0.0/0 {
 +
  edns no;
 +
}
 +
 
 +
root@charity:/etc/bind# /etc/init.d/bind9 restart
 +
  * Stopping domain name service... bind9                                [ OK ]
 +
  * Starting domain name service... bind9                                [ OK ]
 +
 
 +
= [[User:John|John]] 2012-02-13 16:30 =
 +
 
 +
== Installing bind ==
 +
 
 +
jj5@charity:~$ sudo -s
 +
root@charity:~# apt-get install bind9
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  bind9utils
 +
Suggested packages:
 +
  bind9-doc resolvconf ufw
 +
The following NEW packages will be installed:
 +
  bind9 bind9utils
 +
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 461kB of archives.
 +
After this operation, 1,421kB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main bind9utils 1:9.7.0.dfsg.P1-1ubuntu0.4 [118kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main bind9 1:9.7.0.dfsg.P1-1ubuntu0.4 [343kB]
 +
Fetched 461kB in 1s (433kB/s)
 +
Committing to: /etc/
 +
modified aliases.db
 +
Committed revision 136.
 +
Preconfiguring packages ...
 +
Selecting previously deselected package bind9utils.
 +
(Reading database ... 33316 files and directories currently installed.)
 +
Unpacking bind9utils (from .../bind9utils_1%3a9.7.0.dfsg.P1-1ubuntu0.4_amd64.deb) ...
 +
Selecting previously deselected package bind9.
 +
Unpacking bind9 (from .../bind9_1%3a9.7.0.dfsg.P1-1ubuntu0.4_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Processing triggers for ureadahead ...
 +
Setting up bind9utils (1:9.7.0.dfsg.P1-1ubuntu0.4) ...
 +
Setting up bind9 (1:9.7.0.dfsg.P1-1ubuntu0.4) ...
 +
Adding group `bind' (GID 112) ...
 +
Done.
 +
Adding system user `bind' (UID 109) ...
 +
Adding new user `bind' (UID 109) with group `bind' ...
 +
Not creating home directory `/var/cache/bind'.
 +
wrote key file "/etc/bind/rndc.key"
 +
#
 +
  * Starting domain name service... bind9                                [ OK ]
 +
 +
Committing to: /etc/
 +
modified .etckeeper
 +
added bind
 +
modified group
 +
modified group-
 +
modified gshadow
 +
modified gshadow-
 +
modified passwd
 +
modified passwd-
 +
modified shadow
 +
modified shadow-
 +
added apparmor.d/usr.sbin.named
 +
added bind/bind.keys
 +
added bind/db.0
 +
added bind/db.127
 +
added bind/db.255
 +
added bind/db.empty
 +
added bind/db.local
 +
added bind/db.root
 +
added bind/named.conf
 +
added bind/named.conf.default-zones
 +
added bind/named.conf.local
 +
added bind/named.conf.options
 +
added bind/rndc.key
 +
added bind/zones.rfc1918
 +
added default/bind9
 +
added init.d/bind9
 +
added network/if-down.d/bind9
 +
added network/if-up.d/bind9
 +
added ppp/ip-down.d/bind9
 +
added ppp/ip-up.d/bind9
 +
added rc0.d/K85bind9
 +
added rc1.d/K85bind9
 +
added rc2.d/S15bind9
 +
added rc3.d/S15bind9
 +
added rc4.d/S15bind9
 +
added rc5.d/S15bind9
 +
added rc6.d/K85bind9
 +
added ufw/applications.d/bind9
 +
Committed revision 137.
 +
 
 +
root@charity:~# cd /etc/bind
 +
root@charity:/etc/bind# cp db.127 db.10
 +
 
 +
root@charity:/etc/bind# vim db.10
 +
root@charity:/etc/bind# cat db.10
 +
$TTL    604800
 +
@      IN      SOA    localhost. root.localhost. (
 +
                              1        ; Serial
 +
                          604800        ; Refresh
 +
                          86400        ; Retry
 +
                        2419200        ; Expire
 +
                          604800 )      ; Negative Cache TTL
 +
;
 +
@      IN      NS      localhost.
 +
22.97.183  IN PTR  sixsigma.blackbrick.com.
 +
27.97.183  IN PTR  hope.progclub.net.
 +
45.97.183  IN PTR  honesty.progclub.net.
 +
44.97.183  IN PTR  charity.progclub.org.
 +
229.96.183  IN PTR  courtesy.blackbrick.com.
 +
34.96.183  IN PTR  modesty.blackbrick.com.
 +
214.96.183  IN PTR  devotion.blackbrick.com.
 +
10.96.183  IN PTR  respect.blackbrick.com.
 +
21.96.183  IN PTR  trust.blackbrick.com.
 +
22.96.183  IN PTR  humility.blackbrick.com.
 +
23.96.183  IN PTR  courage.blackbrick.com.
 +
24.96.183  IN PTR  empathy.jj5.net.
 +
 
 +
root@charity:/etc/bind# vim named.conf.local
 +
root@charity:/etc/bind# cat named.conf.local
 +
//
 +
// Do any local configuration here
 +
//
 +
 +
// Consider adding the 1918 zones here, if they are not used in your
 +
// organization
 +
//include "/etc/bind/zones.rfc1918";
 +
 +
zone "10.in-addr.arpa" {
 +
  type master;
 +
  file "/etc/bind/db.10";
 +
};
 +
 
 +
root@charity:/etc/bind# vim named.conf.options
 +
root@charity:/etc/bind# cat named.conf.options
 +
options {
 +
  directory "/var/cache/bind";
 +
 +
  // If there is a firewall between you and nameservers you want
 +
  // to talk to, you may need to fix the firewall to allow multiple
 +
  // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
 +
 +
  // If your ISP provided one or more IP addresses for stable
 +
  // nameservers, you probably want to use them as forwarders.
 +
  // Uncomment the following block, and insert the addresses replacing
 +
  // the all-0's placeholder.
 +
 +
  forwarders {
 +
    //0.0.0.0;
 +
    10.183.96.229;
 +
    10.183.96.34;
 +
  };
 +
 +
  auth-nxdomain no;    # conform to RFC1035
 +
  listen-on-v6 { any; };
 +
};
 +
 
 +
root@charity:/etc/bind# /etc/init.d/bind9 restart
 +
  * Stopping domain name service... bind9                                [ OK ]
 +
  * Starting domain name service... bind9                                [ OK ]
 +
 
 +
root@charity:/etc/bind# vim /etc/resolv.conf
 +
root@charity:/etc/bind# cat /etc/resolv.conf
 +
nameserver 127.0.0.1
 +
#nameserver 67.207.128.4
 +
#nameserver 67.207.128.5
 +
 
 +
= [[User:John|John]] 2012-02-12 04:01 =
 +
 
 +
== Changing spam header checks to simplify reporting ==
 +
 
 +
jj5@charity:~$ cd /etc/postfix/
 +
jj5@charity:/etc/postfix$ ls
 +
dynamicmaps.cf  postfix-files  spamalias        tls_per_site
 +
main.cf        postfix-script  spamalias.db    tls_per_site.db
 +
master.cf      post-install    spamheadercheck  transport
 +
old            sasl            sql              transport.db
 +
 
 +
jj5@charity:/etc/postfix$ cat spamheadercheck
 +
/^X-Spam-Status: Yes/ FILTER spamtnsp:local
 +
 
 +
jj5@charity:/etc/postfix$ sudo vim spamheadercheck
 +
 
 +
jj5@charity:/etc/postfix$ cat spamheadercheck
 +
/^X-Spam-Flag: YES/ FILTER spamtnsp:local
 +
 
 +
jj5@charity:/etc/postfix$ sudo postfix reload
 +
postfix/postfix-script: refreshing the Postfix mail system
 +
 
 +
= [[User:John|John]] 2012-02-12 02:07 =
 +
 
 +
== Fixing spamd aliases for delivery of spam to spamd account ==
 +
 
 +
jj5@charity:~$ sudo vim /etc/postfix/spamalias
 +
 
 +
jj5@charity:~$ cat /etc/postfix/spamalias
 +
*: spamd
 +
 
 +
jj5@charity:~$ sudo postalias /etc/postfix/spamalias
 +
 
 +
jj5@charity:~$ sudo postfix reload
 +
postfix/postfix-script: refreshing the Postfix mail system
 +
 
 +
= [[User:John|John]] 2012-02-08 15:29 =
 +
 
 +
== Fixing up NFS dns_resolve fixups ==
 +
 
 +
Just changing the implementation of my fixups for the NFS dns_resolve directory permissions. Rather than copying a script into each run level just using a script in /etc/rc.local.
 +
 
 +
jj5@charity:~$ sudo -s
 +
root@charity:~# cd /etc/rc0.d/
 +
root@charity:/etc/rc0.d# ls
 +
K09apache2            K20nslcd              README
 +
K18krb5-admin-server  K20postfix            S10unattended-upgrades
 +
K18krb5-kdc            K20saslauthd          S20sendsigs
 +
K20courier-authdaemon  K20spampd            S30urandom
 +
K20courier-imap        K20xinetd            S31umountnfs.sh
 +
K20courier-imap-ssl    K21spamassassin      S35networking
 +
K20courier-pop        K80nfs-kernel-server  S40umountfs
 +
K20courier-pop-ssl    K80slapd              S60umountroot
 +
K20nscd                K99fail2ban          S90halt
 +
root@charity:/etc/rc0.d# cd ../rc1.d/
 +
root@charity:/etc/rc1.d# ls
 +
K09apache2            K20courier-pop      K20rsync              K80slapd
 +
K18krb5-admin-server  K20courier-pop-ssl  K20saslauthd          K89racoon
 +
K18krb5-kdc            K20mailman          K20spampd            K99fail2ban
 +
K20courier-authdaemon  K20nscd            K20xinetd            README
 +
K20courier-imap        K20nslcd            K21spamassassin      S30killprocs
 +
K20courier-imap-ssl    K20postfix          K80nfs-kernel-server  S90single
 +
root@charity:/etc/rc1.d# cd ../rc2.d/
 +
root@charity:/etc/rc2.d# ls
 +
README                S20courier-pop        S20spampd
 +
S18krb5-admin-server  S20courier-pop-ssl    S20xinetd
 +
S18krb5-kdc            S20mailman            S50rsync
 +
S19slapd              S20nfs-kernel-server  S91apache2
 +
S19spamassassin        S20nscd              S99fail2ban
 +
S20courier-authdaemon  S20nslcd              S99fixup-nfs-dns_resolve.sh
 +
S20courier-imap        S20postfix            S99ondemand
 +
S20courier-imap-ssl    S20saslauthd          S99rc.local
 +
root@charity:/etc/rc2.d# cat S99fixup-nfs-dns_resolve.sh
 +
#!/bin/bash
 +
chmod u+x /var/lib/nfs/rpc_pipefs/cache/dns_resolve
 +
root@charity:/etc/rc2.d# rm S99fixup-nfs-dns_resolve.sh
 +
root@charity:/etc/rc2.d# cd ../rc3.d/
 +
root@charity:/etc/rc3.d# ls
 +
README                S20courier-pop        S20spampd
 +
S18krb5-admin-server  S20courier-pop-ssl    S20xinetd
 +
S18krb5-kdc            S20mailman            S50rsync
 +
S19slapd              S20nfs-kernel-server  S91apache2
 +
S19spamassassin        S20nscd              S99fail2ban
 +
S20courier-authdaemon  S20nslcd              S99fixup-nfs-dns_resolve.sh
 +
S20courier-imap        S20postfix            S99ondemand
 +
S20courier-imap-ssl    S20saslauthd          S99rc.local
 +
root@charity:/etc/rc3.d# rm S99fixup-nfs-dns_resolve.sh
 +
root@charity:/etc/rc3.d# cd ../rc4.d/
 +
root@charity:/etc/rc4.d# ls
 +
README                S20courier-pop        S20spampd
 +
S18krb5-admin-server  S20courier-pop-ssl    S20xinetd
 +
S18krb5-kdc            S20mailman            S50rsync
 +
S19slapd              S20nfs-kernel-server  S91apache2
 +
S19spamassassin        S20nscd              S99fail2ban
 +
S20courier-authdaemon  S20nslcd              S99fixup-nfs-dns_resolve.sh
 +
S20courier-imap        S20postfix            S99ondemand
 +
S20courier-imap-ssl    S20saslauthd          S99rc.local
 +
root@charity:/etc/rc4.d# rm S99fixup-nfs-dns_resolve.sh
 +
root@charity:/etc/rc4.d# cd ../rc5.d/
 +
root@charity:/etc/rc5.d# ls
 +
README                S20courier-pop        S20spampd
 +
S18krb5-admin-server  S20courier-pop-ssl    S20xinetd
 +
S18krb5-kdc            S20mailman            S50rsync
 +
S19slapd              S20nfs-kernel-server  S91apache2
 +
S19spamassassin        S20nscd              S99fail2ban
 +
S20courier-authdaemon  S20nslcd              S99fixup-nfs-dns_resolve.sh
 +
S20courier-imap        S20postfix            S99ondemand
 +
S20courier-imap-ssl    S20saslauthd          S99rc.local
 +
root@charity:/etc/rc5.d# rm S99fixup-nfs-dns_resolve.sh
 +
root@charity:/etc/rc5.d# cd ../rc6.d/
 +
root@charity:/etc/rc6.d# ls
 +
K09apache2            K20nslcd              README
 +
K18krb5-admin-server  K20postfix            S10unattended-upgrades
 +
K18krb5-kdc            K20saslauthd          S20sendsigs
 +
K20courier-authdaemon  K20spampd            S30urandom
 +
K20courier-imap        K20xinetd            S31umountnfs.sh
 +
K20courier-imap-ssl    K21spamassassin      S35networking
 +
K20courier-pop        K80nfs-kernel-server  S40umountfs
 +
K20courier-pop-ssl    K80slapd              S60umountroot
 +
K20nscd                K99fail2ban          S90reboot
 +
root@charity:/etc/rc6.d# cd ../init.d
 +
root@charity:/etc/init.d# vim rc.local
 +
root@charity:/etc/init.d# cd ..
 +
root@charity:/etc# vim rc.local
 +
 
 +
Added:
 +
 
 +
chmod u+x /var/lib/nfs/rpc_pipefs/cache/dns_resolve
 +
 
 +
root@charity:/etc# ll rc.local
 +
-rwxr-xr-x 1 root root 359 2012-02-08 15:28 rc.local*
 +
 
 +
= [[User:John|John]] 2012-01-31 18:30 =
 +
 
 +
== Preparing for Slicehost DataCenter migration ==
 +
 
 +
jj5@charity:~$ sudo -s
 +
root@charity:~# vim /etc/exports
 +
root@charity:~# cat /etc/exports
 +
# /etc/exports: the access control list for filesystems which may be exported
 +
#              to NFS clients.  See exports(5).
 +
#
 +
# Example for NFSv2 and NFSv3:
 +
# /srv/homes      hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
 +
#
 +
# Example for NFSv4:
 +
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
 +
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
 +
#
 +
 +
/export      172.19.0.0/16(rw,fsid=0,insecure,no_subtree_check,async,no_root_squash) 67.207.0.0/16(rw,fsid=0,insecure,no_subtree_check,async,no_root_squash) 10.183.0.0/16(rw,fsid=0,insecure,no_subtree_check,async,no_root_squash)
 +
/export/home  172.19.0.0/16(rw,hide,insecure,no_subtree_check,async,no_root_squash) 67.207.0.0/16(rw,hide,insecure,no_subtree_check,async,no_root_squash) 10.183.0.0/16(rw,hide,insecure,no_subtree_check,async,no_root_squash)
 +
 
 +
root@charity:~# vim /etc/hosts.allow
 +
root@charity:~# cat /etc/hosts.allow
 +
# /etc/hosts.allow: list of hosts that are allowed to access the system.
 +
#                  See the manual pages hosts_access(5) and hosts_options(5).
 +
#
 +
# Example:    ALL: LOCAL @some_netgroup
 +
#            ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
 +
#
 +
# If you're going to protect the portmapper use the name "portmap" for the
 +
# daemon name. Remember that you can only use the keyword "ALL" and IP
 +
# addresses (NOT host or domain names) for the portmapper, as well as for
 +
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
 +
# for further information.
 +
#
 +
 +
# hope.progclub.net
 +
ALL: 172.19.1.28
 +
ALL: 10.183.97.27
 +
ALL: 67.207.130.204
 +
 +
# honesty.progclub.net
 +
ALL: 172.19.1.46
 +
ALL: 10.183.97.45
 +
ALL: 67.207.129.103
 +
 
 +
root@charity:~# vim /etc/iptables.up.rules
 +
root@charity:~# cat /etc/iptables.up.rules
 +
*filter
 +
#  Allow all loopback (lo0) traffic
 +
-A INPUT -i lo -j ACCEPT
 +
# Drop all traffic to 127/8 that does use lo0
 +
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
 +
#  Accept all established inbound connections
 +
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 +
#  Allow all outbound traffic
 +
-A OUTPUT -j ACCEPT
 +
# Allow HTTP and HTTPS connections from anywhere
 +
-A INPUT -p tcp --dport 80 -j ACCEPT
 +
-A INPUT -p tcp --dport 443 -j ACCEPT
 +
# Allows SMTP access
 +
-A INPUT -p tcp --dport 25 -j ACCEPT
 +
# Allows pop and pops connections
 +
-A INPUT -p tcp --dport 110 -j ACCEPT
 +
-A INPUT -p tcp --dport 995 -j ACCEPT
 +
# Allows imap and imaps connections
 +
-A INPUT -p tcp --dport 143 -j ACCEPT
 +
-A INPUT -p tcp --dport 993 -j ACCEPT
 +
#  Allow SSH connections
 +
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
 +
# Allow svnserve
 +
-A INPUT -p tcp --dport 3690 -j ACCEPT
 +
# Accept anything from hope
 +
-A INPUT -s 67.207.130.204 -j ACCEPT
 +
-A INPUT -s 172.19.1.28 -j ACCEPT
 +
-A INPUT -s 10.183.97.27 -j ACCEPT
 +
# Accept anything from honesty
 +
-A INPUT -s 67.207.129.103 -j ACCEPT
 +
-A INPUT -s 172.19.1.46 -j ACCEPT
 +
-A INPUT -s 10.183.97.45 -j ACCEPT
 +
# Allow MySQL connections from John's house
 +
-A INPUT -s 60.240.67.126/32 -p tcp -m tcp --dport 3306 -j ACCEPT
 +
# Hell, allow anything from John's house
 +
-A INPUT -s 60.240.67.126/32 -j ACCEPT
 +
# Allow MySQL connections from localhost
 +
-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT
 +
# Allow IPSec traffic
 +
#-A INPUT -p 50 -j ACCEPT
 +
#-A INPUT -p 51 -j ACCEPT
 +
# Allow ping
 +
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
 +
# log iptables denied calls
 +
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
 +
#-A INPUT -j LOG --log-prefix "iptables debug: " --log-level 7
 +
# Reject all other inbound - default deny unless explicitly allowed policy
 +
-A INPUT -j REJECT
 +
-A FORWARD -j REJECT
 +
COMMIT
 +
 
 +
= [[User:John|John]] 2012-01-29 03:26 =
 +
 
 +
== Hiding "Automatically removed objectClass from template" warnings in phpLDAPadmin ==
 +
 
 +
Per the instructions at [http://phpldapadmin.sourceforge.net/wiki/index.php/FAQ#Why_do_i_get_Automatically_removed_objectClass_from_template_when_creating_or_editing.3F Why do i get Automatically removed objectClass from template when creating or editing?] I suppressed warnings about missing objectClass/attributes. The problem is that there are templates for these in phpLDAPadmin but they don't exist in the LDAP schema. To suppress warnings:
 +
 
 +
# vim /var/www/www.progclub.org/pcldap/config/config.php
 +
 
 +
/* Hide the warnings for invalid objectClasses/attributes in templates. */
 +
$config->custom->appearance['hide_template_warning'] = true;
 +
 
 +
= [[User:John|John]] 2012-01-09 01:08 =
 +
 
 +
== Fixing NFS dns_resolver cache permissions ==
 +
 
 +
There was a problem with the the /var/lib/nfs/rpc_pipefs/cache/dns_resolve directory being that there was no execute permission set on it so it could not be opened after rsync had copied it. Apparently this is a virtual file system that has something to do with NFS, so I created an S99fixup-nfs-dns_resolve.sh script and put it in /etc/rd2.d, /etc/rc3.d, /etc/rc4.d, and /etc/rc5.d. The script adds execute permission to the directory so it can be opened.
 +
 
 +
#!/bin/bash
 +
chmod u+x /var/lib/nfs/rpc_pipefs/cache/dns_resolve
 +
 
 +
= [[User:John|John]] 2011-12-11 02:04 =
 +
 
 +
== Configuring svnserve ==
 +
 
 +
# apt-get install xinetd
 +
# vim /etc/xinetd.d/svnserve
 +
# cat /etc/xinetd.d/svnserve
 +
 
 +
service svn
 +
{
 +
  port = 3690
 +
  socket_type = stream
 +
  protocol = tcp
 +
  wait = no
 +
  user = www-data
 +
  server = /usr/bin/svnserve
 +
  server_args = -i -r /var
 +
}
 +
 
 +
# vim /etc/iptables.up.rules
 +
 
 +
# Allow svnserve
 +
-A INPUT -p tcp --dport 3690 -j ACCEPT
 +
 
 +
jj5@charity:~/bin$ fw.restart
 +
Reloading firewall rules...
 +
 
 +
= [[User:John|John]] 2011-12-08 21:18 =
 +
 
 +
== Enabling Web DAV ==
 +
 
 +
root@charity:/etc/apache2# a2enmod dav_fs
 +
Considering dependency dav for dav_fs:
 +
Module dav already enabled
 +
Enabling module dav_fs.
 +
Run '/etc/init.d/apache2 restart' to activate new configuration!
 +
root@charity:/etc/apache2# apache2ctl graceful
 +
 
 +
= [[User:John|John]] 2011-12-08 19:43 =
 +
 
 +
== Installing logwatch ==
 +
 
 +
Following [https://help.ubuntu.com/community/Logwatch these instructions].
 +
 
 +
jj5@charity:~$ sudo apt-get install logwatch
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  libdate-manip-perl libyaml-syck-perl
 +
Suggested packages:
 +
  fortune-mod
 +
The following NEW packages will be installed:
 +
  libdate-manip-perl libyaml-syck-perl logwatch
 +
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 2,916kB of archives.
 +
After this operation, 17.3MB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libyaml-syck-perl 1.07-1build1 [82.1kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libdate-manip-perl 6.05-1 [2,433kB ]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main logwatch 7.3.6.cvs20090906-1ubuntu2.1  [402kB]
 +
Fetched 2,916kB in 11s (248kB/s)
 +
Committing to: /etc/
 +
modified apt/apt.conf.d/10periodic
 +
modified apt/apt.conf.d/50unattended-upgrades
 +
modified postfix/main.cf
 +
Committed revision 106.
 +
Selecting previously deselected package libyaml-syck-perl.
 +
(Reading database ... 29703 files and directories currently installed.)
 +
Unpacking libyaml-syck-perl (from .../libyaml-syck-perl_1.07-1build1_amd64.deb) ...
 +
Selecting previously deselected package libdate-manip-perl.
 +
Unpacking libdate-manip-perl (from .../libdate-manip-perl_6.05-1_all.deb) ...
 +
Selecting previously deselected package logwatch.
 +
Unpacking logwatch (from .../logwatch_7.3.6.cvs20090906-1ubuntu2.1_all.deb) ...
 +
Processing triggers for man-db ...
 +
Setting up libyaml-syck-perl (1.07-1build1) ...
 +
Setting up libdate-manip-perl (6.05-1) ...
 +
Setting up logwatch (7.3.6.cvs20090906-1ubuntu2.1) ...
 +
Committing to: /etc/
 +
added logwatch
 +
added cron.daily/00logwatch
 +
added logwatch/conf
 +
added logwatch/scripts
 +
added logwatch/conf/logfiles
 +
added logwatch/conf/services
 +
added logwatch/scripts/services
 +
Committed revision 107.
 +
 
 +
jj5@charity:~$ cd /var/cache
 +
jj5@charity:/var/cache$ ls
 +
apache2  apt  debconf  etckeeper  ldconfig  man  nscd  spampd
 +
jj5@charity:/var/cache$ sudo mkdir logwatch
 +
jj5@charity:/var/cache$ sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
 +
 
 +
jj5@charity:/var/cache$ sudo vim /etc/logwatch/conf/logwatch.conf
 +
 
 +
MailTo = admin@blackbrick.com
 +
Detail = High
 +
 
 +
jj5@charity:/var/cache$ sudo cp /usr/share/logwatch/default.conf/logfiles/http.conf /etc/logwatch/conf/logfiles/
 +
 
