http://www.network-theory.co.uk/docs/bashref/index.html
--
mail server with mysql pop3 - fetchmail - webmail
apt-get install postfix-mysql
apt-get install mutt
apt-get install telnet
apt get install mysql-common mysql-client mysql-server libmysqlclient15-dev
apt-get instal openssl
apt-get install libsasl2 libsasl2-modules libsasl2-modules-sql libauthen-sasl-cyrus-perl libauthen-sasl-perl
apt-get install courier-base courier-authlib-mysql courier-ssl courier-pop
sysv-rc-conf --level 235 mysqld on
sysv-rc-conf --level 235 postfix on
apt-get install apache2
apt-get install vim
sysv-rc-conf --level 235 apache2 on
If not already done...
mysqladmin -u root password new_password
# log in as root
mysql -u root -p
# then enter password for the root account when prompted
Enter password:
# then we create the mail database
create database maildb;
# then we create a new user: "mail"
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
ON maildb.* TO 'mail'@'localhost' IDENTIFIED by 'apassword';
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
ON maildb.* TO 'mail'@'%' IDENTIFIED by 'apassword';
exit;
# log in to mysql as the new mail user
mysql -u mail -p maildb
# enter the newly created password
Enter password:
#then run this commands to create the tables;
CREATE TABLE `aliases` (
`pkid` smallint(3) NOT NULL auto_increment,
`mail` varchar(120) NOT NULL default '',
`destination` varchar(120) NOT NULL default '',
`enabled` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`pkid`),
UNIQUE KEY `mail` (`mail`)
) ;
CREATE TABLE `domains` (
`pkid` smallint(6) NOT NULL auto_increment,
`domain` varchar(120) NOT NULL default '',
`transport` varchar(120) NOT NULL default 'virtual:',
`enabled` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`pkid`)
) ;
CREATE TABLE `users` (
`id` varchar(128) NOT NULL default '',
`name` varchar(128) NOT NULL default '',
`uid` smallint(5) unsigned NOT NULL default '5000',
`gid` smallint(5) unsigned NOT NULL default '5000',
`home` varchar(255) NOT NULL default '/var/spool/mail/virtual',
`maildir` varchar(255) NOT NULL default 'blah/',
`enabled` tinyint(3) unsigned NOT NULL default '1',
`change_password` tinyint(3) unsigned NOT NULL default '1',
`clear` varchar(128) NOT NULL default 'ChangeMe',
`crypt` varchar(128) NOT NULL default 'sdtrusfX0Jj66',
`quota` varchar(255) NOT NULL default '',
`procmailrc` varchar(128) NOT NULL default '',
`spamassassinrc` varchar(128) NOT NULL default '',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`)
) ;
#edit the main.cf flile
myhostname = server.sbs.com
smtpd_banner = $myhostname ESMTP $mail_name
relayhost =
inet_interfaces = all
mynetworks_style = subnet
local_recipient_maps =
mydestination =
# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12
# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and their user id
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
# and group id
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf
cp /etc/aliases /etc/postfix/aliases
postalias /etc/postfix/aliases
# to add if there is not a virtual user
mkdir /var/spool/mail/virtual
groupadd virtual -g 5000
useradd virtual -u 5000 -g 5000
chown -R virtual:virtual /var/spool/mail/virtual
Edit(create) /etc/postfix/mysql_mailbox.cf
user=mail
password=apassword
dbname=maildb
table=users
select_field=maildir
where_field=id
hosts=127.0.0.1
additional_conditions = and enabled = 1
Edit /etc/postfix/mysql_uid.cf
user=mail
password=apassword
dbname=maildb
table=users
select_field=uid
where_field=id
hosts=127.0.0.1
Edit /etc/postfix/mysql_gid.cf
user=mail
password=apassword
dbname=maildb
table=users
select_field=gid
where_field=id
hosts=127.0.0.1
Edit /etc/postfix/mysql_alias.cf
user=mail
password=apassword
dbname=maildb
table=aliases
select_field=destination
where_field=mail
hosts=127.0.0.1
additional_conditions = and enabled = 1
Edit /etc/postfix/mysql_domains.cf
user=mail
password=apassword
dbname=maildb
table=domains
select_field=domain
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1
Pop/IMAP: Courier IMAP
Edit /etc/courier/authdaemonrc, and change the module line to this:
authmodulelist="authmysql"
Edit authmysqlrc and make sure these setting lines are set correctly. Empty spaces at the end of lines are a common mistake.