 +
= [[User:John|John]] 2011-12-08 18:14 =
 +
 
 +
== Installing unattended upgrades ==
 +
 
 +
Following [https://help.ubuntu.com/10.04/serverguide/C/automatic-updates.html these instructions].
 +
 
 +
root@charity:~# apt-get install unattended-upgrades
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
Suggested packages:
 +
  bsd-mailx
 +
The following NEW packages will be installed:
 +
  unattended-upgrades
 +
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 20.8kB of archives.
 +
After this operation, 250kB of additional disk space will be used.
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main unattended-upgrades 0.55ubuntu6 [20.8kB]
 +
Fetched 20.8kB in 0s (43.7kB/s)
 +
Preconfiguring packages ...
 +
Selecting previously deselected package unattended-upgrades.
 +
(Reading database ... 29671 files and directories currently installed.)
 +
Unpacking unattended-upgrades (from .../unattended-upgrades_0.55ubuntu6_all.deb) ...
 +
Processing triggers for man-db ...
 +
Processing triggers for ureadahead ...
 +
Setting up unattended-upgrades (0.55ubuntu6) ...
 +
update-rc.d: warning: unattended-upgrades start runlevel arguments (none) do not match LSB Default-Start values (0 6)
 +
update-rc.d: warning: unattended-upgrades stop runlevel arguments (0 6) do not match LSB Default-Stop values (none)
 +
 +
 +
Broadcast message from root@charity
 +
        (unknown) at 6:56 ...
 +
 +
The system is going down for power off NOW!
 +
Committing to: /etc/
 +
added pm
 +
added apt/apt.conf.d/50unattended-upgrades
 +
added init.d/unattended-upgrades
 +
added logrotate.d/unattended-upgrades
 +
added pm/sleep.d
 +
added pm/sleep.d/10_unattended-upgrades-hibernate
 +
added rc0.d/S10unattended-upgrades
 +
added rc6.d/S10unattended-upgrades
 +
Committed revision 104.
 +
 
 +
jj5@charity:~$ sudo apt-get install bsd-mailx
 +
[sudo] password for jj5:
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following NEW packages will be installed:
 +
  bsd-mailx
 +
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 162kB of archives.
 +
After this operation, 311kB of additional disk space will be used.
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main bsd-mailx 8.1.2-0.20090911cvs-2ubuntu1 [162kB]
 +
Fetched 162kB in 10s (15.0kB/s)
 +
Selecting previously deselected package bsd-mailx.
 +
(Reading database ... 29689 files and directories currently installed.)
 +
Unpacking bsd-mailx (from .../bsd-mailx_8.1.2-0.20090911cvs-2ubuntu1_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Setting up bsd-mailx (8.1.2-0.20090911cvs-2ubuntu1) ...
 +
update-alternatives: using /usr/bin/bsd-mailx to provide /usr/bin/mailx (mailx) in auto mode.
 +
update-alternatives: warning: not replacing /usr/bin/mail with a link.
 +
update-alternatives: warning: not replacing /usr/share/man/man1/mail.1.gz with a link.
 +
 +
Committing to: /etc/
 +
added mail.rc
 +
added alternatives/Mail
 +
added alternatives/Mail.1.gz
 +
added alternatives/mail
 +
added alternatives/mail.1.gz
 +
modified alternatives/mailx
 +
modified alternatives/mailx.1.gz
 +
Committed revision 105.
 +
 
 +
root@charity:/etc/apt/apt.conf.d# vim 50unattended-upgrades
 +
root@charity:/etc/apt/apt.conf.d# cat 50unattended-upgrades
 +
// Automatically upgrade packages from these (origin, archive) pairs
 +
Unattended-Upgrade::Allowed-Origins {
 +
        "Ubuntu lucid-security";
 +
        "Ubuntu lucid-updates";
 +
};
 +
 +
// List of packages to not update
 +
Unattended-Upgrade::Package-Blacklist {
 +
//      "vim";
 +
//      "libc6";
 +
//      "libc6-dev";
 +
//      "libc6-i686";
 +
};
 +
 +
// Send email to this address for problems or packages upgrades
 +
// If empty or unset then no email is sent, make sure that you
 +
// have a working mail setup on your system. The package 'mailx'
 +
// must be installed or anything that provides /usr/bin/mail.
 +
//Unattended-Upgrade::Mail "root@localhost";
 +
Unattended-Upgrade::Mail "admin@progclub.org";
 +
 +
// Do automatic removal of new unused dependencies after the upgrade
 +
// (equivalent to apt-get autoremove)
 +
Unattended-Upgrade::Remove-Unused-Dependencies "true";
 +
 +
// Automatically reboot *WITHOUT CONFIRMATION* if a
 +
// the file /var/run/reboot-required is found after the upgrade
 +
Unattended-Upgrade::Automatic-Reboot "true";
 +
 +
 +
// Use apt bandwidth limit feature, this example limits the download
 +
// speed to 70kb/sec
 +
//Acquire::http::Dl-Limit "70";
 +
root@charity:/etc/apt/apt.conf.d#
 +
 
 +
root@charity:/etc/apt/apt.conf.d# vim 10periodic
 +
root@charity:/etc/apt/apt.conf.d# cat 10periodic
 +
APT::Periodic::Update-Package-Lists "1";
 +
APT::Periodic::Download-Upgradeable-Packages "1";
 +
APT::Periodic::AutocleanInterval "7";
 +
APT::Periodic::Unattended-Upgrade "1";
 +
 
 +
= [[User:John|John]] 2011-11-30 15:51 =
 +
 
 +
== Web-site goes HTTPS ==
 +
 
 +
Found [http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html this article] which suggested the following in /etc/apache2/sites-enabled/default
 +
 
 +
RewriteEngine On
 +
RewriteCond %{HTTPS} off
 +
RewriteRule (.*) https://www.progclub.org%{REQUEST_URI}
 +
 
 +
This has two benefits. One is that all web requests will be redirected to the secure site, and the second is that all HTTP requests will be redirected to the canonical domain.
 +
 
 +
= [[User:John|John]] 2011-11-30 06:57 =
 +
 
 +
== Getting rid of =3D in svn-mailer commit hook ==
 +
 
 +
Found [http://dag.wieers.com/blog/getting-rid-of-3d-in-svnmailer this article] which suggested editing svn-mailer config file /etc/pcrepo-mailer.conf and adding:
 +
 
 +
[defaults]
 +
mail_transfer_encoding = 8bit
 +
 
 +
= [[User:John|John]] 2011-11-27 13:37 =
 +
 
 +
== Fixing NFSv4 (nfs4) IDMAP problem ==
 +
 
 +
There was a problem with the idmap service whereby NFS clients where reporting user and group of nobody and nogroup. The problem was with the idmap configuration. I found [http://www.novell.com/support/dynamickc.do?cmd=show&forward=nonthreadedKC&docType=kc&externalId=7005060&sliceId=1 this article] which suggested adding the Method=nsswitch setting in the <nowiki>[Transalation]</nowiki> section, so I edited the /etc/idmapd.conf file on all the servers to be the following:
 +
 
 +
[General]
 +
Verbosity = 0
 +
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
 +
Domain = progclub.org
 +
 +
[Mapping]
 +
Nobody-User = nobody
 +
Nobody-Group = nogroup
 +
 +
[Translation]
 +
Method=nsswitch
 +
 
 +
Note that I specified the domain progclub.org too, rather than localdomain. I don't think that was necessary, I think the important bit was Method=nsswitch. It's all working properly now and ls -al reports correct user and group.
 +
 
 +
= [[User:John|John]] 2011-09-19 23:39 =
 +
 
 +
== Installing PHP SQLite ==
 +
 
 +
root@charity:~# apt-get install php5-sqlite
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following NEW packages will be installed:
 +
  php5-sqlite
 +
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 55.3kB of archives.
 +
After this operation, 225kB of additional disk space will be used.
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5-sqlite 5.3.2-1ubuntu4.9 [55.3kB]
 +
Fetched 55.3kB in 0s (108kB/s)
 +
Committing to: /etc/
 +
modified php5/conf.d/imap.ini
 +
modified php5/conf.d/mcrypt.ini
 +
Committed revision 91.
 +
Selecting previously deselected package php5-sqlite.
 +
(Reading database ... 29504 files and directories currently installed.)
 +
Unpacking php5-sqlite (from .../php5-sqlite_5.3.2-1ubuntu4.9_amd64.deb) ...
 +
Processing triggers for libapache2-mod-php5 ...
 +
  * Reloading web server config apache2                                  [ OK ]
 +
Setting up php5-sqlite (5.3.2-1ubuntu4.9) ...
 +
Committing to: /etc/
 +
added php5/conf.d/pdo_sqlite.ini
 +
added php5/conf.d/sqlite.ini
 +
added php5/conf.d/sqlite3.ini
 +
Committed revision 92.
 +
 
 +
root@charity:~# apache2ctl graceful
 +
 
 +
 
 +
= [[User:John|John]] 2011-09-05 01:48 =
 +
 
 +
== Removing 'nofollow' from list archvies ==
 +
 
 +
root@charity:/var/lib/mailman/templates/en# vim article.html
 +
 
 +
Changed:
 +
 
 +
<META NAME="robots" CONTENT="index,nofollow">
 +
 
 +
To:
 +
 
 +
<META NAME="robots" CONTENT="index,follow">
 +
 
 +
= [[User:John|John]] 2011-09-02 17:10 =
 +
 
 +
== Installing roundcube ==
 +
 
 +
root@charity:~/bin# mysql -p
 +
Enter password:
 +
Welcome to the MySQL monitor.  Commands end with ; or \g.
 +
Your MySQL connection id is 17222
 +
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
 +
 +
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 +
 +
mysql> create database roundcubedb /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
 +
Query OK, 1 row affected (0.00 sec)
 +
 +
mysql> grant all privileges on roundcubedb.* to roundcube@localhost identified by 'secret';
 +
Query OK, 0 rows affected (0.16 sec)
 +
 +
mysql> quit
 +
Bye
 +
 
 +
root@charity:~/bin# mysql -p roundcubedb < /var/www/www.progclub.org/pcwebmail/roundcube/SQL/mysql.initial.sql
 +
Enter password:
 +
 
 +
 
 +
 
 +
= [[User:John|John]] 2011-08-27 16:37 =
 +
 
 +
== Updating fail2ban jail.conf ==
 +
 
 +
/etc/fail2ban/jail.conf was updated to enable fail2ban filtering on most services, and to send abuse reports to admin@progclub.org.
 +
 
 +
= [[User:John|John]] 2011-08-27 09:07 =
 +
 
 +
== Fixing missing /etc/postfix/spamalias.db error ==
 +
 
 +
I was seeing entries like this in /var/log/mail.log:
 +
 
 +
Aug 21 09:36:53 charity postfix/local[5094]: fatal: open database /etc/postfix/spamalias.db: No such file or directory
 +
Aug 21 09:36:54 charity postfix/master[3001]: warning: process /usr/lib/postfix/local pid 5094 exit status 1
 +
Aug 21 09:36:54 charity postfix/master[3001]: warning: /usr/lib/postfix/local: bad command startup -- throttling
 +
 
 +
I took a wild guess and ran:
 +
 
 +
root@charity:/etc/postfix# postalias spamalias
 +
 
 +
That created a spamalias.db file. Hopefully that fixes the problem.
 +
 
 +
= [[User:John|John]] 2011-08-21 02:13 =
 +
 
 +
== Installing spamassassin ==
 +
 
 +
Following [http://townx.org/blog/elliot/simple_spamassassin_setup_with_postfix_and_dovecot_on_ubuntu_breezy these instructions].
 +
 
 +
root@charity:~# apt-get install spamassassin spamc
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  binutils gcc gcc-4.4 libc-dev-bin libc6-dev libdigest-hmac-perl
 +
  libdigest-sha1-perl liberror-perl libfont-afm-perl libgomp1
 +
  libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl
 +
  libhtml-tree-perl libio-socket-inet6-perl libmail-spf-perl libmailtools-perl
 +
  libnet-dns-perl libnet-ip-perl libnetaddr-ip-perl libsocket6-perl
 +
  libsys-hostname-long-perl liburi-perl libwww-perl linux-libc-dev
 +
  manpages-dev re2c
 +
Suggested packages:
 +
  binutils-doc gcc-multilib autoconf automake1.9 libtool flex bison gdb
 +
  gcc-doc gcc-4.4-multilib libmudflap0-4.4-dev gcc-4.4-doc gcc-4.4-locales
 +
  libgcc1-dbg libgomp1-dbg libmudflap0-dbg libcloog-ppl0 libppl-c2 libppl7
 +
  glibc-doc libdata-dump-perl libcrypt-ssleay-perl libio-socket-ssl-perl razor
 +
  libnet-ident-perl pyzor libmail-dkim-perl
 +
The following NEW packages will be installed:
 +
  binutils gcc gcc-4.4 libc-dev-bin libc6-dev libdigest-hmac-perl
 +
  libdigest-sha1-perl liberror-perl libfont-afm-perl libgomp1
 +
  libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl
 +
  libhtml-tree-perl libio-socket-inet6-perl libmail-spf-perl libmailtools-perl
 +
  libnet-dns-perl libnet-ip-perl libnetaddr-ip-perl libsocket6-perl
 +
  libsys-hostname-long-perl liburi-perl libwww-perl linux-libc-dev
 +
  manpages-dev re2c spamassassin spamc
 +
0 upgraded, 29 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 13.0MB of archives.
 +
After this operation, 45.6MB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libfont-afm-perl 1.20-1 [14.3kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main liburi-perl 1.52-1 [96.8kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libhtml-tagset-perl 3.20-2 [13.5kB]
 +
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main libhtml-parser-perl 3.64-1 [114kB]
 +
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main libhtml-tree-perl 3.23-1 [209kB]
 +
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main libhtml-format-perl 2.04-2 [39.6kB]
 +
Get:7 http://archive.ubuntu.com/ubuntu/ lucid/main libmailtools-perl 2.05-1 [98.0kB]
 +
Get:8 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libwww-perl 5.834-1ubuntu0.1 [401kB]
 +
Get:9 http://archive.ubuntu.com/ubuntu/ lucid-updates/main binutils 2.20.1-3ubuntu7.1 [1,658kB]
 +
Get:10 http://archive.ubuntu.com/ubuntu/ lucid/main libgomp1 4.4.3-4ubuntu5 [25.5kB]
 +
Get:11 http://archive.ubuntu.com/ubuntu/ lucid/main gcc-4.4 4.4.3-4ubuntu5 [2,877kB]
 +
Get:12 http://archive.ubuntu.com/ubuntu/ lucid/main gcc 4:4.4.3-1ubuntu1 [5,064B]
 +
Get:13 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc-dev-bin 2.11.1-0ubuntu7.8 [224kB]
 +
Get:14 http://archive.ubuntu.com/ubuntu/ lucid-updates/main linux-libc-dev 2.6.32-33.72 [841kB]
 +
Get:15 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc6-dev 2.11.1-0ubuntu7.8 [2,706kB]
 +
Get:16 http://archive.ubuntu.com/ubuntu/ lucid/main libdigest-sha1-perl 2.12-1build1 [26.7kB]
 +
Get:17 http://archive.ubuntu.com/ubuntu/ lucid/main libdigest-hmac-perl 1.01-7 [10.6kB]
 +
Get:18 http://archive.ubuntu.com/ubuntu/ lucid/main liberror-perl 0.17-1 [23.8kB]
 +
Get:19 http://archive.ubuntu.com/ubuntu/ lucid/main libsocket6-perl 0.23-1 [28.4kB]
 +
Get:20 http://archive.ubuntu.com/ubuntu/ lucid/main libio-socket-inet6-perl 2.54-1.1 [15.1kB]
 +
Get:21 http://archive.ubuntu.com/ubuntu/ lucid/main libnetaddr-ip-perl 4.024+dfsg-1build1 [98.0kB]
 +
Get:22 http://archive.ubuntu.com/ubuntu/ lucid/main libnet-ip-perl 1.25-2 [30.3kB]
 +
Get:23 http://archive.ubuntu.com/ubuntu/ lucid/main libnet-dns-perl 0.65-1build1 [278kB]
 +
Get:24 http://archive.ubuntu.com/ubuntu/ lucid/main libmail-spf-perl 2.007-1 [125kB]
 +
Get:25 http://archive.ubuntu.com/ubuntu/ lucid/main libsys-hostname-long-perl 1.4-2 [11.4kB]
 +
Get:26 http://archive.ubuntu.com/ubuntu/ lucid/main manpages-dev 3.23-1 [1,547kB]
 +
Get:27 http://archive.ubuntu.com/ubuntu/ lucid/main re2c 0.13.5-1build1 [221kB]
 +
Get:28 http://archive.ubuntu.com/ubuntu/ lucid/main spamassassin 3.3.1-1 [1,232kB]
 +
Get:29 http://archive.ubuntu.com/ubuntu/ lucid/main spamc 3.3.1-1 [70.6kB]
 +
Fetched 13.0MB in 7s (1,831kB/s)
 +
Committing to: /etc/
 +
modified pcrepo-mailer.conf
 +
Committed revision 72.
 +
Selecting previously deselected package libfont-afm-perl.
 +
(Reading database ... 25257 files and directories currently installed.)
 +
Unpacking libfont-afm-perl (from .../libfont-afm-perl_1.20-1_all.deb) ...
 +
Selecting previously deselected package liburi-perl.
 +
Unpacking liburi-perl (from .../liburi-perl_1.52-1_all.deb) ...
 +
Selecting previously deselected package libhtml-tagset-perl.
 +
Unpacking libhtml-tagset-perl (from .../libhtml-tagset-perl_3.20-2_all.deb) ...
 +
Selecting previously deselected package libhtml-parser-perl.
 +
Unpacking libhtml-parser-perl (from .../libhtml-parser-perl_3.64-1_amd64.deb) ...
 +
Selecting previously deselected package libhtml-tree-perl.
 +
Unpacking libhtml-tree-perl (from .../libhtml-tree-perl_3.23-1_all.deb) ...
 +
Selecting previously deselected package libhtml-format-perl.
 +
Unpacking libhtml-format-perl (from .../libhtml-format-perl_2.04-2_all.deb) ...
 +
Selecting previously deselected package libmailtools-perl.
 +
Unpacking libmailtools-perl (from .../libmailtools-perl_2.05-1_all.deb) ...
 +
Selecting previously deselected package libwww-perl.
 +
Unpacking libwww-perl (from .../libwww-perl_5.834-1ubuntu0.1_all.deb) ...
 +
Selecting previously deselected package binutils.
 +
Unpacking binutils (from .../binutils_2.20.1-3ubuntu7.1_amd64.deb) ...
 +
Selecting previously deselected package libgomp1.
 +
Unpacking libgomp1 (from .../libgomp1_4.4.3-4ubuntu5_amd64.deb) ...
 +
Selecting previously deselected package gcc-4.4.
 +
Unpacking gcc-4.4 (from .../gcc-4.4_4.4.3-4ubuntu5_amd64.deb) ...
 +
Selecting previously deselected package gcc.
 +
Unpacking gcc (from .../gcc_4%3a4.4.3-1ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package libc-dev-bin.
 +
Unpacking libc-dev-bin (from .../libc-dev-bin_2.11.1-0ubuntu7.8_amd64.deb) ...
 +
Selecting previously deselected package linux-libc-dev.
 +
Unpacking linux-libc-dev (from .../linux-libc-dev_2.6.32-33.72_amd64.deb) ...
 +
Selecting previously deselected package libc6-dev.
 +
Unpacking libc6-dev (from .../libc6-dev_2.11.1-0ubuntu7.8_amd64.deb) ...
 +
Selecting previously deselected package libdigest-sha1-perl.
 +
Unpacking libdigest-sha1-perl (from .../libdigest-sha1-perl_2.12-1build1_amd64.deb) ...
 +
Selecting previously deselected package libdigest-hmac-perl.
 +
Unpacking libdigest-hmac-perl (from .../libdigest-hmac-perl_1.01-7_all.deb) ...
 +
Selecting previously deselected package liberror-perl.
 +
Unpacking liberror-perl (from .../liberror-perl_0.17-1_all.deb) ...
 +
Selecting previously deselected package libsocket6-perl.
 +
Unpacking libsocket6-perl (from .../libsocket6-perl_0.23-1_amd64.deb) ...
 +
Selecting previously deselected package libio-socket-inet6-perl.
 +
Unpacking libio-socket-inet6-perl (from .../libio-socket-inet6-perl_2.54-1.1_all.deb) ...
 +
Selecting previously deselected package libnetaddr-ip-perl.
 +
Unpacking libnetaddr-ip-perl (from .../libnetaddr-ip-perl_4.024+dfsg-1build1_amd64.deb) ...
 +
Selecting previously deselected package libnet-ip-perl.
 +
Unpacking libnet-ip-perl (from .../libnet-ip-perl_1.25-2_all.deb) ...
 +
Selecting previously deselected package libnet-dns-perl.
 +
Unpacking libnet-dns-perl (from .../libnet-dns-perl_0.65-1build1_amd64.deb) ...
 +
Selecting previously deselected package libmail-spf-perl.
 +
Unpacking libmail-spf-perl (from .../libmail-spf-perl_2.007-1_all.deb) ...
 +
Selecting previously deselected package libsys-hostname-long-perl.
 +
Unpacking libsys-hostname-long-perl (from .../libsys-hostname-long-perl_1.4-2_all.deb) ...
 +
Selecting previously deselected package manpages-dev.
 +
Unpacking manpages-dev (from .../manpages-dev_3.23-1_all.deb) ...
 +
Selecting previously deselected package re2c.
 +
Unpacking re2c (from .../re2c_0.13.5-1build1_amd64.deb) ...
 +
Selecting previously deselected package spamassassin.
 +
Unpacking spamassassin (from .../spamassassin_3.3.1-1_all.deb) ...
 +
Selecting previously deselected package spamc.
 +
Unpacking spamc (from .../spamc_3.3.1-1_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Processing triggers for ureadahead ...
 +
Setting up libfont-afm-perl (1.20-1) ...
 +
Setting up liburi-perl (1.52-1) ...
 +
Setting up libhtml-tagset-perl (3.20-2) ...
 +
Setting up libhtml-parser-perl (3.64-1) ...
 +
Setting up libhtml-tree-perl (3.23-1) ...
 +
Setting up libhtml-format-perl (2.04-2) ...
 +
Setting up libmailtools-perl (2.05-1) ...
 +
Setting up libwww-perl (5.834-1ubuntu0.1) ...
 +
Setting up binutils (2.20.1-3ubuntu7.1) ...
 +
 +
Setting up libgomp1 (4.4.3-4ubuntu5) ...
 +
 +
Setting up gcc-4.4 (4.4.3-4ubuntu5) ...
 +
Setting up gcc (4:4.4.3-1ubuntu1) ...
 +
 +
Setting up libc-dev-bin (2.11.1-0ubuntu7.8) ...
 +
Setting up linux-libc-dev (2.6.32-33.72) ...
 +
Setting up libc6-dev (2.11.1-0ubuntu7.8) ...
 +
Setting up libdigest-sha1-perl (2.12-1build1) ...
 +
Setting up libdigest-hmac-perl (1.01-7) ...
 +
Setting up liberror-perl (0.17-1) ...
 +
Setting up libsocket6-perl (0.23-1) ...
 +
 +
Setting up libio-socket-inet6-perl (2.54-1.1) ...
 +
Setting up libnetaddr-ip-perl (4.024+dfsg-1build1) ...
 +
Setting up libnet-ip-perl (1.25-2) ...
 +
Setting up libnet-dns-perl (0.65-1build1) ...
 +
Setting up libmail-spf-perl (2.007-1) ...
 +
Setting up libsys-hostname-long-perl (1.4-2) ...
 +
Setting up manpages-dev (3.23-1) ...
 +
Setting up re2c (0.13.5-1build1) ...
 +
Setting up spamassassin (3.3.1-1) ...
 +
SpamAssassin Mail Filter Daemon: disabled, see /etc/default/spamassassin
 +
 +
Setting up spamc (3.3.1-1) ...
 +
Processing triggers for libc-bin ...
 +
ldconfig deferred processing now taking place
 +
Committing to: /etc/
 +
added mail
 +
added spamassassin
 +
added alternatives/c89
 +
added alternatives/c89.1.gz
 +
added alternatives/c99
 +
added alternatives/c99.1.gz
 +
added alternatives/cc
 +
added alternatives/cc.1.gz
 +
added cron.daily/spamassassin
 +
added default/spamassassin
 +
added init.d/spamassassin
 +
added mail/spamassassin
 +
added rc0.d/K21spamassassin
 +
added rc1.d/K21spamassassin
 +
added rc2.d/S19spamassassin
 +
added rc3.d/S19spamassassin
 +
added rc4.d/S19spamassassin
 +
added rc5.d/S19spamassassin
 +
added rc6.d/K21spamassassin
 +
added spamassassin/65_debian.cf
 +
added spamassassin/init.pre
 +
added spamassassin/local.cf
 +
added spamassassin/sa-update-hooks.d
 +
added spamassassin/v310.pre
 +
added spamassassin/v312.pre
 +
added spamassassin/v320.pre
 +
added spamassassin/v330.pre
 +
Committed revision 73.
 +
 