MYSQL_SERVER localhost
MYSQL_USERNAME mail
MYSQL_PASSWORD apassword
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE maildb
MYSQL_USER_TABLE users
# comment out this field,
# as I now longer use the encrypted pw options
#MYSQL_CRYPT_PWFIELD crypt
MYSQL_CLEAR_PWFIELD clear
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD id
MYSQL_HOME_FIELD "/var/spool/mail/virtual"
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat(home,'/',maildir)
MYSQL_WHERE_CLAUSE enabled=1
/etc/init.d/postfix restart
/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-pop restart
Now add the user in the database and test for individual users
test:~# telnet server.sbs.com 25
Trying 192.168.0.244...
Connected to test.sbs.com.sbs.com.
Escape character is '^]'.
220 server.sbs.com ESMTP Postfix
ehlo server.sbs.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: user2@mega.com
250 2.1.0 Ok
rcpt to: user2@mega.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
this is a test mail for user two frm user2@mega.com
.
250 2.0.0 Ok: queued as BF9C92AEAD
wuit
502 5.5.2 Error: command not recognized
quit
221 2.0.0 Bye
Connection closed by foreign host.
test:~# mutt -f /var/spool/mail/virtual/mega.com/user1
test:~# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information.
a login user1@mega.com user1
a OK LOGIN Ok.
a logout
* BYE Courier-IMAP server shutting down
a OK LOGOUT completed
Connection closed by foreign host.
Installing fetchmail
apt-get install fetchmail
vi /etc/default/fetchmail ( changed to yes )
START_DAEMON=yes
We create /etc/fetchmailrc
set daemon 60 # Pool every 1 minutes
set syslog # log through syslog facility
set postmaster root
set no bouncemail # avoid loss on 4xx errors
# on the other hand, 5xx errors get
# more dangerous...
#########################################################################
# Hosts to pool
#########################################################################
poll 216.185.43.191 protocol POP3 user 'agnello@qualispace.com ' there with password 'agn1234' is 'user1@mega.com' here
chmod 600 /etc/fetchmailrc
chown fetchmail /etc/fetchmailrc
/etc/init.d/fetchmail start
Setting up of webmail
Apt-get install squirrelmail php4-mysql
ln -s /usr/share/squirrelmail /var/www/squirrelmail
<VirtualHost *>
ServerAdmin user1@mega.com
ServerName user1@mega.com
DocumentRoot /var/www/squirrelmail
<Directory /var/www/squirrelmail>
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error-webmail.log
LogLevel warn
CustomLog /var/log/apache2/access-webmail.log combined
ServerSignature On
</VirtualHost>
End
--
Backup server module ( using RSYNC and cygwin )
Back up server module ( using RSYNC and cygwin )
On the linux server end
Apt-get install rsync
/etc/init.d/rsync start
Edit the vi /etc/default/rsync
Change RSYNC_ENABLE=false to true
sysv-rc-conf –levels 1235 rsync on
Now we create a rsync.conf in /etc/
Vi /etc/rsyncd.conf
[agnellobackup]
path = /home/agnello/backup
comment = all agnello's backup
uid = agnello
gid = users
read only = false
auth user = agnello
secrets file = /etc/rsyncd.secrets
chown root:root /etc/rsyncd.conf
chmod 644 /etc/rsyncd.conf
Now we create the rsyncd.secrets in the /etc dir this is used for the windows client for passwordless login to the linux server ( it s in the format usename:password )
vi /etc/rsyncd.secrets
agnello:agnello
chown root:root /etc/rsyncd.secrets
chmod 600 /etc/rsyncd.secrets
Create user
Adduser agnello
Mkdir /home/agnello/backup
All data will be backed up in this directory
On the client side ( windows xp ) ( make sure you are loged in as administrator )
Install cygwing on you windows machine
at the time of installation it will give a option to install certain application install the following
Editors = Install nano for use as a simple text editor
Net = install rsync for remote sync
Create a batch file with following
@cls
@echo off
rem Rsync job control file
C:\Cygwin\bin\rsync -vrtz --password-file=c:\cygwin\secret --delete "/cygdrive/c/Data" agnello@192.168.0.244::agnellobackup
An explanation:
C:\Cygwin\bin\rsync - is the full path to ' rysync.exe'.
-vrtz - verbose (tell us what is being copied), recursive (descend into directories), transfer modification times, z (compress data).
--password-file=c:\cygwin\secret - Path to 'secret' file. (Note: Remember this is for backup to a Linux based Rsync Server; a Windows based Rsync Server cannot authenticate!)
--delete - delete remote files that are deleted locally.
/cygdrive/d/Data - in this example means D:\Data.
agnello@192.168..244::agnellobackup - is the user ID, hostname (can be IP address if over Local Network), and the module connection name (in this example 'modulename').