 +
root@charity:~# groupadd spamd
 +
root@charity:~# useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
 +
root@charity:~# mkdir /var/log/spamassassin
 +
root@charity:~# chown spamd:spamd /var/log/spamassassin
 +
 
 +
root@charity:~# vim /etc/default/spamassassin
 +
root@charity:~# cat /etc/default/spamassassin
 +
# /etc/default/spamassassin
 +
# Duncan Findlay
 +
 +
# WARNING: please read README.spamd before using.
 +
# There may be security risks.
 +
 +
# Change to one to enable spamd
 +
ENABLED=1
 +
 +
 +
# JE: 2011-08-21: http://townx.org/blog/elliot/simple_spamassassin_setup_with_postfix_and_dovecot_on_ubuntu_breezy
 +
 +
SAHOME="/var/log/spamassassin/"
 +
 +
 +
 +
# Options
 +
# See man spamd for possible options. The -d option is automatically added.
 +
 +
# SpamAssassin uses a preforking model, so be careful! You need to
 +
# make sure --max-children is not set to anything higher than 5,
 +
# unless you know what you're doing.
 +
 +
#OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
 +
 +
OPTIONS="--create-prefs --max-children 2 --username spamd -H ${SAHOME} -s ${SAHOME}spamd.log"
 +
 +
 +
# Pid file
 +
# Where should spamd write its PID to file? If you use the -u or
 +
# --username option above, this needs to be writable by that user.
 +
# Otherwise, the init script will not be able to shut spamd down.
 +
PIDFILE="/var/run/spamd.pid"
 +
 +
# Set nice level of spamd
 +
#NICE="--nicelevel 15"
 +
 +
# Cronjob
 +
# Set to anything but 0 to enable the cron job to automatically update
 +
# spamassassin's rules on a nightly basis
 +
CRON=0
 +
 
 +
root@charity:~# /etc/init.d/spamassassin start
 +
Starting SpamAssassin Mail Filter Daemon: spamd.
 +
 
 +
root@charity:~# vim /etc/postfix/master.cf
 +
root@charity:~# cat /etc/postfix/master.cf
 +
#
 +
# Postfix master process configuration file.  For details on the format
 +
# of the file, see the master(5) manual page (command: "man 5 master").
 +
#
 +
# Do not forget to execute "postfix reload" after editing this file.
 +
#
 +
# ==========================================================================
 +
# service type  private unpriv  chroot  wakeup  maxproc command + args
 +
#              (yes)  (yes)  (yes)  (never) (100)
 +
# ==========================================================================
 +
smtp      inet  n      -      -      -      -      smtpd
 +
        -o content_filter=spamassassin
 +
#submission inet n      -      -      -      -      smtpd
 +
#  -o smtpd_tls_security_level=encrypt
 +
#  -o smtpd_sasl_auth_enable=yes
 +
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 +
#  -o milter_macro_daemon_name=ORIGINATING
 +
#smtps    inet  n      -      -      -      -      smtpd
 +
#  -o smtpd_tls_wrappermode=yes
 +
#  -o smtpd_sasl_auth_enable=yes
 +
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 +
#  -o milter_macro_daemon_name=ORIGINATING
 +
#628      inet  n      -      -      -      -      qmqpd
 +
pickup    fifo  n      -      -      60      1      pickup
 +
cleanup  unix  n      -      -      -      0      cleanup
 +
qmgr      fifo  n      -      n      300    1      qmgr
 +
#qmgr    fifo  n      -      -      300    1      oqmgr
 +
tlsmgr    unix  -      -      -      1000?  1      tlsmgr
 +
rewrite  unix  -      -      -      -      -      trivial-rewrite
 +
bounce    unix  -      -      -      -      0      bounce
 +
defer    unix  -      -      -      -      0      bounce
 +
trace    unix  -      -      -      -      0      bounce
 +
verify    unix  -      -      -      -      1      verify
 +
flush    unix  n      -      -      1000?  0      flush
 +
proxymap  unix  -      -      n      -      -      proxymap
 +
proxywrite unix -      -      n      -      1      proxymap
 +
smtp      unix  -      -      -      -      -      smtp
 +
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
 +
relay    unix  -      -      -      -      -      smtp
 +
        -o smtp_fallback_relay=
 +
#      -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
 +
showq    unix  n      -      -      -      -      showq
 +
error    unix  -      -      -      -      -      error
 +
retry    unix  -      -      -      -      -      error
 +
discard  unix  -      -      -      -      -      discard
 +
local    unix  -      n      n      -      -      local
 +
virtual  unix  -      n      n      -      -      virtual
 +
lmtp      unix  -      -      -      -      -      lmtp
 +
anvil    unix  -      -      -      -      1      anvil
 +
scache    unix  -      -      -      -      1      scache
 +
#
 +
# ====================================================================
 +
# Interfaces to non-Postfix software. Be sure to examine the manual
 +
# pages of the non-Postfix software to find out what options it wants.
 +
#
 +
# Many of the following services use the Postfix pipe(8) delivery
 +
# agent.  See the pipe(8) man page for information about ${recipient}
 +
# and other message envelope options.
 +
# ====================================================================
 +
#
 +
# maildrop. See the Postfix MAILDROP_README file for details.
 +
# Also specify in main.cf: maildrop_destination_recipient_limit=1
 +
#
 +
maildrop  unix  -      n      n      -      -      pipe
 +
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
 +
#
 +
# ====================================================================
 +
#
 +
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
 +
#
 +
# Specify in cyrus.conf:
 +
#  lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
 +
 +
# Specify in main.cf one or more of the following:
 +
#  mailbox_transport = lmtp:inet:localhost
 +
#  virtual_transport = lmtp:inet:localhost
 +
#
 +
# ====================================================================
 +
#
 +
# Cyrus 2.1.5 (Amos Gouaux)
 +
# Also specify in main.cf: cyrus_destination_recipient_limit=1
 +
#
 +
#cyrus    unix  -      n      n      -      -      pipe
 +
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
 +
#
 +
# ====================================================================
 +
# Old example of delivery via Cyrus.
 +
#
 +
#old-cyrus unix  -      n      n      -      -      pipe
 +
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
 +
#
 +
# ====================================================================
 +
#
 +
# See the Postfix UUCP_README file for configuration details.
 +
#
 +
uucp      unix  -      n      n      -      -      pipe
 +
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
 +
#
 +
# Other external delivery methods.
 +
#
 +
ifmail    unix  -      n      n      -      -      pipe
 +
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
 +
bsmtp    unix  -      n      n      -      -      pipe
 +
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
 +
scalemail-backend unix  -      n      n      -      2      pipe
 +
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
 +
mailman  unix  -      n      n      -      -      pipe
 +
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
 +
  ${nexthop} ${user}
 +
 +
# JE: 2011-08-21: http://townx.org/blog/elliot/simple_spamassassin_setup_with_postfix_and_dovecot_on_ubuntu_breezy
 +
 +
spamassassin unix -    n      n      -      -      pipe
 +
        user=spamd argv=/usr/bin/spamc -e
 +
        /usr/sbin/sendmail -oi -f $(sender) $(recipient)
 +
 
 +
root@charity:~# /etc/init.d/postfix reload
 +
  * Reloading Postfix configuration...                                          [ OK ]
 +
 
 +
Following [http://www.jamesh.id.au/articles/mailman-spamassassin/ these instructions] I edited /etc/mailman/mm_cfg.py to uncomment the following line:
 +
 
 +
GLOBAL_PIPELINE.insert(1, 'SpamAssassin')
 +
 
 +
root@charity:~# userdel spamd
 +
root@charity:~# groupdel spamd
 +
groupdel: group 'spamd' does not exist
 +
root@charity:~# groupadd -g 50001 spamd
 +
root@charity:~# useradd -u 50001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin spamd
 +
root@charity:~# mkdir /var/lib/spamassassin
 +
root@charity:~# chown spamd:spamd /var/lib/spamassassin
 +
 
 +
Having trouble... trying [http://wiki.apache.org/spamassassin/IntegratePostfixViaSpampd these instructions] to use spampd.
 +
 
 +
jj5@charity:~$ sudo -s
 +
[sudo] password for jj5:
 +
root@charity:~# vim /etc/aliases
 +
 
 +
root@charity:~# newaliases
 +
root@charity:~# vim /etc/postfix/master.cf
 +
root@charity:~# vim /etc/postfix/main.cf
 +
root@charity:~# apt-get install spampd
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  libio-multiplex-perl libnet-cidr-perl libnet-server-perl
 +
Suggested packages:
 +
  libio-socket-ssl-perl
 +
The following NEW packages will be installed:
 +
  libio-multiplex-perl libnet-cidr-perl libnet-server-perl spampd
 +
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 234kB of archives.
 +
After this operation, 860kB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libio-multiplex-perl 1.10-1 [22.9kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libnet-cidr-perl 0.13-1 [14.6kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libnet-server-perl 0.97-1ubuntu1 [141kB]
 +
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/universe spampd 2.30-22 [55.6kB]
 +
Fetched 234kB in 0s (237kB/s)
 +
Committing to: /etc/
 +
modified .etckeeper
 +
modified aliases
 +
modified aliases.db
 +
modified group
 +
modified group-
 +
modified gshadow
 +
modified gshadow-
 +
modified passwd
 +
modified passwd-
 +
modified shadow
 +
modified shadow-
 +
modified default/spamassassin
 +
modified mailman/mm_cfg.py
 +
modified postfix/main.cf
 +
modified postfix/master.cf
 +
missing postfix/mysql-domains.cf
 +
modified postfix/mysql-domains.cf
 +
missing postfix/mysql-email.cf
 +
modified postfix/mysql-email.cf
 +
missing postfix/mysql-forwards.cf
 +
modified postfix/mysql-forwards.cf
 +
missing postfix/mysql-mailboxes.cf
 +
modified postfix/mysql-mailboxes.cf
 +
added postfix/old
 +
added postfix/old/mysql-domains.cf
 +
added postfix/old/mysql-email.cf
 +
added postfix/old/mysql-forwards.cf
 +
added postfix/old/mysql-mailboxes.cf
 +
modified spamassassin/local.cf
 +
Committed revision 74.
 +
Selecting previously deselected package libio-multiplex-perl.
 +
(Reading database ... 29433 files and directories currently installed.)
 +
Unpacking libio-multiplex-perl (from .../libio-multiplex-perl_1.10-1_all.deb) ...
 +
Selecting previously deselected package libnet-cidr-perl.
 +
Unpacking libnet-cidr-perl (from .../libnet-cidr-perl_0.13-1_all.deb) ...
 +
Selecting previously deselected package libnet-server-perl.
 +
Unpacking libnet-server-perl (from .../libnet-server-perl_0.97-1ubuntu1_all.deb) ...
 +
Selecting previously deselected package spampd.
 +
Unpacking spampd (from .../spampd_2.30-22_all.deb) ...
 +
Processing triggers for man-db ...
 +
Processing triggers for ureadahead ...
 +
Setting up libio-multiplex-perl (1.10-1) ...
 +
Setting up libnet-cidr-perl (0.13-1) ...
 +
Setting up libnet-server-perl (0.97-1ubuntu1) ...
 +
Setting up spampd (2.30-22) ...
 +
  * Starting spam checking proxy daemon spampd                            [ OK ]
 +
 +
Committing to: /etc/
 +
modified .etckeeper
 +
modified group
 +
modified group-
 +
modified gshadow
 +
modified gshadow-
 +
modified passwd
 +
modified passwd-
 +
modified shadow
 +
modified shadow-
 +
added spampd.conf
 +
added default/spampd
 +
added init.d/spampd
 +
added rc0.d/K20spampd
 +
added rc1.d/K20spampd
 +
added rc2.d/S20spampd
 +
added rc3.d/S20spampd
 +
added rc4.d/S20spampd
 +
added rc5.d/S20spampd
 +
added rc6.d/K20spampd
 +
Committed revision 75.
 +
 
 +
root@charity:~# vim /etc/postfix/spamheadercheck
 +
root@charity:~# cat /etc/postfix/spamheadercheck
 +
/^X-Spam-Status: Yes/ FILTER spamtnsp:local
 +
 
 +
root@charity:~# vim /etc/postfix/spamalias
 +
root@charity:~# cat /etc/postfix/spamalias
 +
jj5: spamd
 +
 
 +
= [[User:John|John]] 2011-08-19 21:41 =
 +
 
 +
== Installing Mailman ==
 +
 
 +
Following [https://help.ubuntu.com/community/Mailman these instructions].
 +
 
 +
jj5@charity:~/bin/pcrepo/hooks$ sudo -s
 +
[sudo] password for jj5:
 +
root@charity:~/bin/pcrepo/hooks# apt-get install mailman
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  pwgen
 +
Suggested packages:
 +
  spamassassin lynx listadmin
 +
The following NEW packages will be installed:
 +
  mailman pwgen
 +
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 9,699kB of archives.
 +
After this operation, 45.0MB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
 
 +
Package configuration
 +
 +
 +
âââââââââââââââââââââââââââ⤠Configuring mailman âââââââââââââââââââââââââââ
 +
â                                                                          â
 +
â For each supported language, Mailman stores default language specific    â
 +
â texts in /etc/mailman/LANG/ giving them conffile like treatment with the  â
 +
â help of ucf.  This means approximately 150kB for each supported language  â
 +
â on the root file system.                                                  â
 +
â                                                                          â
 +
â If you need a different set of languages at a later time, just run        â
 +
â dpkg-reconfigure mailman.                                                â
 +
â                                                                          â
 +
â NOTE: Languages enabled on existing mailing lists are forcibly            â
 +
â re-enabled when deselected and mailman needs at least one language for    â
 +
â displaying its messages.                                                  â
 +
â                                                                          â
 +
â                                  <Ok>                                    â
 +
â                                                                          â
 +
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Package configuration
 +
 +
                  âââââââââ⤠Configuring mailman ââââââââââ
 +
                  â Languages to support:                â
 +
                  â                                      â
 +
                  â    [ ] ar (Arabic)                    â
 +
                  â    [ ] ca (Catalan)                  â
 +
                  â    [ ] cs (Czech)                    â
 +
                  â    [ ] da (Danish)                    â
 +
                  â    [ ] de (German)                    â
 +
                  â    [*] en (English)                  â
 +
                  â    [ ] es (Spanish)                  â
 +
                  â    [ ] et (Estonian)                  â
 +
                  â    [ ] eu (Basque)                    â
 +
                  â    [ ] fi (Finnish)                  â
 +
                  â    [ ] fr (French)                    â
 +
                  â    [ ] hr (Croatian)                  â
 +
                  â                                      â
 +
                  â                                      â
 +
                  â                <Ok>                  â
 +
                  â                                      â
 +
                  âââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Package configuration
 +
 +
 +
 +
  ââââââââââââââââââââââââââ⤠Configuring mailman ââââââââââââââââââââââââââââ
 +
  â                                                                          â
 +
  â Missing site list                                                        â
 +
  â                                                                          â
 +
  â Mailman needs a so-called "site list", which is the list from which      â
 +
  â password reminders and such are sent out from.  This list needs to be    â
 +
  â created before mailman will start.                                      â
 +
  â                                                                          â
 +
  â To create the list, run "newlist mailman" and follow the instructions    â
 +
  â on-screen.  Note that you also need to start mailman after that, using  â
 +
  â /etc/init.d/mailman start.                                              â
 +
  â                                                                          â
 +
  â                                  <Ok>                                    â
 +
  â                                                                          â
 +
  ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main pwgen 2.06-1ubuntu2 [21.7kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main mailman 1:2.1.13-1ubuntu0.2 [9,677kB]
 +
Fetched 9,699kB in 3s (2,449kB/s)
 +
Committing to: /etc/
 +
modified .etckeeper
 +
modified apache2/sites-available/default-ssl
 +
modified courier/imapd-ssl
 +
modified courier/pop3d-ssl
 +
modified postfix/main.cf
 +
Committed revision 69.
 +
Preconfiguring packages ...
 +
Selecting previously deselected package pwgen.
 +
(Reading database ... 21355 files and directories currently installed.)
 +
Unpacking pwgen (from .../pwgen_2.06-1ubuntu2_amd64.deb) ...
 +
Selecting previously deselected package mailman.
 +
Unpacking mailman (from .../mailman_1%3a2.1.13-1ubuntu0.2_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Processing triggers for ureadahead ...
 +
Setting up pwgen (2.06-1ubuntu2) ...
 +
Setting up mailman (1:2.1.13-1ubuntu0.2) ...
 +
Looking for enabled languages (this may take some time) ... done.
 +
Installing site language en ............................................ done.
 +
Configuring mailman for domain progclub.org ...
 +
Upgrading from version 0x0 to 0x2010df0
 +
getting rid of old source files
 +
  * Site list for mailman missing (looking for list named 'mailman').
 +
  * Please create it; until then, mailman will refuse to start.
 +
 +
Committing to: /etc/
 +
modified .etckeeper
 +
added mailman
 +
added cron.d/mailman
 +
added init.d/mailman
 +
added logrotate.d/mailman
 +
added mailman/apache.conf
 +
added mailman/en
 +
added mailman/leftover
 +
added mailman/mm_cfg.py
 +
added mailman/postfix-to-mailman.py
 +
added mailman/qmail-to-mailman.py
 +
added mailman/en/admindbdetails.html
 +
added mailman/en/admindbpreamble.html
 +
added mailman/en/admindbsummary.html
 +
added mailman/en/adminsubscribeack.txt
 +
added mailman/en/adminunsubscribeack.txt
 +
added mailman/en/admlogin.html
 +
added mailman/en/approve.txt
 +
added mailman/en/archidxentry.html
 +
added mailman/en/archidxfoot.html
 +
added mailman/en/archidxhead.html
 +
added mailman/en/archlistend.html
 +
added mailman/en/archliststart.html
 +
added mailman/en/archtoc.html
 +
added mailman/en/archtocentry.html
 +
added mailman/en/archtocnombox.html
 +
added mailman/en/article.html
 +
added mailman/en/bounce.txt
 +
added mailman/en/checkdbs.txt
 +
added mailman/en/convert.txt
 +
added mailman/en/cronpass.txt
 +
added mailman/en/disabled.txt
 +
added mailman/en/emptyarchive.html
 +
added mailman/en/headfoot.html
 +
added mailman/en/help.txt
 +
added mailman/en/invite.txt
 +
added mailman/en/listinfo.html
 +
added mailman/en/masthead.txt
 +
added mailman/en/newlist.txt
 +
added mailman/en/nomoretoday.txt
 +
added mailman/en/options.html
 +
added mailman/en/postack.txt
 +
added mailman/en/postauth.txt
 +
added mailman/en/postheld.txt
 +
added mailman/en/private.html
 +
added mailman/en/probe.txt
 +
added mailman/en/refuse.txt
 +
added mailman/en/roster.html
 +
added mailman/en/subauth.txt
 +
added mailman/en/subscribe.html
 +
added mailman/en/subscribeack.txt
 +
added mailman/en/unsub.txt
 +
added mailman/en/unsubauth.txt
 +
added mailman/en/userpass.txt
 +
added mailman/en/verify.txt
 +
added rc1.d/K20mailman
 +
added rc2.d/S20mailman
 +
added rc3.d/S20mailman
 +
added rc4.d/S20mailman
 +
added rc5.d/S20mailman
 +
Committed revision 70.
 +
 
 +
root@charity:~/bin/pcrepo/hooks# newlist mailman
 +
Enter the email of the person running the list: jj5@progclub.org
 +
Initial mailman password:
 +
To finish creating your mailing list, you must edit your /etc/aliases (or
 +
equivalent) file by adding the following lines, and possibly running the
 +
`newaliases' program:
 +
 +
## mailman mailing list
 +
mailman:              "|/var/lib/mailman/mail/mailman post mailman"
 +
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
 +
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
 +
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
 +
mailman-join:        "|/var/lib/mailman/mail/mailman join mailman"
 +
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
 +
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
 +
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
 +
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
 +
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"
 +
 +
Hit enter to notify mailman owner...
 +
 
 +
= [[User:John|John]] 2011-08-19 18:34 =
 +
 
 +
== Configuring SSL certificate ==
 +
 
 +
In /etc/postfix/main.cf:
 +
 
 +
smtpd_tls_cert_file = /home/apache/certs/progclub.org.crt
 +
smtpd_tls_key_file = /home/apache/certs/progclub.key
 +
 
 +
Had to create .pem file with:
 +
 
 +
# cd /home/apache/certs
 +
# cat progclub.org.crt progclub.key > progclub.org.pem
 +
# chmod o= progclub.org.pem
 +
 
 +
In /etc/courier/imapd-ssl:
 +
 
 +
TLS_CERTFILE=/home/apache/certs/progclub.org.pem
 +
TLS_TRUSTCERTS=/home/apache/certs/gd_bundle.crt
 +
 
 +
In /etc/courier/pop3d-ssl:
 +
 
 +
TLS_CERTFILE=/home/apache/certs/progclub.org.pem
 +
TLS_TRUSTCERTS=/home/apache/certs/gd_bundle.crt
 +
 
 +
Had to restart postfix with:
 +
 
 +
# postfix reload
 +
 
 +
And restart courier with jj5-bin [http://www.progclub.org/pcrepo/jj5-bin/trunk/restart-courier?view=markup restart-courier] script:
 +
 
 +
$ restart-courier
 +
 
 +
= [[User:John|John]] 2011-08-19 01:48 =
 +
 
 +
== Installing PHP mail ==
 +
 
 +
root@charity:~# apt-cache search php mail | less
 +
root@charity:~# apt-get install php-mail
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  php-net-smtp php-net-socket php-pear php5-cli
 +
Suggested packages:
 +
  php5-dev
 +
The following NEW packages will be installed:
 +
  php-mail php-net-smtp php-net-socket php-pear php5-cli
 +
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 3,310kB of archives.
 +
After this operation, 11.0MB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5-cli 5.3.2-1ubuntu4.9 [2,907kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php-pear 5.3.2-1ubuntu4.9 [355kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/universe php-mail 1.1.14-2 [23.2kB]
 +
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/universe php-net-socket 1.0.9-2 [9,098B]
 +
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/universe php-net-smtp 1.3.1-1 [16.0kB]
 +
Fetched 3,310kB in 1s (1,853kB/s)
 +
Committing to: /etc/
 +
modified .etckeeper
 +
added pcrepo-mailer.conf
 +
modified courier/authmysqlrc
 +
modified pam.d/smtp
 +
modified postfix/main.cf
 +
added postfix/sql
 +
modified postfix/sasl/smtpd.conf
 +
added postfix/sasl/smtpd.conf.bak-2011-08-19-0104
 +
added postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
 +
added postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
 +
added postfix/sql/mysql_virtual_alias_domain_maps.cf
 +
added postfix/sql/mysql_virtual_alias_maps.cf
 +
added postfix/sql/mysql_virtual_domains_maps.cf
 +
added postfix/sql/mysql_virtual_mailbox_limit_maps.cf
 +
added postfix/sql/mysql_virtual_mailbox_maps.cf
 +
Committed revision 67.
 +
Selecting previously deselected package php5-cli.
 +
(Reading database ... 21114 files and directories currently installed.)
 +
Unpacking php5-cli (from .../php5-cli_5.3.2-1ubuntu4.9_amd64.deb) ...
 +
Selecting previously deselected package php-pear.
 +
Unpacking php-pear (from .../php-pear_5.3.2-1ubuntu4.9_all.deb) ...
 +
Selecting previously deselected package php-mail.
 +
Unpacking php-mail (from .../php-mail_1.1.14-2_all.deb) ...
 +
Selecting previously deselected package php-net-socket.
 +
Unpacking php-net-socket (from .../php-net-socket_1.0.9-2_all.deb) ...
 +
Selecting previously deselected package php-net-smtp.
 +
Unpacking php-net-smtp (from .../php-net-smtp_1.3.1-1_all.deb) ...
 +
Processing triggers for man-db ...
 +
Setting up php5-cli (5.3.2-1ubuntu4.9) ...
 +
 +
Creating config file /etc/php5/cli/php.ini with new version
 +
update-alternatives: using /usr/bin/php5 to provide /usr/bin/php (php) in auto mode.
 +
 +
Setting up php-pear (5.3.2-1ubuntu4.9) ...
 +
Setting up php-mail (1.1.14-2) ...
 +
Setting up php-net-socket (1.0.9-2) ...
 +
Setting up php-net-smtp (1.3.1-1) ...
 +
Committing to: /etc/
 +
added pear
 +
added alternatives/php
 +
added alternatives/php.1.gz
 +
added pear/pear.conf
 +
added php5/cli
 +
added php5/cli/conf.d
 +
added php5/cli/php.ini
 +
Committed revision 68.
 +
 
 +
= [[User:John|John]] 2011-08-18 19:05 =
 +
 
 +
== Installing postfixadmin ==
 +
 
 +
root@charity:/var/log# apt-get install php5-imap
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  libc-client2007e mlock
 +
Suggested packages:
 +
  uw-mailutils
 +
The following NEW packages will be installed:
 +
    libc-client2007e mlock php5-imap
 +
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 810kB of archives.
 +
After this operation, 1,810kB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe mlock 8:2007e~dfsg-3.1 [34.6kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe libc-client2007e 8:2007e~dfsg-3.1 [734kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/universe php5-imap 5.3.2-0ubuntu2 [41.2kB]
 +
Fetched 810kB in 1s (624kB/s)
 +
Committing to: /etc/
 +
modified iptables.up.rules
 +
modified courier/authdaemonrc
 +
modified courier/authmysqlrc
 +
modified mysql/my.cnf
 +
Committed revision 65.
 +
Selecting previously deselected package mlock.
 +
(Reading database ... 20755 files and directories currently installed.)
 +
Unpacking mlock (from .../mlock_8%3a2007e~dfsg-3.1_amd64.deb) ...
 +
Selecting previously deselected package libc-client2007e.
 +
Unpacking libc-client2007e (from .../libc-client2007e_8%3a2007e~dfsg-3.1_amd64.deb) ...
 +
Selecting previously deselected package php5-imap.
 +
Unpacking php5-imap (from .../php5-imap_5.3.2-0ubuntu2_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Processing triggers for libapache2-mod-php5 ...
 +
  * Reloading web server config apache2                                  [ OK ]
 +
Setting up mlock (8:2007e~dfsg-3.1) ...
 +
Setting up libc-client2007e (8:2007e~dfsg-3.1) ...
 +
 +
Setting up php5-imap (5.3.2-0ubuntu2) ...
 +
Processing triggers for libc-bin ...
 +
ldconfig deferred processing now taking place
 +
Committing to: /etc/
 +
added php5/conf.d/imap.ini
 +
Committed revision 66.
 +
root@charity:/var/log#
 +
 
 +
jj5@charity:~$ mysql -u root -p
 +
Enter password:
 +
Welcome to the MySQL monitor.  Commands end with ; or \g.
 +
Your MySQL connection id is 152
 +
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
 +
 +
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 +
 +
mysql> grant all on pcmaildb.* to pcmail@localhost;
 +
Query OK, 0 rows affected (0.00 sec)
 +
 +
mysql> flush priviliges;
 +
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'priviliges' at line 1
 +
mysql> flush privileges;
 +
Query OK, 0 rows affected (0.00 sec)
 +
 
 +
jj5@charity:~$ release pcmail "Releasing stock Postfix Admin 2.3.3"
 +
Releasing pcmail
 +
Checking availability of release: https://www.progclub.org/svn/pcrepo/pcmail/tags/release/2011/08/18/01
 +
 +
Committed revision 326.
 +
svn: URL 'latest' does not exist
 +
 +
Committed revision 327.
 +
 
 +
= [[User:John|John]] 2011-08-18 16:24 =
 +
 
 +
== Configuring email ==
 +
 
 +
Following [http://articles.slicehost.com/email these instructions].
 +
 
 +
root@charity:~/bin# hostname -f
 +
charity.progclub.org
 +
 
 +
root@charity:~/bin# ifconfig
 +
eth0      Link encap:Ethernet  HWaddr 40:40:b3:fc:05:28
 +
          inet addr:67.207.128.184  Bcast:67.207.128.255  Mask:255.255.255.0
 +
          inet6 addr: fe80::4240:b3ff:fefc:528/64 Scope:Link
 +
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 +
          RX packets:71245 errors:0 dropped:0 overruns:0 frame:0
 +
          TX packets:54383 errors:0 dropped:0 overruns:0 carrier:0
 +
          collisions:0 txqueuelen:1000
 +
          RX bytes:10572039 (10.5 MB)  TX bytes:49196127 (49.1 MB)
 +
          Interrupt:24
 +
 +
eth1      Link encap:Ethernet  HWaddr 40:40:8d:45:53:e9
 +
          inet addr:172.19.1.45  Bcast:172.19.255.255  Mask:255.255.0.0
 +
          inet6 addr: fe80::4240:8dff:fe45:53e9/64 Scope:Link
 +
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 +
          RX packets:1038 errors:0 dropped:0 overruns:0 frame:0
 +
          TX packets:897 errors:0 dropped:0 overruns:0 carrier:0
 +
          collisions:0 txqueuelen:1000
 +
          RX bytes:153708 (153.7 KB)  TX bytes:194246 (194.2 KB)
 +
          Interrupt:25
 +
 +
lo        Link encap:Local Loopback
 +
          inet addr:127.0.0.1  Mask:255.0.0.0
 +
          inet6 addr: ::1/128 Scope:Host
 +
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
 +
          RX packets:3307 errors:0 dropped:0 overruns:0 frame:0
 +
          TX packets:3307 errors:0 dropped:0 overruns:0 carrier:0
 +
          collisions:0 txqueuelen:0
 +
          RX bytes:479108 (479.1 KB)  TX bytes:479108 (479.1 KB)
 +
 
 +
root@charity:~/bin# dig -x 67.207.128.184
 +
 +
; <<>> DiG 9.7.0-P1 <<>> -x 67.207.128.184
 +
;; global options: +cmd
 +
;; Got answer:
 +
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31526
 +
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
 +
 +
;; QUESTION SECTION:
 +
;184.128.207.67.in-addr.arpa.  IN      PTR
 +
 +
;; ANSWER SECTION:
 +
184.128.207.67.in-addr.arpa. 86400 IN  PTR    charity.progclub.org.
 +
 +
;; AUTHORITY SECTION:
 +
128.207.67.in-addr.arpa. 25951  IN      NS      NS2.SLICEHOST.NET.
 +
128.207.67.in-addr.arpa. 25951  IN      NS      NS1.SLICEHOST.NET.
 +
 +
;; ADDITIONAL SECTION:
 +
NS1.SLICEHOST.NET.      1811    IN      A      67.23.4.57
 +
NS2.SLICEHOST.NET.      2443    IN      A      173.45.224.132
 +
 +
;; Query time: 11 msec
 +
;; SERVER: 67.207.128.4#53(67.207.128.4)
 +
;; WHEN: Thu Aug 18 06:39:10 2011
 +
;; MSG SIZE  rcvd: 160
 +
 
 +
root@charity:~/bin# groupadd -g 50000 vmail
 +
 
 +
root@charity:~/bin# useradd -s /usr/sbin/nologin -g vmail -u 50000 vmail -d /home/vmail -m
 +
 
 +
root@charity:~/bin# aptitude install postfix postfix-mysql mysql-server postfix-tls libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl telnet mailx
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
Initializing package states... Done
 +
Writing extended state information... Done
 +
"mailx" is a virtual package provided by:
 +
  mailutils heirloom-mailx bsd-mailx
 +
You must choose one to install.
 +
The following NEW packages will be installed:
 +
  db4.8-util{a} libpam-mysql libpq5{a} libsasl2-modules-sql libsqlite0{a}
 +
  postfix postfix-mysql sasl2-bin telnet
 +
0 packages upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 2,213kB of archives. After unpacking 6,250kB will be used.
 +
Do you want to continue? [Y/n/?]
 +
 
 +
Package configuration
 +
 +
  âââââââââââââââââââââââââ⤠Postfix Configuration âââââââââââââââââââââââââ
 +
  â                                                                        â
 +
  â Please select the mail server configuration type that best meets your  â
 +
  â needs.                                                                  â
 +
  â                                                                        â
 +
  â  No configuration:                                                      â
 +
  â  Should be chosen to leave the current configuration unchanged.        â
 +
  â  Internet site:                                                        â
 +
  â  Mail is sent and received directly using SMTP.                        â
 +
  â  Internet with smarthost:                                              â
 +
  â  Mail is received directly using SMTP or by running a utility such    â
 +
  â  as fetchmail. Outgoing mail is sent using a smarthost.                â
 +
  â  Satellite system:                                                      â
 +
  â  All mail is sent to another machine, called a 'smarthost', for        â
 +
  â delivery.                                                              â
 +
  â  Local only:                                                            â
 +
  â  The only delivered mail is the mail for local users. There is no      â
 +
  â network.                                                                â
 +
  â                                                                        â
 +
  â                                <Ok>                                    â
 +
  â                                                                        â
 +
  âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Package configuration
 +
 +
 +
 +
 +
                    âââââââ⤠Postfix Configuration ââââââââ
 +
                    â General type of mail configuration:  â
 +
                    â                                      â
 +
                    â      No configuration              â
 +
                    â    * Internet Site                  â
 +
                    â      Internet with smarthost        â
 +
                    â      Satellite system              â
 +
                    â      Local only                    â
 +
                    â                                      â
 +
                    â                                      â
 +
                    â      <Ok>          <Cancel>        â
 +
                    â                                      â
 +
                    ââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Package configuration
 +
 +
ââââââââââââââââââââââââââ⤠Postfix Configuration âââââââââââââââââââââââââââ
 +
â The "mail name" is the domain name used to "qualify" _ALL_ mail          â
 +
â addresses without a domain name. This includes mail to and from <root>:  â
 +
â please do not make your machine send out mail from root@example.org      â
 +
â unless root@example.org has told you to.                                  â
 +
â                                                                          â
 +
â This name will also be used by other programs. It should be the single,  â
 +
â fully qualified domain name (FQDN).                                      â
 +
â                                                                          â
 +
â Thus, if a mail address on the local host is foo@example.org, the        â
 +
â correct value for this option would be example.org.                      â
 +
â                                                                          â
 +
â System mail name:                                                        â
 +
â                                                                          â
 +
â progclub.org_____________________________________________________________ â
 +
â                                                                          â
 +
â                    <Ok>                        <Cancel>                  â
 +
â                                                                          â
 +
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Writing extended state information... Done
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main telnet 0.17-36build1 [72.2kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main db4.8-util 4.8.24-1ubuntu1 [136kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libpq5 8.4.8-0ubuntu0.10.04 [92.0kB]
 +
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main libsqlite0 2.8.17-6build2 [193kB]
 +
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main libsasl2-modules-sql 2.1.23.dfsg1-5ubuntu1 [71.5kB]
 +
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main sasl2-bin 2.1.23.dfsg1-5ubuntu1 [166kB]
 +
Get:7 http://archive.ubuntu.com/ubuntu/ lucid/universe libpam-mysql 0.7~RC1-4build1 [34.6kB]
 +
Get:8 http://archive.ubuntu.com/ubuntu/ lucid-updates/main postfix 2.7.0-1ubuntu0.2 [1,404kB]
 +
Get:9 http://archive.ubuntu.com/ubuntu/ lucid-updates/main postfix-mysql 2.7.0-1ubuntu0.2 [44.5kB]
 +
Fetched 2,213kB in 1s (1,297kB/s)
 +
Committing to: /etc/
 +
modified group
 +
modified group-
 +
modified gshadow
 +
modified gshadow-
 +
modified passwd
 +
modified passwd-
 +
modified shadow
 +
modified shadow-
 +
Committed revision 60.
 +
Preconfiguring packages ...
 +
Selecting previously deselected package telnet.
 +
(Reading database ... 19681 files and directories currently installed.)
 +
Unpacking telnet (from .../telnet_0.17-36build1_amd64.deb) ...
 +
Selecting previously deselected package db4.8-util.
 +
Unpacking db4.8-util (from .../db4.8-util_4.8.24-1ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package libpq5.
 +
Unpacking libpq5 (from .../libpq5_8.4.8-0ubuntu0.10.04_amd64.deb) ...
 +
Selecting previously deselected package libsqlite0.
 +
Unpacking libsqlite0 (from .../libsqlite0_2.8.17-6build2_amd64.deb) ...
 +
Selecting previously deselected package libsasl2-modules-sql.
 +
Unpacking libsasl2-modules-sql (from .../libsasl2-modules-sql_2.1.23.dfsg1-5ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package sasl2-bin.
 +
Unpacking sasl2-bin (from .../sasl2-bin_2.1.23.dfsg1-5ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package libpam-mysql.
 +
Unpacking libpam-mysql (from .../libpam-mysql_0.7~RC1-4build1_amd64.deb) ...
 +
Selecting previously deselected package postfix.
 +
Unpacking postfix (from .../postfix_2.7.0-1ubuntu0.2_amd64.deb) ...
 +
Selecting previously deselected package postfix-mysql.
 +
Unpacking postfix-mysql (from .../postfix-mysql_2.7.0-1ubuntu0.2_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Processing triggers for ureadahead ...
 +
Setting up telnet (0.17-36build1) ...
 +
update-alternatives: using /usr/bin/telnet.netkit to provide /usr/bin/telnet (telnet) in auto mode.
 +
 +
Setting up db4.8-util (4.8.24-1ubuntu1) ...
 +
Setting up libpq5 (8.4.8-0ubuntu0.10.04) ...
 +
 +
Setting up libsqlite0 (2.8.17-6build2) ...
 +
 +
Setting up libsasl2-modules-sql (2.1.23.dfsg1-5ubuntu1) ...
 +
Setting up sasl2-bin (2.1.23.dfsg1-5ubuntu1) ...
 +
update-rc.d: warning: saslauthd stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (1)
 +
  * To enable saslauthd, edit /etc/default/saslauthd and set START=yes
 +
 +
Setting up libpam-mysql (0.7~RC1-4build1) ...
 +
 +
Setting up postfix (2.7.0-1ubuntu0.2) ...
 +
Adding group `postfix' (GID 109) ...
 +
Done.
 +
Adding system user `postfix' (UID 107) ...
 +
Adding new user `postfix' (UID 107) with group `postfix' ...
 +
Not creating home directory `/var/spool/postfix'.
 +
Creating /etc/postfix/dynamicmaps.cf
 +
Adding tcp map entry to /etc/postfix/dynamicmaps.cf
 +
Adding group `postdrop' (GID 110) ...
 +
Done.
 +
setting myhostname: charity.progclub.org
 +
setting alias maps
 +
setting alias database
 +
changing /etc/mailname to progclub.org
 +
setting myorigin
 +
setting destinations: progclub.org, charity.progclub.org, localhost.progclub.org, localhost
 +
setting relayhost:
 +
setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 +
setting mailbox_size_limit: 0
 +
setting recipient_delimiter: +
 +
setting inet_interfaces: all
 +
/etc/aliases does not exist, creating it.
 +
WARNING: /etc/aliases exists, but does not have a root alias.
 +
 +
Postfix is now set up with a default configuration.  If you need to make
 +
changes, edit
 +
/etc/postfix/main.cf (and others) as needed.  To view Postfix configuration
 +
values, see postconf(1).
 +
 +
After modifying main.cf, be sure to run '/etc/init.d/postfix reload'.
 +
 +
Running newaliases
 +
  * Stopping Postfix Mail Transport Agent postfix                        [ OK ]
 +
  * Starting Postfix Mail Transport Agent postfix                        [ OK ]
 +
 +
Setting up postfix-mysql (2.7.0-1ubuntu0.2) ...
 +
Adding mysql map entry to /etc/postfix/dynamicmaps.cf
 +
 +
Processing triggers for libc-bin ...
 +
ldconfig deferred processing now taking place
 +
Committing to: /etc/
 +
modified .etckeeper
 +
added aliases
 +
added aliases.db
 +
modified group
 +
modified group-
 +
modified gshadow
 +
modified gshadow-
 +
added mailname
 +
added pam-mysql.conf
 +
modified passwd
 +
modified passwd-
 +
added postfix
 +
added ppp
 +
added resolvconf
 +
added sasldb2
 +
modified shadow
 +
modified shadow-
 +
added alternatives/telnet
 +
added alternatives/telnet.1.gz
 +
added default/saslauthd
 +
added init.d/postfix
 +
added init.d/saslauthd
 +
added network/if-down.d/postfix
 +
added network/if-up.d/postfix
 +
added postfix/dynamicmaps.cf
 +
added postfix/main.cf
 +
added postfix/master.cf
 +
added postfix/post-install
 +
added postfix/postfix-files
 +
added postfix/postfix-script
 +
added postfix/sasl
 +
added ppp/ip-down.d
 +
added ppp/ip-up.d
 +
added ppp/ip-down.d/postfix
 +
added ppp/ip-up.d/postfix
 +
added rc0.d/K20postfix
 +
added rc0.d/K20saslauthd
 +
added rc1.d/K20postfix
 +
added rc1.d/K20saslauthd
 +
added rc2.d/S20postfix
 +
added rc2.d/S20saslauthd
 +
added rc3.d/S20postfix
 +
added rc3.d/S20saslauthd
 +
added rc4.d/S20postfix
 +
added rc4.d/S20saslauthd
 +
added rc5.d/S20postfix
 +
added rc5.d/S20saslauthd
 +
added rc6.d/K20postfix
 +
added rc6.d/K20saslauthd
 +
added resolvconf/update-libc.d
 +
added resolvconf/update-libc.d/postfix
 +
added rsyslog.d/postfix.conf
 +
added ufw/applications.d/postfix
 +
Committed revision 61.
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
Reading extended state information
 +
Initializing package states... Done
 +
Writing extended state information... Done
 +
 
 +
root@charity:~/bin# mail jj5@jj5.net
 +
bash: mail: command not found
 +
 
 +
root@charity:~/bin# apt-get install mail
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
E: Couldn't find package mail
 +
 
 +
root@charity:~/bin# apt-get install mailutils
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  guile-1.8-libs libgsasl7 libmailutils2 libntlm0
 +
Suggested packages:
 +
  mailutils-mh
 +
The following NEW packages will be installed:
 +
  guile-1.8-libs libgsasl7 libmailutils2 libntlm0 mailutils
 +
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 2,480kB of archives.
 +
After this operation, 7,983kB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main guile-1.8-libs 1.8.7+1-3ubuntu1 [752kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe libntlm0 1.1-1 [19.6kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/universe libgsasl7 1.4.4-1ubuntu1 [191kB]
 +
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/universe libmailutils2 1:2.1+dfsg1-4ubuntu1 [1,089kB]
 +
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/universe mailutils 1:2.1+dfsg1-4ubuntu1 [427kB]
 +
Fetched 2,480kB in 1s (1,621kB/s)
 +
Selecting previously deselected package guile-1.8-libs.
 +
(Reading database ... 19967 files and directories currently installed.)
 +
Unpacking guile-1.8-libs (from .../guile-1.8-libs_1.8.7+1-3ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package libntlm0.
 +
Unpacking libntlm0 (from .../libntlm0_1.1-1_amd64.deb) ...
 +
Selecting previously deselected package libgsasl7.
 +
Unpacking libgsasl7 (from .../libgsasl7_1.4.4-1ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package libmailutils2.
 +
Unpacking libmailutils2 (from .../libmailutils2_1%3a2.1+dfsg1-4ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package mailutils.
 +
Unpacking mailutils (from .../mailutils_1%3a2.1+dfsg1-4ubuntu1_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Setting up guile-1.8-libs (1.8.7+1-3ubuntu1) ...
 +
 +
Setting up libntlm0 (1.1-1) ...
 +
 +
Setting up libgsasl7 (1.4.4-1ubuntu1) ...
 +
 +
Setting up libmailutils2 (1:2.1+dfsg1-4ubuntu1) ...
 +
 +
Setting up mailutils (1:2.1+dfsg1-4ubuntu1) ...
 +
update-alternatives: using /usr/bin/frm.mailutils to provide /usr/bin/frm (frm) in auto mode.
 +
update-alternatives: using /usr/bin/from.mailutils to provide /usr/bin/from (from) in auto mode.
 +
update-alternatives: warning: not replacing /usr/bin/from with a link.
 +
update-alternatives: warning: not replacing /usr/share/man/man1/from.1.gz with a link.
 +
update-alternatives: using /usr/bin/messages.mailutils to provide /usr/bin/messages (messages) in auto mode.
 +
update-alternatives: using /usr/bin/movemail.mailutils to provide /usr/bin/movemail (movemail) in auto mode.
 +
update-alternatives: using /usr/bin/readmsg.mailutils to provide /usr/bin/readmsg (readmsg) in auto mode.
 +
update-alternatives: using /usr/bin/dotlock.mailutils to provide /usr/bin/dotlock (dotlock) in auto mode.
 +
update-alternatives: using /usr/bin/mail to provide /usr/bin/mailx (mailx) in auto mode.
 +
 +
Processing triggers for libc-bin ...
 +
ldconfig deferred processing now taking place
 +
Committing to: /etc/
 +
added alternatives/dotlock
 +
added alternatives/dotlock.1.gz
 +
added alternatives/frm
 +
added alternatives/frm.1.gz
 +
added alternatives/from
 +
added alternatives/from.1.gz
 +
added alternatives/mailx
 +
added alternatives/mailx.1.gz
 +
added alternatives/messages
 +
added alternatives/messages.1.gz
 +
added alternatives/movemail
 +
added alternatives/movemail.1.gz
 +
added alternatives/readmsg
 +
added alternatives/readmsg.1.gz
 +
Committed revision 62.
 +
 
 +
root@charity:~/bin# mail jj5@jj5.net
 +
Cc:
 +
Subject: test
 +
just testing
 +
 +
 +
.
 +
.
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
.
 +
 +
 +
 +
 
 +
Note: needed to press Ctrl+D to finish the email and send.
 +
 
 +
root@charity:~/bin# mysqladmin -u root -p create pcmaildb
 +
Enter password:
 +
 
 +
Decided to call the mail user pcmail.
 +
 
 +
root@charity:~/bin# deluser vmail
 +
Removing user `vmail' ...
 +
Warning: group `vmail' has no more members.
 +
Done.
 +
 
 +
root@charity:~/bin# delgroup vmail
 +
The group `vmail' does not exist.
 +
 
 +
root@charity:~/bin# rm -rf /home/vmail
 +
 
 +
root@charity:~/bin# groupadd -g 50000 pcmail
 +
 
 +
root@charity:~/bin# useradd -s /usr/sbin/nologin -g pcmail -u 50000 pcmail -d /home/pcmail -m
 +
 
 +
root@charity:~/bin# mysql -u root -p
 +
Enter password:
 +
Welcome to the MySQL monitor.  Commands end with ; or \g.
 +
Your MySQL connection id is 3492
 +
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
 +
 +
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 +
 +
mysql> create user 'pcmail'@'localhost' identified by 'secret';
 +
Query OK, 0 rows affected (0.15 sec)
 +
 +
mysql> FLUSH PRIVILEGES;
 +
Query OK, 0 rows affected (0.11 sec)
 +
 +
mysql> grant select, insert, update, delete on `pcmaildb`.* to 'pcmail'@'localhost';
 +
Query OK, 0 rows affected (0.00 sec)
 +
 +
mysql> FLUSH PRIVILEGES;
 +
Query OK, 0 rows affected (0.00 sec)
 +
 +
mysql> use pcmaildb
 +
Database changed
 +
mysql> CREATE TABLE domains (
 +
    -> domain varchar(50) NOT NULL,
 +
    -> PRIMARY KEY (domain)
 +
    -> )
 +
    -> TYPE=MyISAM;
 +
Query OK, 0 rows affected, 1 warning (0.06 sec)
 +
 +
mysql> CREATE TABLE users (
 +
    -> email varchar(80) NOT NULL,
 +
    -> password varchar(20) NOT NULL,
 +
    -> PRIMARY KEY (email)
 +
    -> )
 +
    -> TYPE=MyISAM;
 +
Query OK, 0 rows affected, 1 warning (0.01 sec)
 +
 +
mysql> CREATE TABLE forwards (
 +
    -> source varchar(80) NOT NULL,
 +
    -> destination TEXT NOT NULL,
 +
    -> PRIMARY KEY (source)
 +
    -> )
 +
    -> TYPE=MyISAM;
 +
Query OK, 0 rows affected, 1 warning (0.01 sec)
 +
 +
mysql> quit;
 +
Bye
 +
 
 +
root@charity:~/bin# vim /etc/postfix/mysql-domains.cf
 +
root@charity:~/bin# cat /etc/postfix/mysql-domains.cf
 +
user = pcmail
 +
password = secret
 +
dbname = pcmaildb
 +
query = SELECT domain AS virtual FROM domains WHERE domain='%s'
 +
hosts = 127.0.0.1
 +
 
 +
root@charity:~/bin# vim /etc/postfix/mysql-forwards.cf
 +
root@charity:~/bin# cat /etc/postfix/mysql-forwards.cf
 +
user = pcmail
 +
password = secret
 +
dbname = pcmaildb
 +
query = SELECT destination FROM forwards WHERE source='%s'
 +
hosts = 127.0.0.1
 +
 