Now to create the password ( same as /etc/rsyncd.secrets ) on the windows client for passwordless login
Go to C:/cygwin/ run cygwin
Go to cd /
Create a secret ( vi secret ) with content agnello give it 600 permission
Now create a scheduled tals to rund every day ( if you want to run it in minimized mode , create short cut of the batch file --- go to its properties ---- run minimized
END
--
Windows File Sharing (Samba )
Windows File Sharing (Samba ) module
apt-get install samba samba-client
add a work group
Edit the smb.conf file:
vi /etc/samba/smb.conf
search for security and uncomment it to look like this
security = user
In the section [homes] change from writable = no to yes
/etc/init.d/samba restart
Adding Samba Shares
( share 1)
mkdir -p /home/shares/generalfolder
edit etc/samba/smb.conf append to the end of the line
[generalfolder]
comment = All Users
path = /home/shares/generalfolder
valid users = @users
force group = users
writable = yes
adduser agnello users
/etc/init.d/samba restart
#smbpasswd -a agnello
(share 2 )
* This option is for the technicalsupport dept users
mkdir –p /home/share/technicalsupport
addgroup tecnicalsupport
edit etc/samba/smb.conf append to the end of the line
[technicalsupport]
comment = only technicalsupport
path = /home/shares/technicalsupport
valid users = @technicalsupport
force group = technicalsupport
writable = yes
adduser Rodney ( if user is not created )
useradd rodney -G technicalsupport
/etc/init.d/samba restart
sysv-rc-conf --level 235 samba on
for testing purpose
#testparm ( enter)
#smbclient -L //localhost -U swapnil
--
Installing jabber chat server
Installing jabber chat server module
#apt-get install jabber
# /etc/init.d/jabber stop
configuration files are located inside the directory /etc/jabber
edit the file /etc/jabber/jabber.cfg to have your hostname
JABBER_HOSTNAME (which is then passed to jabberd in the -h switch)
JABBER_HOSTNAME=chatserver.quali.com
Now we can start the server up
# /etc/init.d/jabber start
The roster lists are all maintained upon the server side, in a directory beneath /var/lib/jabber named after the servers hostname.
To check the logs
tail -f /var/log/jabber/record.log
now install the chat client on a windows PC
http://jabberstudio.org/projects/exodus/releases/download.php?file=exodus_0.9.1.0.exe
--
how to telnet localhost 143
test:~# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information.
a login user2@mega.com user2
a OK LOGIN Ok.
a logout
hope this helps !!!!
--
port forwarding to access internal pc from exteral network
if your computer is 10.0.0.5 and and it connects to a router for internet connection with eth1 ( 10.0.0.1 ) and eth0 ( 192.168.0.244 ) , and now you want to access the the PC 10.0.0.5 through remote access from a 192.168.0.X network on port 3389.. type the following command
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.244 --dport 3389 -j DNAT --to 10.0.0.5:3389
iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.5 --dport 3389 -j ACCEPT
/etc/init.d/iptables save
hope this helps all !!!
--
how to block gtalk on gmail
In /etc/squid/special_url add the following
.chatenabled.mail.google.com
.talk.google.com
.talk.google.com
and in squid.conf add the following
acl special_url dstdomain "/etc/squid/special_url"
and deny acces to special_url
http_access deny special_url
--
--
ftp error: 500 invalid port connection
I am trying to access a ftp server . I am able to connect to it with the user name and password. However when i connect to the server and do a dir i get the following error.
C:\Documents and Settings\Admin>ftp XXX.XXX.XXX.XXX
Connected to XXX.XXX.XXX.XXX
220 Microsoft FTP Service
User (XXX.XX.XXX.XXX:(none)): user-name
331 Password required for user-name
Password:
230 User user-name logged in.
ftp> dir
500 Invalid PORT Command.
150 Opening ASCII mode data connection for /bin/ls.
Connected to XXX.XXX.XXX.XXX
220 Microsoft FTP Service
User (XXX.XX.XXX.XXX:(none)): user-name
331 Password required for user-name
Password:
230 User user-name logged in.
ftp> dir
500 Invalid PORT Command.
150 Opening ASCII mode data connection for /bin/ls.
I got a fire wall running and i have opened port 21, The entry in the iptables is as follows .
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
Answer :
Passive ftp
A PORT command is again issued, but this time it is from the server to the client. The client connects to the server for data transfer. Since the connection is in the same sense as the original ftp connection, passive ftp is inherently more secure than active ftp, but note that this time we know even less about the port numbers. Now we have a connection between almost arbitrary port numbers.
Enter the ip_conntrack_ftp module once more. Again, this module is able to recognize the PORT command and pick-out the port number. Instead of NEW in the state match for the OUTPUT chain, we can use RELATED. The following rules will suffice:
iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
add the following to the kernel
modprobe ip_nat_ftp
--
Subscribe to:
Posts (Atom)