 +
root@charity:~/bin# vim /etc/postfix/mysql-mailboxes.cf
 +
root@charity:~/bin# cat /etc/postfix/mysql-mailboxes.cf
 +
user = pcmail
 +
password = secret
 +
dbname = pcmaildb
 +
query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'
 +
hosts = 127.0.0.1
 +
 
 +
root@charity:~/bin# vim /etc/postfix/mysql-email.cf
 +
root@charity:~/bin# cat /etc/postfix/mysql-email.cf
 +
user = pcmail
 +
password = secret
 +
dbname = pcmaildb
 +
query = SELECT email FROM users WHERE email='%s'
 +
hosts = 127.0.0.1
 +
 
 +
root@charity:~/bin# chmod o= /etc/postfix/mysql-*
 +
 
 +
root@charity:~/bin# chgrp postfix /etc/postfix/mysql-*
 +
 
 +
root@charity:~/bin# vim /etc/postfix/main.cf
 +
root@charity:~/bin# cat /etc/postfix/main.cf
 +
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
 +
 +
 +
# Debian specific:  Specifying a file name will cause the first
 +
# line of that file to be used as the name.  The Debian default
 +
# is /etc/mailname.
 +
#myorigin = /etc/mailname
 +
 +
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
 +
biff = no
 +
 +
# appending .domain is the MUA's job.
 +
append_dot_mydomain = no
 +
 +
# Uncomment the next line to generate "delayed mail" warnings
 +
#delay_warning_time = 4h
 +
 +
readme_directory = no
 +
 +
# TLS parameters
 +
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 +
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 +
smtpd_use_tls=yes
 +
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 +
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 +
 +
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 +
# information on enabling SSL in the smtp client.
 +
 +
myhostname = charity.progclub.org
 +
alias_maps = hash:/etc/aliases
 +
alias_database = hash:/etc/aliases
 +
myorigin = /etc/mailname
 +
#mydestination = progclub.org, charity.progclub.org, localhost.progclub.org, localhost
 +
mydestination =
 +
relayhost =
 +
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 +
mailbox_size_limit = 0
 +
recipient_delimiter = +
 +
inet_interfaces = all
 +
 +
virtual_alias_domains =
 +
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-forwards.cf, mysql:/etc/postfix/mysql-email.cf
 +
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-domains.cf
 +
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-mailboxes.cf
 +
virtual_mailbox_base = /home/pcmail
 +
virtual_uid_maps = static:50000
 +
virtual_gid_maps = static:50000
 +
 +
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
 +
 
 +
root@charity:~/bin# vim /etc/default/saslauthd
 +
root@charity:~/bin# cat /etc/default/saslauthd
 +
#
 +
# Settings for saslauthd daemon
 +
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
 +
#
 +
 +
# Should saslauthd run automatically on startup? (default: no)
 +
START=yes
 +
 +
# Description of this saslauthd instance. Recommended.
 +
# (suggestion: SASL Authentication Daemon)
 +
DESC="SASL Authentication Daemon"
 +
 +
# Short name of this saslauthd instance. Strongly recommended.
 +
# (suggestion: saslauthd)
 +
NAME="saslauthd"
 +
 +
# Which authentication mechanisms should saslauthd use? (default: pam)
 +
#
 +
# Available options in this Debian package:
 +
# getpwent  -- use the getpwent() library function
 +
# kerberos5 -- use Kerberos 5
 +
# pam      -- use PAM
 +
# rimap    -- use a remote IMAP server
 +
# shadow    -- use the local shadow password file
 +
# sasldb    -- use the local sasldb database file
 +
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
 +
#
 +
# Only one option may be used at a time. See the saslauthd man page
 +
# for more information.
 +
#
 +
# Example: MECHANISMS="pam"
 +
MECHANISMS="pam"
 +
 +
# Additional options for this mechanism. (default: none)
 +
# See the saslauthd man page for information about mech-specific options.
 +
MECH_OPTIONS=""
 +
 +
# How many saslauthd processes should we run? (default: 5)
 +
# A value of 0 will fork a new process for each connection.
 +
THREADS=5
 +
 +
# Other options (default: -c -m /var/run/saslauthd)
 +
# Note: You MUST specify the -m option or saslauthd won't run!
 +
#
 +
# WARNING: DO NOT SPECIFY THE -d OPTION.
 +
# The -d option will cause saslauthd to run in the foreground instead of as
 +
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
 +
# to run saslauthd in debug mode, please run it by hand to be safe.
 +
#
 +
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
 +
# See the saslauthd man page and the output of 'saslauthd -h' for general
 +
# information about these options.
 +
#
 +
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
 +
#OPTIONS="-c -m /var/run/saslauthd"
 +
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
 +
 
 +
root@charity:~/bin# mkdir -p /var/spool/postfix/var/run/saslauthd
 +
 
 +
root@charity:~/bin# vim /etc/pam.d/smtp
 +
root@charity:~/bin# cat /etc/pam.d/smtp
 +
auth    required  pam_mysql.so user=pcmail passwd=secret host=127.0.0.1 db=pcmaildb table=users usercolumn=email passwdcolumn=password crypt=1
 +
account sufficient pam_mysql.so user=pcmail passwd=secret host=127.0.0.1 db=pcmaildb table=users usercolumn=email passwdcolumn=password crypt=1
 +
 
 +
root@charity:~/bin# vim /etc/postfix/sasl/smtpd.conf
 +
root@charity:~/bin# cat /etc/postfix/sasl/smtpd.conf
 +
pwcheck_method: saslauthd
 +
mech_list: plain login
 +
allow_plaintext: true
 +
auxprop_plugin: mysql
 +
sql_hostnames: 127.0.0.1
 +
sql_user: pcmail
 +
sql_passwd: secret
 +
sql_database: pcmaildb
 +
sql_select: select password from users where email = '%u'
 +
 
 +
root@charity:~/bin# adduser postfix sasl
 +
Adding user `postfix' to group `sasl' ...
 +
Adding user postfix to group sasl
 +
Done.
 +
 
 +
root@charity:~/bin# /etc/init.d/postfix restart
 +
  * Stopping Postfix Mail Transport Agent postfix                        [ OK ]
 +
  * Starting Postfix Mail Transport Agent postfix                        [ OK ]
 +
 
 +
root@charity:~/bin# /etc/init.d/saslauthd restart
 +
  * Stopping SASL Authentication Daemon saslauthd                        [ OK ]
 +
  * Starting SASL Authentication Daemon saslauthd                        [ OK ]
 +
 
 +
root@charity:~/bin# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/certs/mailcert.pem
 +
 
 +
Package configuration
 +
 +
 +
 +
 +
 +
  âââââââââââââââââââââ⤠Configure an SSL Certificate. ââââââââââââââââââââââ
 +
  â Please enter the host name to use in the SSL certificate.                â
 +
  â                                                                          â
 +
  â It will become the 'commonName' field of the generated SSL certificate.  â
 +
  â                                                                          â
 +
  â Host name:                                                              â
 +
  â                                                                          â
 +
  â charity.progclub.org____________________________________________________ â
 +
  â                                                                          â
 +
  â                  <Ok>                      <Cancel>                    â
 +
  â                                                                          â
 +
  ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
root@charity:~/bin# vim /etc/postfix/main.cf
 +
root@charity:~/bin# cat /etc/postfix/main.cf
 +
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
 +
 +
 +
# Debian specific:  Specifying a file name will cause the first
 +
# line of that file to be used as the name.  The Debian default
 +
# is /etc/mailname.
 +
#myorigin = /etc/mailname
 +
 +
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
 +
biff = no
 +
 +
# appending .domain is the MUA's job.
 +
append_dot_mydomain = no
 +
 +
# Uncomment the next line to generate "delayed mail" warnings
 +
#delay_warning_time = 4h
 +
 +
readme_directory = no
 +
 +
# TLS parameters
 +
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 +
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 +
#smtpd_use_tls=yes
 +
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 +
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 +
smtpd_sasl_auth_enable = yes
 +
broken_sasl_auth_clients = yes
 +
smtpd_sasl_authenticated_header = yes
 +
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
 +
smtpd_use_tls = yes
 +
smtpd_tls_cert_file = /etc/ssl/certs/mailcert.pem
 +
smtpd_tls_key_file = $smtpd_tls_cert_file
 +
 +
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 +
# information on enabling SSL in the smtp client.
 +
 +
myhostname = charity.progclub.org
 +
alias_maps = hash:/etc/aliases
 +
alias_database = hash:/etc/aliases
 +
myorigin = /etc/mailname
 +
#mydestination = progclub.org, charity.progclub.org, localhost.progclub.org, localhost
 +
mydestination =
 +
relayhost =
 +
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 +
mailbox_size_limit = 0
 +
recipient_delimiter = +
 +
inet_interfaces = all
 +
 +
virtual_alias_domains =
 +
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-forwards.cf, mysql:/etc/postfix/mysql-email.cf
 +
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-domains.cf
 +
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-mailboxes.cf
 +
virtual_mailbox_base = /home/pcmail
 +
virtual_uid_maps = static:50000
 +
virtual_gid_maps = static:50000
 +
 +
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
 +
 
 +
root@charity:~/bin# aptitude install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
Reading extended state information
 +
Initializing package states... Done
 +
Writing extended state information... Done
 +
The following NEW packages will be installed:
 +
  courier-authdaemon courier-authlib{a} courier-authlib-mysql
 +
  courier-authlib-userdb{a} courier-base{a} courier-imap courier-imap-ssl
 +
  courier-pop courier-pop-ssl courier-ssl{a} expect{a} gamin{a}
 +
  libgamin0{a} tcl8.5{a}
 +
0 packages upgraded, 14 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 3,150kB of archives. After unpacking 9,093kB will be used.
 +
Do you want to continue? [Y/n/?]
 +
 
 +
Package configuration
 +
 +
 +
 +
ââââââââââââââââââââââââ⤠Configuring courier-base âââââââââââââââââââââââââ
 +
â                                                                          â
 +
â Courier uses several configuration files in /etc/courier. Some of these  â
 +
â files can be replaced by a subdirectory whose contents are concatenated  â
 +
â and treated as a single, consolidated, configuration file.                â
 +
â                                                                          â
 +
â The web-based administration provided by the courier-webadmin package    â
 +
â relies on configuration directories instead of configuration files. If    â
 +
â you agree, any directories needed for the web-based administration tool  â
 +
â will be created unless there is already a plain file in place.            â
 +
â                                                                          â
 +
â Create directories for web-based administration?                          â
 +
â                                                                          â
 +
â                    <Yes>                    * <No>                      â
 +
â                                                                          â
 +
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Package configuration
 +
 +
 +
 +
âââââââââââââââââââââââââ⤠Configuring courier-ssl ââââââââââââââââââââââââââ
 +
â                                                                          â
 +
â SSL certificate required                                                  â
 +
â                                                                          â
 +
â POP and IMAP over SSL requires a valid, signed, X.509 certificate.        â
 +
â During the installation of courier-pop-ssl or courier-imap-ssl, a        â
 +
â self-signed X.509 certificate will be generated if necessary.            â
 +
â                                                                          â
 +
â For production use, the X.509 certificate must be signed by a recognized  â
 +
â certificate authority, in order for mail clients to accept the            â
 +
â certificate. The default location for this certificate is                â
 +
â /etc/courier/pop3d.pem or /etc/courier/imapd.pem.                        â
 +
â                                                                          â
 +
â                                  <Ok>                                    â
 +
â                                                                          â
 +
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 +
...
 +
 
 +
modified passwd-
 +
modified shadow
 +
modified shadow-
 +
modified default/saslauthd
 +
added pam.d/smtp
 +
modified postfix/main.cf
 +
added postfix/mysql-domains.cf
 +
added postfix/mysql-email.cf
 +
added postfix/mysql-forwards.cf
 +
added postfix/mysql-mailboxes.cf
 +
added postfix/sasl/smtpd.conf
 +
added ssl/certs/ef2ba030
 +
added ssl/certs/f1b0694b
 +
added ssl/certs/mailcert.pem
 +
Committed revision 63.
 +
Preconfiguring packages ...
 +
Selecting previously deselected package tcl8.5.
 +
(Reading database ... 20285 files and directories currently installed.)
 +
Unpacking tcl8.5 (from .../tcl8.5_8.5.8-2_amd64.deb) ...
 +
Selecting previously deselected package expect.
 +
Unpacking expect (from .../expect_5.44.1.14-5_amd64.deb) ...
 +
Selecting previously deselected package courier-authlib.
 +
Unpacking courier-authlib (from .../courier-authlib_0.62.4-1_amd64.deb) ...
 +
Selecting previously deselected package courier-authdaemon.
 +
Unpacking courier-authdaemon (from .../courier-authdaemon_0.62.4-1_amd64.deb) ...
 +
Selecting previously deselected package courier-authlib-mysql.
 +
Unpacking courier-authlib-mysql (from .../courier-authlib-mysql_0.62.4-1_amd64.deb) ...
 +
Selecting previously deselected package courier-authlib-userdb.
 +
Unpacking courier-authlib-userdb (from .../courier-authlib-userdb_0.62.4-1_amd64.deb) ...
 +
Selecting previously deselected package gamin.
 +
Unpacking gamin (from .../gamin_0.1.10-1ubuntu3_amd64.deb) ...
 +
Selecting previously deselected package libgamin0.
 +
Unpacking libgamin0 (from .../libgamin0_0.1.10-1ubuntu3_amd64.deb) ...
 +
Selecting previously deselected package courier-base.
 +
Unpacking courier-base (from .../courier-base_0.63.0-2.1ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package courier-pop.
 +
Unpacking courier-pop (from .../courier-pop_0.63.0-2.1ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package courier-ssl.
 +
Unpacking courier-ssl (from .../courier-ssl_0.63.0-2.1ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package courier-pop-ssl.
 +
Unpacking courier-pop-ssl (from .../courier-pop-ssl_0.63.0-2.1ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package courier-imap.
 +
Unpacking courier-imap (from .../courier-imap_4.6.0-2.1ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package courier-imap-ssl.
 +
Unpacking courier-imap-ssl (from .../courier-imap-ssl_4.6.0-2.1ubuntu1_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Processing triggers for ureadahead ...
 +
Setting up tcl8.5 (8.5.8-2) ...
 +
update-alternatives: using /usr/bin/tclsh8.5 to provide /usr/bin/tclsh (tclsh) in auto mode.
 +
 +
Setting up expect (5.44.1.14-5) ...
 +
 +
Setting up courier-authlib (0.62.4-1) ...
 +
Setting up courier-authdaemon (0.62.4-1) ...
 +
  * Starting Courier authentication services authdaemond                  [ OK ]
 +
 +
Setting up courier-authlib-mysql (0.62.4-1) ...
 +
 +
Setting up courier-authlib-userdb (0.62.4-1) ...
 +
Setting up gamin (0.1.10-1ubuntu3) ...
 +
Setting up libgamin0 (0.1.10-1ubuntu3) ...
 +
 +
Setting up courier-base (0.63.0-2.1ubuntu1) ...
 +
update-alternatives: using /usr/bin/deliverquota.courier to provide /usr/bin/deliverquota (deliverquota) in auto mode.
 +
update-alternatives: using /usr/share/man/man5/maildir.courier.5.gz to provide /usr/share/man/man5/maildir.5.gz (maildir.5.gz) in auto mode.
 +
update-alternatives: using /usr/bin/maildirmake.courier to provide /usr/bin/maildirmake (maildirmake) in auto mode.
 +
update-alternatives: using /usr/share/man/man7/maildirquota.courier.7.gz to provide /usr/share/man/man7/maildirquota.7.gz (maildirquota.7.gz) in auto mode.
 +
update-alternatives: using /usr/bin/makedat.courier to provide /usr/bin/makedat (makedat) in auto mode.
 +
 +
Setting up courier-pop (0.63.0-2.1ubuntu1) ...
 +
  * Starting Courier POP3 server...                                      [ OK ]
 +
 +
Setting up courier-ssl (0.63.0-2.1ubuntu1) ...
 +
 +
Setting up courier-pop-ssl (0.63.0-2.1ubuntu1) ...
 +
cp: not writing through dangling symlink `/usr/lib/courier/pop3d.pem'
 +
chmod: cannot operate on dangling symlink `/usr/lib/courier/pop3d.pem'
 +
chown: cannot dereference `/usr/lib/courier/pop3d.pem': No such file or directory
 +
Generating a 1024 bit RSA private key
 +
..................++++++
 +
..++++++
 +
writing new private key to '/usr/lib/courier/pop3d.pem'
 +
-----
 +
1024 semi-random bytes loaded
 +
Generating DH parameters, 512 bit long safe prime, generator 2
 +
This is going to take a long time
 +
...
 +
subject= /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated POP3 SSL  key/CN=localhost/emailAddress=postmaster@example.com
 +
notBefore=Aug 18 07:52:20 2011 GMT
 +
notAfter=Aug 17 07:52:20 2012 GMT
 +
SHA1 Fingerprint=58:34:37:7E:FA:90:CF:48:17:38:4F:58:B5:CA:18:68:1C:77:78:A3
 +
  * Starting Courier POP3-SSL server...                                  [ OK ]
 +
 +
Setting up courier-imap (4.6.0-2.1ubuntu1) ...
 +
  * Starting Courier IMAP server...                                      [ OK ]
 +
 +
Setting up courier-imap-ssl (4.6.0-2.1ubuntu1) ...
 +
cp: not writing through dangling symlink `/usr/lib/courier/imapd.pem'
 +
chmod: cannot operate on dangling symlink `/usr/lib/courier/imapd.pem'
 +
chown: cannot dereference `/usr/lib/courier/imapd.pem': No such file or directory
 +
Generating a 1024 bit RSA private key
 +
...
 +
writing new private key to '/usr/lib/courier/imapd.pem'
 +
-----
 +
1024 semi-random bytes loaded
 +
Generating DH parameters, 512 bit long safe prime, generator 2
 +
This is going to take a long time
 +
...
 +
subject= /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated IMAP SSL  key/CN=localhost/emailAddress=postmaster@example.com
 +
notBefore=Aug 18 07:52:22 2011 GMT
 +
notAfter=Aug 17 07:52:22 2012 GMT
 +
SHA1 Fingerprint=B6:BE:6F:60:FE:40:EC:88:7A:C8:6E:92:F9:EE:E8:5C:42:72:CA:03
 +
  * Starting Courier IMAP-SSL server...                                  [ OK ]
 +
 +
Processing triggers for libc-bin ...
 +
ldconfig deferred processing now taking place
 +
Committing to: /etc/
 +
modified .etckeeper
 +
added courier
 +
added gamin
 +
added alternatives/deliverquota
 +
added alternatives/deliverquota.8.gz
 +
added alternatives/maildir.5.gz
 +
added alternatives/maildirmake
 +
added alternatives/maildirmake.1.gz
 +
added alternatives/maildirquota.7.gz
 +
added alternatives/makedat
 +
added alternatives/makedat.1.gz
 +
added alternatives/tclsh
 +
added alternatives/tclsh.1
 +
added courier/authdaemonrc
 +
added courier/authmysqlrc
 +
added courier/imapd
 +
added courier/imapd-ssl
 +
added courier/imapd.cnf
 +
added courier/imapd.pem
 +
added courier/pop3d
 +
added courier/pop3d-ssl
 +
added courier/pop3d.cnf
 +
added courier/pop3d.pem
 +
added courier/shared
 +
added courier/shared/index
 +
added gamin/gaminrc
 +
added init.d/courier-authdaemon
 +
added init.d/courier-imap
 +
added init.d/courier-imap-ssl
 +
added init.d/courier-pop
 +
added init.d/courier-pop-ssl
 +
added logcheck/violations.ignore.d
 +
added logcheck/ignore.d.server/courier-imap
 +
added logcheck/ignore.d.server/courier-imap-ssl
 +
added logcheck/ignore.d.server/courier-pop
 +
added logcheck/ignore.d.server/courier-pop-ssl
 +
added logcheck/violations.ignore.d/courier-imap
 +
added logcheck/violations.ignore.d/courier-imap-ssl
 +
added logcheck/violations.ignore.d/courier-pop
 +
added logcheck/violations.ignore.d/courier-pop-ssl
 +
added pam.d/imap
 +
added pam.d/pop3
 +
added rc0.d/K20courier-authdaemon
 +
added rc0.d/K20courier-imap
 +
added rc0.d/K20courier-imap-ssl
 +
added rc0.d/K20courier-pop
 +
added rc0.d/K20courier-pop-ssl
 +
added rc1.d/K20courier-authdaemon
 +
added rc1.d/K20courier-imap
 +
added rc1.d/K20courier-imap-ssl
 +
added rc1.d/K20courier-pop
 +
added rc1.d/K20courier-pop-ssl
 +
added rc2.d/S20courier-authdaemon
 +
added rc2.d/S20courier-imap
 +
added rc2.d/S20courier-imap-ssl
 +
added rc2.d/S20courier-pop
 +
added rc2.d/S20courier-pop-ssl
 +
added rc3.d/S20courier-authdaemon
 +
added rc3.d/S20courier-imap
 +
added rc3.d/S20courier-imap-ssl
 +
added rc3.d/S20courier-pop
 +
added rc3.d/S20courier-pop-ssl
 +
added rc4.d/S20courier-authdaemon
 +
added rc4.d/S20courier-imap
 +
added rc4.d/S20courier-imap-ssl
 +
added rc4.d/S20courier-pop
 +
added rc4.d/S20courier-pop-ssl
 +
added rc5.d/S20courier-authdaemon
 +
added rc5.d/S20courier-imap
 +
added rc5.d/S20courier-imap-ssl
 +
added rc5.d/S20courier-pop
 +
added rc5.d/S20courier-pop-ssl
 +
added rc6.d/K20courier-authdaemon
 +
added rc6.d/K20courier-imap
 +
added rc6.d/K20courier-imap-ssl
 +
added rc6.d/K20courier-pop
 +
added rc6.d/K20courier-pop-ssl
 +
Committed revision 64.
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
Reading extended state information
 +
Initializing package states... Done
 +
Writing extended state information... Done
 +
 
 +
root@charity:~/bin# vim /etc/courier/authdaemonrc
 +
root@charity:~/bin# cat /etc/courier/authdaemonrc
 +
##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $
 +
#
 +
# Copyright 2000-2005 Double Precision, Inc.  See COPYING for
 +
# distribution information.
 +
#
 +
# authdaemonrc created from authdaemonrc.dist by sysconftool
 +
#
 +
# Do not alter lines that begin with ##, they are used when upgrading
 +
# this configuration.
 +
#
 +
# This file configures authdaemond, the resident authentication daemon.
 +
#
 +
# Comments in this file are ignored.  Although this file is intended to
 +
# be sourced as a shell script, authdaemond parses it manually, so
 +
# the acceptable syntax is a bit limited.  Multiline variable contents,
 +
# with the \ continuation character, are not allowed.  Everything must
 +
# fit on one line.  Do not use any additional whitespace for indentation,
 +
# or anything else.
 +
 +
##NAME: authmodulelist:2
 +
#
 +
# The authentication modules that are linked into authdaemond.  The
 +
# default list is installed.  You may selectively disable modules simply
 +
# by removing them from the following list.  The available modules you
 +
# can use are: authuserdb authpam authpgsql authldap authmysql authcustom authpipe
 +
 +
#authmodulelist="authpam"
 +
authmodulelist="authmysql"
 +
 +
##NAME: authmodulelistorig:3
 +
#
 +
# This setting is used by Courier's webadmin module, and should be left
 +
# alone
 +
 +
authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"
 +
 +
##NAME: daemons:0
 +
#
 +
# The number of daemon processes that are started.  authdaemon is typically
 +
# installed where authentication modules are relatively expensive: such
 +
# as authldap, or authmysql, so it's better to have a number of them running.
 +
# PLEASE NOTE:  Some platforms may experience a problem if there's more than
 +
# one daemon.  Specifically, SystemV derived platforms that use TLI with
 +
# socket emulation.  I'm suspicious of TLI's ability to handle multiple
 +
# processes accepting connections on the same filesystem domain socket.
 +
#
 +
# You may need to increase daemons if as your system load increases.  Symptoms
 +
# include sporadic authentication failures.  If you start getting
 +
# authentication failures, increase daemons.  However, the default of 5
 +
# SHOULD be sufficient.  Bumping up daemon count is only a short-term
 +
# solution.  The permanent solution is to add more resources: RAM, faster
 +
# disks, faster CPUs...
 +
 +
daemons=5
 +
 +
##NAME: authdaemonvar:2
 +
#
 +
# authdaemonvar is here, but is not used directly by authdaemond.  It's
 +
# used by various configuration and build scripts, so don't touch it!
 +
 +
authdaemonvar=/var/run/courier/authdaemon
 +
 +
##NAME: DEBUG_LOGIN:0
 +
#
 +
# Dump additional diagnostics to syslog
 +
#
 +
# DEBUG_LOGIN=0  - turn off debugging
 +
# DEBUG_LOGIN=1  - turn on debugging
 +
# DEBUG_LOGIN=2  - turn on debugging + log passwords too
 +
#
 +
# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog.
 +
#
 +
# Note that most information is sent to syslog at level 'debug', so
 +
# you may need to modify your /etc/syslog.conf to be able to see it.
 +
 +
DEBUG_LOGIN=0
 +
 +
##NAME: DEFAULTOPTIONS:0
 +
#
 +
# A comma-separated list of option=value pairs. Each option is applied
 +
# to an account if the account does not have its own specific value for
 +
# that option. So for example, you can set
 +
#  DEFAULTOPTIONS="disablewebmail=1,disableimap=1"
 +
# and then enable webmail and/or imap on individual accounts by setting
 +
# disablewebmail=0 and/or disableimap=0 on the account.
 +
 +
DEFAULTOPTIONS=""
 +
 +
##NAME: LOGGEROPTS:0
 +
#
 +
# courierlogger(1) options, e.g. to set syslog facility
 +
#
 +
 +
LOGGEROPTS=""
 +
 +
##NAME: LDAP_TLS_OPTIONS:0
 +
#
 +
# Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'.
 +
# Examples:
 +
#
 +
#LDAPTLS_CACERT=/path/to/cacert.pem
 +
#LDAPTLS_REQCERT=demand
 +
#LDAPTLS_CERT=/path/to/clientcert.pem
 +
#LDAPTLS_KEY=/path/to/clientkey.pem
 +
 
 +
 
 +
root@charity:~/bin# vim /etc/courier/authmysqlrc
 +
root@charity:~/bin# cat /etc/courier/authmysqlrc
 +
MYSQL_SERVER 127.0.0.1
 +
MYSQL_USERNAME pcmail
 +
MYSQL_PASSWORD secret
 +
MYSQL_PORT 0
 +
MYSQL_DATABASE pcmaildb
 +
MYSQL_USER_TABLE users
 +
MYSQL_CRYPT_PWFIELD password
 +
MYSQL_UID_FIELD 50000
 +
MYSQL_GID_FIELD 50000
 +
MYSQL_LOGIN_FIELD email
 +
MYSQL_HOME_FIELD "/home/pcmail"
 +
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
 +
 
 +
root@charity:~/bin# sudo /etc/init.d/courier-authdaemon restart
 +
  * Stopping Courier authentication services authdaemond                  [ OK ]
 +
  * Starting Courier authentication services authdaemond                  [ OK ]
 +
 
 +
root@charity:~/bin# sudo /etc/init.d/courier-imap restart
 +
  * Stopping Courier IMAP server...                                      [ OK ]
 +
  * Starting Courier IMAP server...                                      [ OK ]
 +
 
 +
root@charity:~/bin# sudo /etc/init.d/courier-imap-ssl restart
 +
  * Stopping Courier IMAP-SSL server...                                  [ OK ]
 +
  * Starting Courier IMAP-SSL server...                                  [ OK ]
 +
 
 +
root@charity:~/bin# sudo /etc/init.d/courier-pop restart
 +
  * Stopping Courier POP3 server...                                      [ OK ]
 +
  * Starting Courier POP3 server...                                      [ OK ]
 +
 
 +
root@charity:~/bin# sudo /etc/init.d/courier-pop-ssl restart
 +
  * Stopping Courier POP3-SSL server...                                  [ OK ]
 +
  * Starting Courier POP3-SSL server...                                  [ OK ]
 +
 
 +
root@charity:~/bin# vim /etc/iptables.up.rules
 +
 
 +
# Allows SMTP access
 +
-A INPUT -p tcp --dport 25 -j ACCEPT
 +
# Allows pop and pops connections
 +
-A INPUT -p tcp --dport 110 -j ACCEPT
 +
-A INPUT -p tcp --dport 995 -j ACCEPT
 +
# Allows imap and imaps connections
 +
-A INPUT -p tcp --dport 143 -j ACCEPT
 +
-A INPUT -p tcp --dport 993 -j ACCEPT
 +
 
 +
root@charity:~/bin# iptables-restore < /etc/iptables.up.rules
 +
 
 +
root@charity:~/bin# mysql -u root -p
 +
Enter password:
 +
Welcome to the MySQL monitor.  Commands end with ; or \g.
 +
Your MySQL connection id is 3590
 +
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
 +
 +
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 +
 +
mysql> use pcmaildb;
 +
Reading table information for completion of table and column names
 +
You can turn off this feature to get a quicker startup with -A
 +
 +
Database changed
 +
mysql> insert into domains (domain) values ( 'progclub.org' );
 +
Query OK, 1 row affected (0.01 sec)
 +
 +
mysql> insert into domains (domain) values ( 'progclub.net' );
 +
Query OK, 1 row affected (0.00 sec)
 +
 +
mysql> insert into domains (domain) values ( 'progclub.com' );
 +
Query OK, 1 row affected (0.00 sec)
 +
 +
mysql> insert into users ( email, password ) values ( 'jj5@progclub.org', encrypt( 'secret' ) );
 +
Query OK, 1 row affected (0.11 sec)
 +
 +
mysql> quit;
 +
Bye
 +
 
 +
root@charity:~/bin# postfix reload
 +
postfix/postfix-script: refreshing the Postfix mail system
 +
 
 +
root@charity:~/bin# ll /home/pcmail
 +
total 20
 +
drwxr-xr-x  2 pcmail pcmail 4096 2011-08-18 07:10 ./
 +
drwxr-xr-x 11 root  root  4096 2011-08-18 07:10 ../
 +
-rw-r--r--  1 pcmail pcmail  220 2010-04-19 02:15 .bash_logout
 +
-rw-r--r--  1 pcmail pcmail 3103 2010-04-19 02:15 .bashrc
 +
-rw-r--r--  1 pcmail pcmail  675 2010-04-19 02:15 .profile
 +
 
 +
root@charity:~/bin# mail jj5@progclub.org
 +
Cc:
 +
Subject: test
 +
testing
 +
 
 +
Note: Ctrl+D to end and send.
 +
 
 +
Works!
 +
 
 +
Bah! The instructions I followed were shit. Had to completely reconfigure to integrate with Postfix Admin. Followed [http://www.progclub.org/pcrepo/pcmail/trunk/DOCUMENTS/POSTFIX_CONF.txt?revision=325&view=markup these instructions].
 +
 
 +
= [[User:John|John]] 2011-08-18 06:11 =
 +
 
 +
== Installing awstats ==
 +
 
 +
jj5@charity:~$ apt-cache search awstats
 +
awstats - powerful and featureful web server log analyzer
 +
jj5@charity:~$ sudo -s
 +
[sudo] password for jj5:
 +
Sorry, try again.
 +
[sudo] password for jj5:
 +
root@charity:~# apt-get install awstats
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  libnet-xwhois-perl
 +
Suggested packages:
 +
  libnet-dns-perl libnet-ip-perl libgeo-ipfree-perl
 +
The following NEW packages will be installed:
 +
  awstats libnet-xwhois-perl
 +
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 974kB of archives.
 +
After this operation, 5,341kB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main awstats 6.9~dfsg-1ubuntu3.10.04.1 [951kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libnet-xwhois-perl 0.90-3 [23.0kB]
 +
Fetched 974kB in 1s (714kB/s)
 +
Bad group for maybe chgrp UNKNOWN './ldap/friggles.ldif'
 +
Committing to: /etc/
 +
modified passwd
 +
modified passwd-
 +
modified shadow
 +
modified shadow-
 +
Committed revision 55.
 +
Selecting previously deselected package awstats.
 +
(Reading database ... 18938 files and directories currently installed.)
 +
Unpacking awstats (from .../awstats_6.9~dfsg-1ubuntu3.10.04.1_all.deb) ...
 +
Selecting previously deselected package libnet-xwhois-perl.
 +
Unpacking libnet-xwhois-perl (from .../libnet-xwhois-perl_0.90-3_all.deb) ...
 +
Processing triggers for man-db ...
 +
Setting up awstats (6.9~dfsg-1ubuntu3.10.04.1) ...
 +
 +
Setting up libnet-xwhois-perl (0.90-3) ...
 +
Bad group for maybe chgrp UNKNOWN './ldap/friggles.ldif'
 +
Committing to: /etc/
 +
added awstats
 +
added awstats/awstats.conf
 +
added awstats/awstats.conf.local
 +
added cron.d/awstats
 +
Committed revision 56.
 +
 
 +
= [[User:John|John]] 2011-08-15 00:30 =
 +
 
 +
== Configuring NFS share /home ==
 +
 
 +
Following [https://help.ubuntu.com/community/NFSv4Howto these instructions].
 +
 
 +
root@charity:~# apt-get install nfs-kernel-server
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  libevent-1.4-2 libgssglue1 libnfsidmap2 librpcsecgss3 nfs-common portmap
 +
The following NEW packages will be installed:
 +
  libevent-1.4-2 libgssglue1 libnfsidmap2 librpcsecgss3 nfs-common
 +
  nfs-kernel-server portmap
 +
0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 592kB of archives.
 +
After this operation, 1,802kB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libevent-1.4-2 1.4.13-stable-1 [61.4kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libgssglue1 0.1-4 [24.4kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libnfsidmap2 0.23-2 [32.1kB]
 +
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main librpcsecgss3 0.19-2 [36.3kB]
 +
Get:5 http://archive.ubuntu.com/ubuntu/ lucid-updates/main portmap 6.0.0-1ubuntu2.1 [39.0kB]
 +
Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main nfs-common 1:1.2.0-4ubuntu4.1 [229kB]
 +
Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/main nfs-kernel-server 1:1.2.0-4ubuntu4.1 [170kB]
 +
Fetched 592kB in 1s (502kB/s)
 +
Committing to: /etc/
 +
modified group
 +
modified group-
 +
modified gshadow
 +
modified gshadow-
 +
modified passwd-
 +
modified shadow-
 +
Committed revision 50.
 +
Preconfiguring packages ...
 +
Selecting previously deselected package libevent-1.4-2.
 +
(Reading database ... 18813 files and directories currently installed.)
 +
Unpacking libevent-1.4-2 (from .../libevent-1.4-2_1.4.13-stable-1_amd64.deb) ...
 +
Selecting previously deselected package libgssglue1.
 +
Unpacking libgssglue1 (from .../libgssglue1_0.1-4_amd64.deb) ...
 +
Selecting previously deselected package libnfsidmap2.
 +
Unpacking libnfsidmap2 (from .../libnfsidmap2_0.23-2_amd64.deb) ...
 +
Selecting previously deselected package librpcsecgss3.
 +
Unpacking librpcsecgss3 (from .../librpcsecgss3_0.19-2_amd64.deb) ...
 +
Selecting previously deselected package portmap.
 +
Unpacking portmap (from .../portmap_6.0.0-1ubuntu2.1_amd64.deb) ...
 +
Selecting previously deselected package nfs-common.
 +
Unpacking nfs-common (from .../nfs-common_1%3a1.2.0-4ubuntu4.1_amd64.deb) ...
 +
Selecting previously deselected package nfs-kernel-server.
 +
Unpacking nfs-kernel-server (from .../nfs-kernel-server_1%3a1.2.0-4ubuntu4.1_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Processing triggers for ureadahead ...
 +
Setting up libevent-1.4-2 (1.4.13-stable-1) ...
 +
 +
Setting up libgssglue1 (0.1-4) ...
 +
 +
Setting up libnfsidmap2 (0.23-2) ...
 +
 +
Setting up librpcsecgss3 (0.19-2) ...
 +
 +
Setting up portmap (6.0.0-1ubuntu2.1) ...
 +
portmap start/running, process 3401
 +
 +
Setting up nfs-common (1:1.2.0-4ubuntu4.1) ...
 +
 +
Creating config file /etc/idmapd.conf with new version
 +
 +
Creating config file /etc/default/nfs-common with new version
 +
Adding system user `statd' (UID 106) ...
 +
Adding new user `statd' (UID 106) with group `nogroup' ...
 +
Not creating home directory `/var/lib/nfs'.
 +
statd start/running, process 3618
 +
gssd stop/pre-start, process 3648
 +
idmapd stop/pre-start, process 3681
 +
 +
Setting up nfs-kernel-server (1:1.2.0-4ubuntu4.1) ...
 +
 +
Creating config file /etc/exports with new version
 +
 +
Creating config file /etc/default/nfs-kernel-server with new version
 +
  * Not starting NFS kernel daemon: no support in current kernel.
 +
 +
Processing triggers for libc-bin ...
 +
ldconfig deferred processing now taking place
 +
Committing to: /etc/
 +
added exports
 +
added gssapi_mech.conf
 +
added idmapd.conf
 +
modified passwd
 +
modified passwd-
 +
modified shadow
 +
modified shadow-
 +
added default/nfs-common
 +
added default/nfs-kernel-server
 +
added default/portmap
 +
added init/gssd.conf
 +
added init/idmapd.conf
 +
added init/portmap-boot.conf
 +
added init/portmap-wait.conf
 +
added init/portmap.conf
 +
added init/rpc_pipefs.conf
 +
added init/statd-mounting.conf
 +
added init/statd.conf
 +
added init.d/gssd
 +
added init.d/idmapd
 +
added init.d/nfs-kernel-server
 +
added init.d/portmap
 +
added init.d/portmap-boot
 +
added init.d/portmap-wait
 +
added init.d/rpc_pipefs
 +
added init.d/statd
 +
added init.d/statd-mounting
 +
added rc0.d/K80nfs-kernel-server
 +
added rc1.d/K80nfs-kernel-server
 +
added rc2.d/S20nfs-kernel-server
 +
added rc3.d/S20nfs-kernel-server
 +
added rc4.d/S20nfs-kernel-server
 +
added rc5.d/S20nfs-kernel-server
 +
added rc6.d/K80nfs-kernel-server
 +
Committed revision 51.
 +
 
 +
root@charity:~# reboot
 +
 
 +
jj5@charity:~$ sudo -s
 +
[sudo] password for jj5:
 +
root@charity:~# ls
 +
bin              pcrepo    try            viewvc-1.0.12.tar.gz
 +
ipsec-tools.conf  progrock  viewvc-1.0.12
 +
root@charity:~# cd /
 +
root@charity:/# ls
 +
bin  dev  home  lib64  mnt  proc  sbin    srv  tmp  var
 +
boot  etc  lib  media  opt  root  selinux  sys  usr
 +
root@charity:/# mkdir /export
 +
root@charity:/# mkdir /export/home
 +
root@charity:/# mount --bind /home /export/home
 +
root@charity:/# vim /etc/fstab
 +
root@charity:/# cat /etc/fstab
 +
proc            /proc      proc    defaults    0 0
 +
/dev/sda1      /          ext3    defaults,errors=remount-ro,noatime    0 1
 +
/dev/sda2      none        swap    sw          0 0
 +
/home          /export/home none  bind        0 0
 +
 
 +
root@charity:/# vim /etc/default/nfs-common
 +
root@charity:/# cat /etc/default/nfs-common
 +
# If you do not set values for the NEED_ options, they will be attempted
 +
# autodetected; this should be sufficient for most people. Valid alternatives
 +
# for the NEED_ options are "yes" and "no".
 +
 +
# Do you want to start the statd daemon? It is not needed for NFSv4.
 +
NEED_STATD=
 +
 +
# Options for rpc.statd.
 +
#  Should rpc.statd listen on a specific port? This is especially useful
 +
#  when you have a port-based firewall. To use a fixed port, set this
 +
#  this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
 +
#  For more information, see rpc.statd(8) or http://wiki.debian.org/?SecuringNFS
 +
STATDOPTS=
 +
 +
# Do you want to start the idmapd daemon? It is only needed for NFSv4.
 +
NEED_IDMAPD=yes
 +
 +
# Do you want to start the gssd daemon? It is required for Kerberos mounts.
 +
NEED_GSSD=
 +
 
 +
root@charity:/# vim /etc/exports
 +
root@charity:/# cat /etc/exports
 +
# /etc/exports: the access control list for filesystems which may be exported
 +
#              to NFS clients.  See exports(5).
 +
#
 +
# Example for NFSv2 and NFSv3:
 +
# /srv/homes      hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
 +
#
 +
# Example for NFSv4:
 +
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
 +
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
 +
#
 +
/export      172.19.0.0/16(rw,fsid=0,insecure,no_subtree_check,async)
 +
/export/home  172.19.0.0/16(rw,nohide,insecure,no_subtree_check,async)
 +
 
 +
root@charity:/# /etc/init.d/nfs-kernel-server restart
 +
  * Stopping NFS kernel daemon                                            [ OK ]
 +
  * Unexporting directories for NFS kernel daemon...                      [ OK ]
 +
  * Not starting NFS kernel daemon: no support in current kernel.
 +
 
 +
Following [http://forum.linode.com/viewtopic.php?t=5549 these suggestions]:
 +
 
 +
root@charity:/etc# vim /etc/init.d/nfs-kernel-server
 +
 
 +
#if [ -f /proc/kallsyms ] && ! grep -qE ' nfsd_serv    ' /proc/kallsyms; then
 +
if [ -f /proc/kallsyms ] && ! grep -qE 'init_nf(sd| )' /proc/kallsyms; then
 +
 
 +
Nah, screw that. How about this!?:
 +
 
 +
#if [ -f /proc/kallsyms ] && ! grep -qE ' nfsd_serv      ' /proc/kallsyms; then
 +
  #log_warning_msg "Not starting $DESC: no support in current kernel."
 +
  #exit 0
 +
#fi
 +
 
 +
root@charity:/etc# /etc/init.d/nfs-kernel-server restart
 +
  * Stopping NFS kernel daemon                                            [ OK ]
 +
  * Unexporting directories for NFS kernel daemon...                      [ OK ]
 +
  * Exporting directories for NFS kernel daemon...                        [ OK ]
 +
  * Starting NFS kernel daemon                                            [ OK ]
 +
 
 +
jj5@charity:/export/home$ vim /etc/iptables.up.rules
 +
 
 +
# Accept anything from hope
 +
-A INPUT -s 67.207.130.204 -j ACCEPT
 +
-A INPUT -s 172.19.1.28 -j ACCEPT
 +
# Accept anything from honesty
 +
-A INPUT -s 67.207.129.103 -j ACCEPT
 +
-A INPUT -s 172.19.1.46 -j ACCEPT
 +
 
 +
root@charity:/export/home# cat /etc/hosts.allow
 +
# /etc/hosts.allow: list of hosts that are allowed to access the system.
 +
#                  See the manual pages hosts_access(5) and hosts_options(5).
 +
#
 +
# Example:    ALL: LOCAL @some_netgroup
 +
#            ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
 +
#
 +
# If you're going to protect the portmapper use the name "portmap" for the
 +
# daemon name. Remember that you can only use the keyword "ALL" and IP
 +
# addresses (NOT host or domain names) for the portmapper, as well as for
 +
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
 +
# for further information.
 +
#
 +
 +
ALL: 172.19.1.28
 +
ALL: 172.19.1.46
 +
 
 +
root@charity:/export/home# cat /etc/fstab
 +
proc            /proc      proc    defaults    0 0
 +
/dev/sda1      /          ext3    defaults,errors=remount-ro,noatime    0 1
 +
/dev/sda2      none        swap    sw          0 0
 +
/home          /export/home none  bind        0 0
 +
 
 +
root@charity:/export/home# cat /etc/exports
 +
# /etc/exports: the access control list for filesystems which may be exported
 +
#              to NFS clients.  See exports(5).
 +
#
 +
# Example for NFSv2 and NFSv3:
 +
# /srv/homes      hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
 +
#
 +
# Example for NFSv4:
 +
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
 +
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
 +
#
 +
 +
/export      172.19.0.0/16(rw,fsid=0,insecure,no_subtree_check,async)
 +
/export/home  172.19.0.0/16(rw,nohide,insecure,no_subtree_check,async)
 +
 
 +
= [[User:John|John]] 2011-08-14 23:04 =
 +
 
 +
== Kerberos client configuration ==
 +
 
 +
Basically the same as on [[Hope_admin#John_2011-08-14_17:23|hope]].
 +
 
 +
jj5@charity:~$ sudo -s
 +
[sudo] password for jj5:
 +
root@charity:~# apt-get install krb5-user krb5-config libpam-krb5
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
krb5-user is already the newest version.
 +
krb5-user set to manually installed.
 +
krb5-config is already the newest version.
 +
krb5-config set to manually installed.
 +
The following NEW packages will be installed:
 +
  libpam-krb5
 +
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 73.8kB of archives.
 +
After this operation, 193kB of additional disk space will be used.
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libpam-krb5 4.2-1 [73.8kB]
 +
Fetched 73.8kB in 0s (120kB/s)
 +
Committing to: /etc/
 +
modified krb5kdc/kadm5.acl
 +
modified ldap/ldap.conf
 +
modified ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif
 +
Committed revision 45.
 +
Selecting previously deselected package libpam-krb5.
 +
(Reading database ... 18809 files and directories currently installed.)
 +
Unpacking libpam-krb5 (from .../libpam-krb5_4.2-1_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Setting up libpam-krb5 (4.2-1) ...
 +
 +
Committing to: /etc/
 +
modified pam.d/common-account
 +
modified pam.d/common-auth
 +
modified pam.d/common-password
 +
modified pam.d/common-session
 +
modified pam.d/common-session-noninteractive
 +
Committed revision 46.
 +
 
 +
root@charity:~# hostname -f
 +
charity.progclub.org
 +
 
 +
root@charity:~# apt-get install libnss-ldapd libsasl2-modules-gssapi-mit kstart
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  libpam-ldapd nscd nslcd
 +
The following NEW packages will be installed:
 +
  kstart libnss-ldapd libpam-ldapd libsasl2-modules-gssapi-mit nscd nslcd
 +
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 532kB of archives.
 +
After this operation, 1,311kB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
 
 +
Package configuration
 +
 +
 +
  ââââââââââââââââââââââââââ⤠Configuring NSLCD ââââââââââââââââââââââââââââ
 +
  â Please enter the Uniform Resource Identifier of the LDAP server. The  â
 +
  â format is 'ldap://<hostname_or_IP_address>:<port>/'. Alternatively,    â
 +
  â 'ldaps://' or 'ldapi://' can be used. The port number is optional.    â
 +
  â                                                                        â
 +
  â When using an ldap or ldaps scheme it is recommended to use an IP      â
 +
  â address to avoid failures when domain name services are unavailable.  â
 +
  â                                                                        â
 +
  â Multiple URIs can be be specified by separating them with spaces.      â
 +
  â                                                                        â
 +
  â LDAP server URI:                                                      â
 +
  â                                                                        â
 +
  â ldaps://charity.progclub.org/_________________________________________ â
 +
  â                                                                        â
 +
  â                  <Ok>                      <Cancel>                  â
 +
  â                                                                        â
 +
  ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Package configuration
 +
 +
 +
 +
 +
ââââââââââââââââââââââââââââ⤠Configuring NSLCD âââââââââââââââââââââââââââââ
 +
â Please enter the distinguished name of the LDAP search base. Many sites  â
 +
â use the components of their domain names for this purpose. For example,  â
 +
â the domain "example.net" would use "dc=example,dc=net" as the            â
 +
â distinguished name of the search base.                                    â
 +
â                                                                          â
 +
â LDAP server search base:                                                  â
 +
â                                                                          â
 +
â dc=progclub,dc=org_______________________________________________________ â
 +
â                                                                          â
 +
â                    <Ok>                        <Cancel>                  â
 +
â                                                                          â
 +
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Package configuration
 +
 +
 +
ââââââââââââââââââââââââââââ⤠Configuring NSLCD âââââââââââââââââââââââââââââ
 +
â                                                                          â
 +
â When an encrypted connection is used, a server certificate can be        â
 +
â requested and checked. Please choose whether lookups should be            â
 +
â configured to require a certificate, and whether certificates should be  â
 +
â checked for validity:                                                    â
 +
â  * never: no certificate will be requested or checked;                    â
 +
â  * allow: a certificate will be requested, but it is not                  â
 +
â          required or checked;                                            â
 +
â  * try: a certificate will be requested and checked, but if no            â
 +
â        certificate is provided it is ignored;                            â
 +
â  * demand: a certificate will be requested, required, and checked.        â
 +
â If certificate checking is enabled, at least one of the tls_cacertdir or  â
 +
â tls_cacertfile options must be put in /etc/nslcd.conf.                    â
 +
â                                                                          â
 +
â                                  <Ok>                                    â
 +
â                                                                          â
 +
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Package configuration
 +
 +
 +
 +
 +
 +
                      âââââââ⤠Configuring NSLCD âââââââââ
 +
                      â Check server's SSL certificate:  â
 +
                      â                                  â
 +
                      â              never              â
 +
                      â            * allow              â
 +
                      â              try                â
 +
                      â              demand              â
 +
                      â                                  â
 +
                      â                                  â
 +
                      â      <Ok>          <Cancel>      â
 +
                      â                                  â
 +
                      ââââââââââââââââââââââââââââââââââââ
 +
 
 +
Package configuration
 +
 +
ââââââââââââââââââââââââ⤠Configuring libnss-ldapd ââââââââââââââââââââââââââ
 +
â For this package to work, you need to modify your /etc/nsswitch.conf to  â
 +
â use the ldap datasource.                                                  â
 +
â                                                                          â
 +
â You can select the services that should have LDAP lookups enabled. The    â
 +
â new LDAP lookups will be added as the last datasource. Be sure to review  â
 +
â these changes.                                                            â
 +
â                                                                          â
 +
â Name services to configure:                                              â
 +
â                                                                          â
 +
â                                                                          â
 +
â    [*] aliases                                                            â
 +
â    [*] ethers                                                            â
 +
â    [*] group                                                              â
 +
â    [*] hosts                                                              â
 +
â    [*] netgroup                                                          â
 +
â    [*] networks                                                          â
 +
â    [*] passwd                                                            â
 +
â    [*] protocols                                                          â
 +
â    [*] rpc                                                                â
 +
â    [*] services                                                          â
 +
â    [*] shadow                                                            â
 +
â                                                                          â
 +
â                                                                          â
 +
â                                  <Ok>                                    â
 +
â                                                                          â
 +
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe kstart 3.16-3 [58.3kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe libsasl2-modules-gssapi-mit 2.1.23.dfsg1-5ubuntu1 [73.1kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/universe nscd 2.11.1-0ubuntu7.8 [212kB]
 +
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/universe nslcd 0.7.2 [120kB]
 +
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/universe libnss-ldapd 0.7.2 [41.8kB]
 +
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/universe libpam-ldapd 0.7.2 [27.6kB]
 +
Fetched 532kB in 1s (431kB/s)
 +
Preconfiguring packages ...
 +
Selecting previously deselected package kstart.
 +
(Reading database ... 18820 files and directories currently installed.)
 +
Unpacking kstart (from .../kstart_3.16-3_amd64.deb) ...
 +
Selecting previously deselected package libsasl2-modules-gssapi-mit.
 +
Unpacking libsasl2-modules-gssapi-mit (from .../libsasl2-modules-gssapi-mit_2.1.23.dfsg1-5ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package nscd.
 +
Unpacking nscd (from .../nscd_2.11.1-0ubuntu7.8_amd64.deb) ...
 +
Selecting previously deselected package nslcd.
 +
Unpacking nslcd (from .../archives/nslcd_0.7.2_amd64.deb) ...
 +
Selecting previously deselected package libnss-ldapd.
 +
Unpacking libnss-ldapd (from .../libnss-ldapd_0.7.2_amd64.deb) ...
 +
Selecting previously deselected package libpam-ldapd.
 +
Unpacking libpam-ldapd (from .../libpam-ldapd_0.7.2_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Processing triggers for ureadahead ...
 +
Setting up kstart (3.16-3) ...
 +
Setting up libsasl2-modules-gssapi-mit (2.1.23.dfsg1-5ubuntu1) ...
 +
Setting up nscd (2.11.1-0ubuntu7.8) ...
 +
  * Starting Name Service Cache Daemon nscd                              [ OK ]
 +
 +
Setting up nslcd (0.7.2) ...
 +
Warning: The home dir /var/run/nslcd/ you specified can't be accessed: No such file or directory
 +
Adding system user `nslcd' (UID 105) ...
 +
Adding new group `nslcd' (GID 108) ...
 +
Adding new user `nslcd' (UID 105) with group `nslcd' ...
 +
Not creating home directory `/var/run/nslcd/'.
 +
  * Starting LDAP connection daemon nslcd                                [ OK ]
 +
 +
Setting up libnss-ldapd (0.7.2) ...
 +
/etc/nsswitch.conf: enable LDAP lookups for aliases
 +
/etc/nsswitch.conf: enable LDAP lookups for ethers
 +
/etc/nsswitch.conf: enable LDAP lookups for group
 +
/etc/nsswitch.conf: enable LDAP lookups for hosts
 +
/etc/nsswitch.conf: enable LDAP lookups for netgroup
 +
/etc/nsswitch.conf: enable LDAP lookups for networks
 +
/etc/nsswitch.conf: enable LDAP lookups for passwd
 +
/etc/nsswitch.conf: enable LDAP lookups for protocols
 +
/etc/nsswitch.conf: enable LDAP lookups for rpc
 +
/etc/nsswitch.conf: enable LDAP lookups for services
 +
/etc/nsswitch.conf: enable LDAP lookups for shadow
 +
  * Restarting Name Service Cache Daemon nscd                            [ OK ]
 +
 +
Setting up libpam-ldapd (0.7.2) ...
 +
 +
Processing triggers for libc-bin ...
 +
ldconfig deferred processing now taking place
 +
Committing to: /etc/
 +
modified .etckeeper
 +
modified group
 +
modified group-
 +
modified gshadow
 +
modified gshadow-
 +
added nscd.conf
 +
added nslcd.conf
 +
modified nsswitch.conf
 +
modified passwd
 +
modified passwd-
 +
modified shadow
 +
modified shadow-
 +
added init.d/nscd
 +
added init.d/nslcd
 +
modified pam.d/common-account
 +
modified pam.d/common-auth
 +
modified pam.d/common-password
 +
modified pam.d/common-session
 +
modified pam.d/common-session-noninteractive
 +
added rc0.d/K20nscd
 +
added rc0.d/K20nslcd
 +
added rc1.d/K20nscd
 +
added rc1.d/K20nslcd
 +
added rc2.d/S20nscd
 +
added rc2.d/S20nslcd
 +
added rc3.d/S20nscd
 +
added rc3.d/S20nslcd
 +
added rc4.d/S20nscd
 +
added rc4.d/S20nslcd
 +
added rc5.d/S20nscd
 +
added rc5.d/S20nslcd
 +
added rc6.d/K20nscd
 +
added rc6.d/K20nslcd
 +
Committed revision 47.
 +
 
 +
root@charity:~# cat /etc/nsswitch.conf
 +
# /etc/nsswitch.conf
 +
#
 +
# Example configuration of GNU Name Service Switch functionality.
 +
# If you have the `glibc-doc-reference' and `info' packages installed, try:
 +
# `info libc "Name Service Switch"' for information about this file.
 +
 +
passwd:        compat ldap
 +
group:          compat ldap
 +
shadow:        compat ldap
 +
 +
hosts:          files dns ldap
 +
networks:      files ldap
 +
 +
protocols:      db files ldap
 +
services:      db files ldap
 +
ethers:        db files ldap
 +
rpc:            db files ldap
 +
 +
netgroup:      nis ldap
 +
aliases:        ldap
 +
 
 +
root@charity:~# vim /etc/nslcd.conf
 +
root@charity:~# cat /etc/nslcd.conf
 +
# /etc/nslcd.conf
 +
# nslcd configuration file. See nslcd.conf(5)
 +
# for details.
 +
 +
# The user and group nslcd should run as.
 +
uid nslcd
 +
gid nslcd
 +
 +
# The location at which the LDAP server(s) should be reachable.
 +
uri ldaps://charity.progclub.org/
 +
 +
# The search base that will be used for all queries.
 +
base dc=progclub,dc=org
 +
 +
# The LDAP protocol version to use.
 +
#ldap_version 3
 +
 +
# The DN to bind with for normal lookups.
 +
#binddn cn=annonymous,dc=example,dc=net
 +
#bindpw secret
 +
 +
# SSL options
 +
#ssl off
 +
tls_reqcert allow
 +
 +
# The search scope.
 +
#scope sub
 +
 +
# JE: 2011-08-14: added sasl_mech
 +
sasl_mech GSSAPI
 +
 
 +
root@charity:~# pam-auth-update
 +
 
 +
Package configuration
 +
 +
ââââââââââââââââââââââââââââââââââââ⤠ ââââââââââââââââââââââââââââââââââââââ
 +
â Pluggable Authentication Modules (PAM) determine how authentication,      â
 +
â authorization, and password changing are handled on the system, as well  â
 +
â as allowing configuration of additional actions to take when starting    â
 +
â user sessions.                                                            â
 +
â                                                                          â
 +
â Some PAM module packages provide profiles that can be used to            â
 +
â automatically adjust the behavior of all PAM-using applications on the    â
 +
â system.  Please indicate which of these behaviors you wish to enable.    â
 +
â                                                                          â
 +
â PAM profiles to enable:                                                  â
 +
â                                                                          â
 +
â    [*] Kerberos authentication                                            â
 +
â    [*] Unix authentication                                                â
 +
â    [ ] LDAP Authentication                                                â
 +
â                                                                          â
 +
â                                                                          â
 +
â                    <Ok>                        <Cancel>                  â
 +
â                                                                          â
 +
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
root@charity:~# service nslcd restart
 +
  * Restarting LDAP connection daemon nslcd
 +
  nslcd: /etc/nslcd.conf:30: option sasl_mech is currently not fully supported (please report any successes)
 +
                                                                        [ OK ]
 +
 
 +
root@charity:~# vim /etc/pam.d/common-password
 +
root@charity:~# cat /etc/pam.d/common-password
 +
#
 +
# /etc/pam.d/common-password - password-related modules common to all services
 +
#
 +
# This file is included from other service-specific PAM config files,
 +
# and should contain a list of modules that define the services to be
 +
# used to change user passwords.  The default is pam_unix.
 +
 +
# Explanation of pam_unix options:
 +
#
 +
# The "sha512" option enables salted SHA512 passwords.  Without this option,
 +
# the default is Unix crypt.  Prior releases used the option "md5".
 +
#
 +
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
 +
# login.defs.
 +
#
 +
# See the pam_unix manpage for other options.
 +
 +
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
 +
# To take advantage of this, it is recommended that you configure any
 +
# local modules either before or after the default block, and use
 +
# pam-auth-update to manage selection of other modules.  See
 +
# pam-auth-update(8) for details.
 +
 +
# here are the per-package modules (the "Primary" block)
 +
#password      requisite                      pam_krb5.so minimum_uid=1000
 +
#password      [success=1 default=ignore]      pam_unix.so obscure use_authtok try_first_pass sha512
 +
# here's the fallback if no module succeeds
 +
#password      requisite                      pam_deny.so
 +
# prime the stack with a positive return value if there isn't one already;
 +
# this avoids us returning an error just because nothing sets a success code
 +
# since the modules above will each just jump around
 +
#password      required                        pam_permit.so
 +
# and here are more per-package modules (the "Additional" block)
 +
# end of pam-auth-update config
 +
 +
password  sufficient  pam_krb5.so minimum_uid=1000
 +
password  required    pam_unix.so obscure try_first_pass sha512
 +
 
 +
Actually... wait. What am I doing? I think we'll keep admin logins separate, and use LDAP for user machines only.
 +
 
 +
jj5@charity:~$ sudo pam-auth-update
 +
[sudo] password for jj5:
 +
 
 +
Package configuration
 +
 +
 +
 +
 +
ââââââââââââââââââââââââââââââââââââ⤠ââââââââââââââââââââââââââââââââââââââ
 +
â                                                                          â
 +
â One or more of the files                                                  â
 +
â /etc/pam.d/common-{auth,account,password,session} have been locally      â
 +
â modified.  Please indicate whether these local changes should be          â
 +
â overridden using the system-provided configuration.  If you decline this  â
 +
â option, you will need to manage your system's authentication              â
 +
â configuration by hand.                                                    â
 +
â                                                                          â
 +
â Override local changes to /etc/pam.d/common-*?                            â
 +
â                                                                          â
 +
â                  * <Yes>                      <No>                      â
 +
â                                                                          â
 +
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Package configuration
 +
 +
ââââââââââââââââââââââââââââââââââââ⤠ ââââââââââââââââââââââââââââââââââââââ
 +
â Pluggable Authentication Modules (PAM) determine how authentication,      â
 +
â authorization, and password changing are handled on the system, as well  â
 +
â as allowing configuration of additional actions to take when starting    â
 +
â user sessions.                                                            â
 +
â                                                                          â
 +
â Some PAM module packages provide profiles that can be used to            â
 +
â automatically adjust the behavior of all PAM-using applications on the    â
 +
â system.  Please indicate which of these behaviors you wish to enable.    â
 +
â                                                                          â
 +
â PAM profiles to enable:                                                  â
 +
â                                                                          â
 +
â    [ ] Kerberos authentication                                            â
 +
â    [*] Unix authentication                                                â
 +
â    [ ] LDAP Authentication                                                â
 +
â                                                                          â
 +
â                                                                          â
 +
â                    <Ok>                        <Cancel>                  â
 +
â                                                                          â
 +
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
 
 +
root@charity:/etc/skel# apt-get remove libpam-krb5 libnss-ldapd libsasl2-modules-gssapi-mit kstart nscd nslcd
 +
 
 +
Package configuration
 +
 +
ââââââââââââââââââââââââââ⤠Removing libnss-ldapd âââââââââââââââââââââââââââ
 +
â                                                                          â
 +
â The following services are still configured to use LDAP for lookups:      â
 +
â  passwd, group, shadow, hosts, networks, protocols, services, ethers,    â
 +
â rpc, netgroup, aliases                                                    â
 +
â but the libnss-ldapd package is about to be removed.                      â
 +
â                                                                          â
 +
â You are advised to remove the entries if you don't plan on using LDAP    â
 +
â for name resolution any more. Not removing ldap from nsswitch.conf        â
 +
â should, for most services, not cause problems, but host name resolution  â
 +
â could be affected in subtle ways.                                        â
 +
â                                                                          â
 +
â You can edit /etc/nsswitch.conf by hand or choose to remove the entries  â
 +
â automatically now. Be sure to review the changes to /etc/nsswitch.conf    â
 +
â if you choose to remove the entries now.                                  â
 +
â                                                                          â
 +
â                                  <Ok>                                    â
 +
â                                                                          â
 +
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Package configuration
 +
 +
 +
 +
 +
 +
 +
 +
                    âââââââ⤠Removing libnss-ldapd âââââââââ
 +
                    â                                      â
 +
                    â Remove LDAP from nsswitch.conf now?  â
 +
                    â                                      â
 +
                    â      * <Yes>          <No>          â
 +
                    â                                      â
 +
                    ââââââââââââââââââââââââââââââââââââââââ
 +
 
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following packages will be REMOVED:
 +
  kstart libnss-ldapd libpam-krb5 libpam-ldapd libsasl2-modules-gssapi-mit
 +
  nscd nslcd
 +
0 upgraded, 0 newly installed, 7 to remove and 0 not upgraded.
 +
After this operation, 1,503kB disk space will be freed.
 +
Do you want to continue [Y/n]?
 +
Committing to: /etc/
 +
modified group
 +
modified group-
 +
modified gshadow
 +
modified gshadow-
 +
modified nslcd.conf
 +
modified passwd
 +
modified passwd-
 +
modified shadow
 +
modified shadow-
 +
modified pam.d/common-account
 +
added pam.d/common-account.pam-old
 +
modified pam.d/common-auth
 +
added pam.d/common-auth.pam-old
 +
modified pam.d/common-password
 +
added pam.d/common-password.pam-old
 +
modified pam.d/common-session
 +
modified pam.d/common-session-noninteractive
 +
added pam.d/common-session-noninteractive.pam-old
 +
added pam.d/common-session.pam-old
 +
Committed revision 48.
 +
(Reading database ... 18880 files and directories currently installed.)
 +
Removing kstart ...
 +
Removing libnss-ldapd ...
 +
/etc/nsswitch.conf: disable LDAP lookups for passwd
 +
/etc/nsswitch.conf: disable LDAP lookups for group
 +
/etc/nsswitch.conf: disable LDAP lookups for shadow
 +
/etc/nsswitch.conf: disable LDAP lookups for hosts
 +
/etc/nsswitch.conf: disable LDAP lookups for networks
 +
/etc/nsswitch.conf: disable LDAP lookups for protocols
 +
/etc/nsswitch.conf: disable LDAP lookups for services
 +
/etc/nsswitch.conf: disable LDAP lookups for ethers
 +
/etc/nsswitch.conf: disable LDAP lookups for rpc
 +
/etc/nsswitch.conf: disable LDAP lookups for netgroup
 +
/etc/nsswitch.conf: disable LDAP lookups for aliases
 +
Removing libpam-krb5 ...
 +
Removing libpam-ldapd ...
 +
Removing libsasl2-modules-gssapi-mit ...
 +
Removing nscd ...
 +
  * Stopping Name Service Cache Daemon nscd                              [ OK ]
 +
Removing nslcd ...
 +
  * Stopping LDAP connection daemon nslcd                                [ OK ]
 +
Processing triggers for man-db ...
 +
Processing triggers for libc-bin ...
 +
ldconfig deferred processing now taking place
 +
Processing triggers for ureadahead ...
 +
Committing to: /etc/
 +
modified nsswitch.conf
 +
Committed revision 49.
 +
 
 +
= [[User:John|John]] 2011-08-14 21:39 =
 +
 
 +
== Configuring slapd indexes ==
 +
 
 +
Per [http://forum.zentyal.org/index.php?topic=664.0 these instructions]:
 +
 
 +
root@charity:/etc/ldap# vim slapd.d/cn\=config/olcDatabase\=\{1\}hdb.ldif
 +
 
 +
olcDbIndex: gidNumber eq
 +
 
 +
root@charity:/etc/ldap# /etc/init.d/slapd restart
 +
Stopping OpenLDAP: slapd.
 +
Starting OpenLDAP: slapd.
 +
 
 +
= [[User:John|John]] 2011-08-14 19:00 =
 +
 
 +
== Configuring KDC ACLs ==
 +
 
 +
root@charity:/etc/krb5kdc# vim kadm5.acl
 +
 
 +
*/admin@PROGCLUB.ORG    *
 +
jj5@PROGCLUB.ORG *
 +
tasaio@PROGCLUB.ORG *
 +
sanguinev@PROGCLUB.ORG *
 +
friggles@PROGCLUB.ORG *
 +
jedd@PROGCLUB.ORG *
 +
 
 +
root@charity:~# /etc/init.d/krb5-admin-server restart
 +
  * Restarting Kerberos administrative servers kadmind
 +
 
 +
= [[User:John|John]] 2011-08-13 15:09 =
 +
 
 +
== Installing ViewVC ==
 +
 
 +
jj5@charity:~$ release pcview "First release. Just a copy of ViewVC 1.0.12."
 +
Releasing pcview
 +
Checking availability of release: https://www.progclub.org/svn/pcrepo/pcview/tags/release/2011/08/13/01
 +
 +
Committed revision 184.
 +
 +
Committed revision 185.
 +
 +
Committed revision 186.
 +
 
 +
jj5@charity:~$ sudo -s
 +
root@charity:~# cd /var/www
 +
root@charity:/var/www# svn co https://www.progclub.org/svn/pcrepo/pcview/tags/latest www.progclub.org-pcview
 +
 
 +
root@charity:/var/www# vim /etc/iptables.up.rules
 +
 
 +
# Hell, allow anything from John's house
 +
-A INPUT -s 60.240.67.126/32 -j ACCEPT
 +
 
 +
root@charity:/var/www# iptables -F
 +
root@charity:/var/www# iptables-restore < /etc/iptables.up.rules
 +
root@charity:/var/www# cd www.progclub.org-pcview/
 +
root@charity:/var/www/www.progclub.org-pcview# bin/standalone.py -r /var/svn/pcrepo
 +
bash: bin/standalone.py: Permission denied
 +
root@charity:/var/www/www.progclub.org-pcview# cd bin
 +
root@charity:/var/www/www.progclub.org-pcview/bin# ls
 +
asp  cvsdbadmin      make-database  standalone.py
 +
cgi  loginfo-handler  mod_python    svndbadmin
 +
root@charity:/var/www/www.progclub.org-pcview/bin# ll
 +
total 92
 +
drwxr-xr-x 6 root root  4096 2011-08-13 05:11 ./
 +
drwxr-xr-x 9 root root  4096 2011-08-13 05:11 ../
 +
drwxr-xr-x 3 root root  4096 2011-08-13 05:11 asp/
 +
drwxr-xr-x 3 root root  4096 2011-08-13 05:11 cgi/
 +
-rw-r--r-- 1 root root  4476 2011-08-13 05:11 cvsdbadmin
 +
-rw-r--r-- 1 root root 10476 2011-08-13 05:11 loginfo-handler
 +
-rw-r--r-- 1 root root  4726 2011-08-13 05:11 make-database
 +
drwxr-xr-x 3 root root  4096 2011-08-13 05:11 mod_python/
 +
-rw-r--r-- 1 root root 26993 2011-08-13 05:11 standalone.py
 +
drwxr-xr-x 6 root root  4096 2011-08-13 05:11 .svn/
 +
-rw-r--r-- 1 root root 10749 2011-08-13 05:11 svndbadmin
 +
root@charity:/var/www/www.progclub.org-pcview/bin# chmod -R a+x *
 +
root@charity:/var/www/www.progclub.org-pcview# bin/standalone.py -r /var/svn/pcrepo
 +
: No such file or directory
 +
 
 +
No fun!
 +
 
 +
root@charity:/var/www/www.progclub.org-pcview# chmod a+x viewvc-install
 +
root@charity:/var/www/www.progclub.org-pcview# ./viewvc-install
 +
: No such file or directory
 +
 
 +
Argh!
 +
 
 +
Time to ask for help.
 +
 
 +
Wait... [http://osdir.com/ml/version-control.viewvc.issues/2008-05/msg00029.html this explains it], WinZip fucked my line endings!
 +
 
 +
jj5@charity:~$ sudo -s
 +
[sudo] password for jj5:
 +
root@charity:~# wget http://viewvc.tigris.org/files/documents/3330/47621/viewvc-1.0.12.tar.gz
 +
--2011-08-13 05:53:37--  http://viewvc.tigris.org/files/documents/3330/47621/viewvc-1.0.12.tar.gz
 +
Resolving viewvc.tigris.org... 204.16.104.146
 +
Connecting to viewvc.tigris.org|204.16.104.146|:80... connected.
 +
HTTP request sent, awaiting response... 200 OK
 +
Length: 523289 (511K) [application/x-gzip]
 +
Saving to: `viewvc-1.0.12.tar.gz'
 +
 +
100%[======================================>] 523,289      528K/s  in 1.0s
 +
 +
2011-08-13 05:53:38 (528 KB/s) - `viewvc-1.0.12.tar.gz' saved [523289/523289]
 +
 
 +
root@charity:~# tar xvf viewvc-1.0.12.tar.gz
 +
root@charity:~# cd /var/www
 +
root@charity:/var/www# svn co https://www.progclub.org/svn/pcrepo/pcview/trunk www.progclub.org-pcview-dev
 +
root@charity:/var/www# cd www.progclub.org-pcview-dev/
 +
root@charity:/var/www/www.progclub.org-pcview-dev# ls
 +
bin                docs          README            viewvc.conf.dist
 +
CHANGES            INSTALL      templates          viewvc-install
 +
COMMITTERS          lib          templates-contrib  windows
 +
cvsgraph.conf.dist  LICENSE.html  TODO
 +
root@charity:/var/www/www.progclub.org-pcview-dev# cp -R ~/viewvc-1.0.12/* .
 +
root@charity:/var/www/www.progclub.org-pcview-dev# svn ci -m "Fixed line endings for ViewVC"
 +
root@charity:/var/www/www.progclub.org-pcview-dev# exit
 +
exit
 +
jj5@charity:~$ release pcview "Fixed line endings."
 +
Releasing pcview
 +
Checking availability of release: https://www.progclub.org/svn/pcrepo/pcview/tags/release/2011/08/13/01
 +
Checking availability of release: https://www.progclub.org/svn/pcrepo/pcview/tags/release/2011/08/13/02
 +
 +
Committed revision 188.
 +
 +
Committed revision 189.
 +
 +
Committed revision 190.
 +
jj5@charity:~$ sudo -s
 +
root@charity:~# cd /var/www/www.progclub.org-pcview
 +
root@charity:/var/www/www.progclub.org-pcview# update
 +
bash: update: command not found
 +
root@charity:/var/www/www.progclub.org-pcview# svn update
 +
root@charity:/var/www/www.progclub.org-pcview# cd bin
 +
root@charity:/var/www/www.progclub.org-pcview/bin# ll
 +
total 92
 +
drwxr-xr-x 6 root root  4096 2011-08-13 05:59 ./
 +
drwxr-xr-x 9 root root  4096 2011-08-13 05:59 ../
 +
drwxr-xr-x 3 root root  4096 2011-08-13 05:59 asp/
 +
drwxr-xr-x 3 root root  4096 2011-08-13 05:59 cgi/
 +
-rw-r--r-- 1 root root  4319 2011-08-13 05:59 cvsdbadmin
 +
-rw-r--r-- 1 root root 10159 2011-08-13 05:59 loginfo-handler
 +
-rw-r--r-- 1 root root  4572 2011-08-13 05:59 make-database
 +
drwxr-xr-x 3 root root  4096 2011-08-13 05:59 mod_python/
 +
-rw-r--r-- 1 root root 26350 2011-08-13 05:59 standalone.py
 +
drwxr-xr-x 6 root root  4096 2011-08-13 05:59 .svn/
 +
-rw-r--r-- 1 root root 10437 2011-08-13 05:59 svndbadmin
 +
root@charity:/var/www/www.progclub.org-pcview/bin# chmod -R a+x *
 +
root@charity:/var/www/www.progclub.org-pcview/bin# cd ..
 +
root@charity:/var/www/www.progclub.org-pcview# bin/standalone.py -r /var/svn/pcrepo
 +
server ready at http://localhost:7467/viewvc
 +
 
 +
root@charity:/var/www/www.progclub.org-pcview# chmod a+x viewvc-install
 +
root@charity:/var/www/www.progclub.org-pcview# ./viewvc-install
 +
This is the ViewVC 1.0.12 installer.
 +
 +
It will allow you to choose the install path for ViewVC.  You will now
 +
be asked some installation questions.  Defaults are given in square brackets.
 +
Just hit [Enter] if a default is okay.
 +
 +
Installation path [/usr/local/viewvc-1.0.12]:
 +
 +
DESTDIR path (generally only used by package maintainers) []:
 +
 
 +
...
 +
 
 +
ViewVC file installation complete.
 +
 +
Consult the INSTALL document for detailed information on completing the
 +
installation and configuration of ViewVC on your system.  Here's a brief
 +
overview of the remaining steps:
 +
 +
  1) Edit the /usr/local/viewvc-1.0.12/viewvc.conf file.
 +
 +
  2) Either configure an existing web server to run
 +
    /usr/local/viewvc-1.0.12/bin/cgi/viewvc.cgi.
 +
 +
    Or, copy /usr/local/viewvc-1.0.12/bin/cgi/viewvc.cgi to an
 +
    already-configured cgi-bin directory.
 +
 +
    Or, use the standalone server provided by this distribution at
 +
    /usr/local/viewvc-1.0.12/bin/standalone.py.
 +
 
 +
root@charity:/var/www/www.progclub.org-pcview# cd /usr/local/viewvc-1.0.12/
 +
root@charity:/usr/local/viewvc-1.0.12# ls
 +
bin            cvsgraph.conf.dist  templates          viewvc.conf
 +
cvsgraph.conf  lib                templates-contrib  viewvc.conf.dist
 +
root@charity:/usr/local/viewvc-1.0.12# vim viewvc.conf
 +
 
 +
root@charity:/usr/local/viewvc-1.0.12# cd /etc/apache2/sites-available/
 +
root@charity:/etc/apache2/sites-available# vim default
 +
 
 +
ScriptAlias /pcview-view /usr/local/viewvc-1.0.12/bin/cgi/viewvc.cgi
 +
ScriptAlias /pcview-query /usr/local/viewvc-1.0.12/bin/cgi/viewvc.cgi
 +
 
 +
root@charity:/etc/apache2/sites-available# apache2ctl graceful
 +
 
 +
GET: http://www.progclub.org/pcview-view
 +
 
 +
An Exception Has Occurred
 +
Python Traceback
 +
 +
Traceback (most recent call last):
 +
  File "/usr/local/viewvc-1.0.12/lib/viewvc.py", line 3761, in main
 +
    request.run_viewvc()
 +
  File "/usr/local/viewvc-1.0.12/lib/viewvc.py", line 258, in run_viewvc
 +
    import vclib.svn
 +
  File "/usr/local/viewvc-1.0.12/lib/vclib/svn/__init__.py", line 27, in <module>
 +
    from svn import fs, repos, core, delta
 +
ImportError: No module named svn
 +
 
 +
Google [http://www.google.com.au/search?q=viewvc%20No%20module%20named%20svn&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&source=hp&channel=np that].
 +
 
 +
[http://www.viewvc.org/faq.html#no-module-named-svn What causes "Error: ImportError: No module named svn"?]
 +
 +
ViewVC uses Subversion's Python bindings to interact with and pull information
 +
out of your Subversion repositories. These bindings are not, however, generally
 +
provided as part of the ViewVC distribution — you have to install them yourself
 +
some other way. (For more information, contact the Subversion community.) The
 +
error you see is Python being asked to import the Subversion Python bindings and
 +
being unable to do so, typically because the bindings modules aren't found in
 +
the Python library search path.
 +
 
 +
Not very helpful dear.
 +
 
 +
root@charity:/usr/local/viewvc-1.0.12# apt-cache search python svn
 +
python-svn - A(nother) Python interface to Subversion
 +
python-svn-dbg - A(nother) Python interface to Subversion (debug extension)
 +
python-rope - Python refactoring library
 +
svn-workbench - A Workbench for Subversion
 +
bzr - easy to use distributed version control system
 +
bzr-doc - easy to use distributed version control system (documentation)
 +
python-subversion - Python bindings for Subversion
 +
python-subversion-dbg - Python bindings for Subversion (debug extension)
 +
root@charity:/usr/local/viewvc-1.0.12# apt-get install python-subversion
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
Suggested packages:
 +
  python-subversion-dbg
 +
The following NEW packages will be installed:
 +
  python-subversion
 +
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 755kB of archives.
 +
After this operation, 3,449kB of additional disk space will be used.
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main python-subversion 1.6.6dfsg-2ubuntu1.3 [755kB]
 +
Fetched 755kB in 1s (525kB/s)
 +
Committing to: /etc/
 +
modified iptables.up.rules
 +
modified apache2/sites-available/default
 +
Committed revision 41.
 +
Selecting previously deselected package python-subversion.
 +
(Reading database ... 18330 files and directories currently installed.)
 +
Unpacking python-subversion (from .../python-subversion_1.6.6dfsg-2ubuntu1.3_amd64.deb) ...
 +
Setting up python-subversion (1.6.6dfsg-2ubuntu1.3) ...
 +
 +
Processing triggers for libc-bin ...
 +
ldconfig deferred processing now taking place
 +
Processing triggers for python-support ...
 +
root@charity:/usr/local/viewvc-1.0.12#
 +
 
 +
GET: http://www.progclub.org/pcview-view
 +
 
 +
Works!
 +
 
 +
Just tidy that up a bit:
 +
 
 +
root@charity:/usr/local/viewvc-1.0.12# vim /etc/apache2/sites-available/default
 +
 
 +
ScriptAlias /pcview /usr/local/viewvc-1.0.12/bin/cgi/viewvc.cgi
 +
ScriptAlias /pcview-query /usr/local/viewvc-1.0.12/bin/cgi/query.cgi
 +
 
 +
root@charity:/usr/local/viewvc-1.0.12# apache2ctl graceful
 +
 
 +
Actually,
 +
 
 +
ScriptAlias /pcrepo /usr/local/viewvc-1.0.12/bin/cgi/viewvc.cgi
 +
#ScriptAlias /pcview-query /usr/local/viewvc-1.0.12/bin/cgi/query.cgi
 +
 
 +
So that's: http://www.progclub.org/pcrepo
 +
 
 +
jj5@charity:~$ sudo -s
 +
root@charity:~# cd /var/www/www.progclub.org
 +
root@charity:/var/www/www.progclub.org# vim robots.txt
 +
 
 +
Disallow: /pcrepo/
 +
 
 +
That ought to do it. Wait...
 +
 
 +
root@charity:~# apt-cache search enscript
 +
enscript - converts text to Postscript, HTML or RTF with syntax highlighting
 +
root@charity:~# apt-get install enscript
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  libpaper-utils libpaper1
 +
Suggested packages:
 +
  gv postscript-viewer lpr
 +
The following NEW packages will be installed:
 +
  enscript libpaper-utils libpaper1
 +
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 482kB of archives.
 +
After this operation, 2,707kB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libpaper1 1.1.23+nmu1build1 [21.2kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main enscript 1.6.5-1 [442kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libpaper-utils 1.1.23+nmu1build1 [18.3kB]
 +
Fetched 482kB in 1s (372kB/s)
 +
Committing to: /etc/
 +
modified apache2/sites-available/default
 +
Committed revision 42.
 +
Preconfiguring packages ...
 +
Selecting previously deselected package libpaper1.
 +
(Reading database ... 18382 files and directories currently installed.)
 +
Unpacking libpaper1 (from .../libpaper1_1.1.23+nmu1build1_amd64.deb) ...
 +
Selecting previously deselected package enscript.
 +
Unpacking enscript (from .../enscript_1.6.5-1_amd64.deb) ...
 +
Selecting previously deselected package libpaper-utils.
 +
Unpacking libpaper-utils (from .../libpaper-utils_1.1.23+nmu1build1_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Setting up libpaper1 (1.1.23+nmu1build1) ...
 +
 +
Creating config file /etc/papersize with new version
 +
 +
Setting up enscript (1.6.5-1) ...
 +
Setting up libpaper-utils (1.1.23+nmu1build1) ...
 +
Processing triggers for libc-bin ...
 +
ldconfig deferred processing now taking place
 +
Committing to: /etc/
 +
added enscript.cfg
 +
added libpaper.d
 +
added papersize
 +
Committed revision 43.
 +
 
 +
root@charity:~# cd /usr/local/viewvc-1.0.12/
 +
root@charity:/usr/local/viewvc-1.0.12# vim viewvc.conf
 +
 
 +
# should we use 'enscript' for syntax coloring?
 +
use_enscript = 1
 +
 
 +
root@charity:/usr/local/viewvc-1.0.12# locate enscript
 +
bash: locate: command not found
 +
root@charity:/usr/local/viewvc-1.0.12# whereis enscript
 +
enscript: /usr/bin/enscript /etc/enscript.cfg /usr/share/enscript /usr/share/man/man1/enscript.1.gz
 +
root@charity:/usr/local/viewvc-1.0.12# vim viewvc.conf
 +
 
 +
#
 +
# if the enscript program is not on the path, set this value
 +
#
 +
#enscript_path =
 +
enscript_path = /usr/bin/
 +
 
 +
root@charity:/usr/local/viewvc-1.0.12# apt-cache search syntax highlight | grep highlight
 +
 
 +
root@charity:/usr/local/viewvc-1.0.12# apt-get install highlight
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  highlight-common
 +
The following NEW packages will be installed:
 +
  highlight highlight-common
 +
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 490kB of archives.
 +
After this operation, 1,864kB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe highlight-common 2.12-1 [196kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe highlight 2.12-1 [294kB]
 +
Fetched 490kB in 1s (394kB/s)
 +
Selecting previously deselected package highlight-common.
 +
(Reading database ... 18593 files and directories currently installed.)
 +
Unpacking highlight-common (from .../highlight-common_2.12-1_all.deb) ...
 +
Selecting previously deselected package highlight.
 +
Unpacking highlight (from .../highlight_2.12-1_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Setting up highlight-common (2.12-1) ...
 +
Setting up highlight (2.12-1) ...
 +
Committing to: /etc/
 +
added highlight
 +
added highlight/filetypes.conf
 +
Committed revision 44.
 +
 
 +
root@charity:/usr/local/viewvc-1.0.12# vim viewvc.conf
 +
 
 +
# should we use 'enscript' for syntax coloring?
 +
use_enscript = 0
 +
 
 +
...
 +
 
 +
# should we use 'highlight' for syntax coloring?
 +
# NOTE: use_enscript has to be 0 or enscript will be used instead
 +
use_highlight = 1
 +
 
 +
[http://www.progclub.org/pcrepo/pcwiki/trunk/index.php?revision=3&view=markup Works!]
 +
 
 +
= [[User:John|John]] 2011-08-12 15:53 =
 +
 
 +
== Installing bc ==
 +
 
 +
jj5@charity:~/bin$ sudo apt-get install bc
 +
[sudo] password for jj5:
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following NEW packages will be installed:
 +
  bc
 +
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 112kB of archives.
 +
After this operation, 328kB of additional disk space will be used.
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main bc 1.06.95-2 [112kB]
 +
Fetched 112kB in 0s (115kB/s)
 +
Selecting previously deselected package bc.
 +
(Reading database ... 18313 files and directories currently installed.)
 +
Unpacking bc (from .../bc_1.06.95-2_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Setting up bc (1.06.95-2) ...
 +
 
 +
= [[User:John|John]] 2011-08-09 20:05 =
 +
 
 +
== Configuring [[Pcldap]] project ==
 +
 
 +
root@charity:/var/www/www.progclub.org/# svn co https://www.progclub.org/svn/pcrepo/pcldap/trunk pcldap
 +
root@charity:/var/www/www.progclub.org/# svn co https://www.progclub.org/svn/pcrepo/pcldap/trunk pcldap-dev
 +
root@charity:/var/www/www.progclub.org# cd pcldap
 +
root@charity:/var/www/www.progclub.org/pcldap# ls
 +
config  hooks  index.php  lib      locale  templates  VERSION
 +
doc    htdocs  INSTALL    LICENSE  queries  tools
 +
root@charity:/var/www/www.progclub.org/pcldap# cd config/
 +
root@charity:/var/www/www.progclub.org/pcldap/config# ls
 +
config.php.example
 +
root@charity:/var/www/www.progclub.org/pcldap/config# cp config.php.example config.php
 +
root@charity:/var/www/www.progclub.org/pcldap/config# apt-get install php5-ldap
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following NEW packages will be installed:
 +
  php5-ldap
 +
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 19.9kB of archives.
 +
After this operation, 115kB of additional disk space will be used.
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5-ldap 5.3.2-1ubuntu4.9 [19.9kB]
 +
Fetched 19.9kB in 0s (37.0kB/s)
 +
Committing to: /etc/
 +
modified network/interfaces
 +
added network/interfaces2011-08-09_01:48
 +
Committed revision 39.
 +
Selecting previously deselected package php5-ldap.
 +
(Reading database ... 18310 files and directories currently installed.)
 +
Unpacking php5-ldap (from .../php5-ldap_5.3.2-1ubuntu4.9_amd64.deb) ...
 +
Processing triggers for libapache2-mod-php5 ...
 +
  * Reloading web server config apache2                                  [ OK ]
 +
Setting up php5-ldap (5.3.2-1ubuntu4.9) ...
 +
Committing to: /etc/
 +
added php5/conf.d/ldap.ini
 +
Committed revision 40.
 +
root@charity:/var/www/www.progclub.org/pcldap/config# apache2ctl graceful
 +
 
 +
= [[User:John|John]] 2011-08-08 16:43 =
 +
 
 +
== Updating robots.txt file for pcwiki ==
 +
 
 +
Added the following to /var/www/www.progclub.org/robots.txt
 +
 
 +
Disallow: /pcwiki/
 +
 
 +
= [[User:John|John]] 2011-08-06 15:30 =
 +
 
 +
== Installing OpenLDAP ==
 +
 
 +
Following [https://help.ubuntu.com/community/OpenLDAPServer these instructions]. Oh, no, wait. [http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html These instructions].
 +
 
 +
jj5@charity:~$ sudo apt-get install slapd ldap-utils
 +
[sudo] password for jj5:
 +
Reading package lists... Done
 +
Building dependency tree
 +
Reading state information... Done
 +
The following extra packages will be installed:
 +
  libdb4.7 libltdl7 libperl5.10 libslp1 odbcinst odbcinst1debian1 unixodbc
 +
Suggested packages:
 +
  slpd openslp-doc libmyodbc odbc-postgresql tdsodbc unixodbc-bin
 +
The following NEW packages will be installed:
 +
  ldap-utils libdb4.7 libltdl7 libperl5.10 libslp1 odbcinst odbcinst1debian1
 +
  slapd unixodbc
 +
0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
 +
Need to get 3,302kB of archives.
 +
After this operation, 8,253kB of additional disk space will be used.
 +
Do you want to continue [Y/n]?
 +
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libdb4.7 4.7.25-9 [653kB]
 +
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libltdl7 2.2.6b-2ubuntu1 [296kB]
 +
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libperl5.10 5.10.1-8ubuntu2.1 [1,202B]
 +
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libslp1 1.2.1-7.6ubuntu0.1 [54.5kB]
 +
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main odbcinst 2.2.11-21 [35.5kB]
 +
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main odbcinst1debian1 2.2.11-21 [66.6kB]
 +
Get:7 http://archive.ubuntu.com/ubuntu/ lucid/main unixodbc 2.2.11-21 [209kB]
 +
Get:8 http://archive.ubuntu.com/ubuntu/ lucid-updates/main slapd 2.4.21-0ubuntu5.5 [1,637kB]
 +
Get:9 http://archive.ubuntu.com/ubuntu/ lucid-updates/main ldap-utils 2.4.21-0ubuntu5.5 [348kB]
 +
Fetched 3,302kB in 2s (1,595kB/s)
 +
Committing to: /etc/
 +
modified shadow
 +
Committed revision 35.
 +
Preconfiguring packages ...
 +
Selecting previously deselected package libdb4.7.
 +
(Reading database ... 17937 files and directories currently installed.)
 +
Unpacking libdb4.7 (from .../libdb4.7_4.7.25-9_amd64.deb) ...
 +
Selecting previously deselected package libltdl7.
 +
Unpacking libltdl7 (from .../libltdl7_2.2.6b-2ubuntu1_amd64.deb) ...
 +
Selecting previously deselected package libperl5.10.
 +
Unpacking libperl5.10 (from .../libperl5.10_5.10.1-8ubuntu2.1_amd64.deb) ...
 +
Selecting previously deselected package libslp1.
 +
Unpacking libslp1 (from .../libslp1_1.2.1-7.6ubuntu0.1_amd64.deb) ...
 +
Selecting previously deselected package odbcinst.
 +
Unpacking odbcinst (from .../odbcinst_2.2.11-21_amd64.deb) ...
 +
Selecting previously deselected package odbcinst1debian1.
 +
Unpacking odbcinst1debian1 (from .../odbcinst1debian1_2.2.11-21_amd64.deb) ...
 +
Selecting previously deselected package unixodbc.
 +
Unpacking unixodbc (from .../unixodbc_2.2.11-21_amd64.deb) ...
 +
Selecting previously deselected package slapd.
 +
Unpacking slapd (from .../slapd_2.4.21-0ubuntu5.5_amd64.deb) ...
 +
Selecting previously deselected package ldap-utils.
 +
Unpacking ldap-utils (from .../ldap-utils_2.4.21-0ubuntu5.5_amd64.deb) ...
 +
Processing triggers for man-db ...
 +
Processing triggers for ureadahead ...
 +
Setting up libdb4.7 (4.7.25-9) ...
 +
 +
Setting up libltdl7 (2.2.6b-2ubuntu1) ...
 +
 +
Setting up libperl5.10 (5.10.1-8ubuntu2.1) ...
 +
 +
Setting up libslp1 (1.2.1-7.6ubuntu0.1) ...
 +
 +
Setting up ldap-utils (2.4.21-0ubuntu5.5) ...
 +
Setting up odbcinst (2.2.11-21) ...
 +
Setting up odbcinst1debian1 (2.2.11-21) ...
 +
 +
Setting up unixodbc (2.2.11-21) ...
 +
 +
Setting up slapd (2.4.21-0ubuntu5.5) ...
 +
  Creating new user openldap... done.
 +
  Creating initial slapd configuration... done.
 +
Starting OpenLDAP: slapd.
 +
 +
Processing triggers for libc-bin ...
 +
ldconfig deferred processing now taking place
 +
Committing to: /etc/
 +
modified .etckeeper
 +
added ODBCDataSources
 +
modified group
 +
modified group-
 +
modified gshadow
 +
modified gshadow-
 +
added odbc.ini
 +
modified passwd
 +
modified passwd-
 +
modified shadow
 +
modified shadow-
 +
added apparmor.d/usr.sbin.slapd
 +
added default/slapd
 +
added init.d/slapd
 +
added ldap/sasl2
 +
added ldap/schema
 +
added ldap/slapd.d
 +
added ldap/schema/README
 +
added ldap/schema/collective.schema
 +
added ldap/schema/corba.schema
 +
added ldap/schema/core.ldif
 +
added ldap/schema/core.schema
 +
added ldap/schema/cosine.ldif
 +
added ldap/schema/cosine.schema
 +
added ldap/schema/duaconf.schema
 +
added ldap/schema/dyngroup.schema
 +
added ldap/schema/inetorgperson.ldif
 +
added ldap/schema/inetorgperson.schema
 +
added ldap/schema/java.schema
 +
added ldap/schema/ldapns.schema
 +
added ldap/schema/misc.ldif
 +
added ldap/schema/misc.schema
 +
added ldap/schema/nis.ldif
 +
added ldap/schema/nis.schema
 +
added ldap/schema/openldap.ldif
 +
added ldap/schema/openldap.schema
 +
added ldap/schema/pmi.schema
 +
added ldap/schema/ppolicy.schema
 +
added ldap/slapd.d/cn=config
 +
added ldap/slapd.d/cn=config.ldif
 +
added ldap/slapd.d/cn=config/cn=schema
 +
added ldap/slapd.d/cn=config/cn=schema.ldif
 +
added ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif
 +
added ldap/slapd.d/cn=config/olcDatabase={0}config.ldif
 +
added ldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif
 +
added rc0.d/K80slapd
 +
added rc1.d/K80slapd
 +
added rc2.d/S19slapd
 +
added rc3.d/S19slapd
 +
added rc4.d/S19slapd
 +
added rc5.d/S19slapd
 +
added rc6.d/K80slapd
 +
Committed revision 36.
 +
 
 +
jj5@charity:~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
 +
SASL/EXTERNAL authentication started
 +
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
 +
SASL SSF: 0
 +
adding new entry "cn=cosine,cn=schema,cn=config"
 +
 
 +
jj5@charity:~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
 +
SASL/EXTERNAL authentication started
 +
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
 +
SASL SSF: 0
 +
adding new entry "cn=nis,cn=schema,cn=config"
 +
 
 +
jj5@charity:~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
 +
SASL/EXTERNAL authentication started
 +
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
 +
SASL SSF: 0
 +
adding new entry "cn=inetorgperson,cn=schema,cn=config"
 +
 
 +
root@charity:~# cd /etc/ldap
 +
root@charity:/etc/ldap# ls
 +
ldap.conf  sasl2  schema  slapd.d
 +
root@charity:/etc/ldap# vim backend.progclub.org.ldif
 +
 
 +
# Load dynamic backend modules
 +
dn: cn=module,cn=config
 +
objectClass: olcModuleList
 +
cn: module
 +
olcModulepath: /usr/lib/ldap
 +
olcModuleload: back_hdb
 +
 +
# Database settings
 +
dn: olcDatabase=hdb,cn=config
 +
objectClass: olcDatabaseConfig
 +
objectClass: olcHdbConfig
 +
olcDatabase: {1}hdb
 +
olcSuffix: dc=progclub,dc=org
 +
olcDbDirectory: /var/lib/ldap
 +
olcRootDN: cn=admin,dc=progclub,dc=org
 +
olcRootPW: <secret>
 +
olcDbConfig: set_cachesize 0 2097152 0
 +
olcDbConfig: set_lk_max_objects 1500
 +
olcDbConfig: set_lk_max_locks 1500
 +
olcDbConfig: set_lk_max_lockers 1500
 +
olcDbIndex: objectClass eq
 +
olcLastMod: TRUE
 +
olcDbCheckpoint: 512 30
 +
olcAccess: to attrs=userPassword by dn="cn=admin,dc=progclub,dc=org" write by anonymous auth by self write by * none
 +
olcAccess: to attrs=shadowLastChange by self write by * read
 +
olcAccess: to dn.base="" by * read
 +
olcAccess: to * by dn="cn=admin,dc=progclub,dc=org" write by * read
 +
 
 +
root@charity:/etc/ldap# sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.progclub.org.ldif
 +
SASL/EXTERNAL authentication started
 +
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
 +
SASL SSF: 0
 +
adding new entry "cn=module,cn=config"
 +
 +
adding new entry "olcDatabase=hdb,cn=config"
 +
 
 +
root@charity:/etc/ldap# vim frontend.progclub.org.ldif
 +
 
 +
# Create top-level object in domain
 +
dn: dc=progclub,dc=org
 +
objectClass: top
 +
objectClass: dcObject
 +
objectclass: organization
 +
o: ProgClub
 +
dc: ProgClub
 +
description: ProgClub
 +
 +
# Admin user.
 +
dn: cn=admin,dc=progclub,dc=org
 +
objectClass: simpleSecurityObject
 +
objectClass: organizationalRole
 +
cn: admin
 +
description: LDAP administrator
 +
userPassword: <secret>
 +
 +
dn: ou=people,dc=progclub,dc=org
 +
objectClass: organizationalUnit
 +
ou: people
 +
 +
dn: ou=groups,dc=progclub,dc=org
 +
objectClass: organizationalUnit
 +
ou: groups
 +
 +
dn: uid=jj5,ou=people,dc=progclub,dc=org
 +
objectClass: inetOrgPerson
 +
objectClass: posixAccount
 +
objectClass: shadowAccount
 +
uid: jj5
 +
sn: Elliot
 +