Tuesday, March 01, 2005

Postfix Configuration

1) Main commands are
postalias: Postfix alias databases. This is the program behind the newaliases command
postfix : starting and stopping the mail system, and for some other administrative operations
postcat : displays the contents of Postfix queue files
postconf : displays Postfix main.cf parameters
postdrop : mail posting agent run by the sendmail on systems having no world-writable maildrop queue directory
postkick : makes some internal communication channels available for use in, for example, shell scripts
postlock : provides Postfix-compatible mailbox locking for use in, for example, shell scripts
postlog : provides Postfix-compatible logging for shell scripts
postmap : maintains Postfix lookup tables such as canonical, virtual and others
postsuper: command maintains the Postfix queue

2) Main config file for postfix are
main.cf - This is the main as the name suggests
master.cf - This controls the daemon process

3) Postfix is a MTA which uses SMTP to transfer mails. So enable SMTP in firewall.

4) The main configuration is main.cf. Here see to it at least these are proper

alias_database = hash:/etc/aliases
inet_interfaces = all
mydomain = index.com
mynetworks = 127.0.0.0/8, 192.168.0.0/24
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relay_domains = $mydestination

5) Now try to send mail using mail program. It should work properly.

Cyrus Imap Server

1) Cyrus-Imap is a imap/pop3 mail System which can use sendmail or postfix as MTA

2) It support SIEVE for server side email filtering

3) Authentication available from SASL library like Kerberos_v4, GSSAPI. CRAM-MD5, DIGEST-MD5, OPT, PLAIN, STARTTLS.

4) Enable these ports in firewall

pop3 110/tcp
imap 143/tcp
imaps 993/tcp
pop3s 995/tcp
sieve 2000/tcp

5) Config files are

/etc/imapd.conf
/etc/cyrus.conf

6) Test using this command if its setup and listining

netstat -an | grep LISTEN

It should list all above port saying that its listining

7) Now to test if it really logs in

cyradm is the tools for logging in as admin and it uses sasl and imap login.
So first create sasl user cyrus with this command

/usr/sbin/saslpasswd2 -c cyrus
Password: (enter your passwd)
Again (for verification): (enter your password)

Now login as user cyrus

/usr/lib/cyrus-imapd/cyradm --user cyrus --server localhost --auth plain
Password: # This is the SASL2 password
IMAP Password: # This is the IMAP password that you need to enter in the
mysql-table »accountusers«
localhost>

That is it.

8) Now to make cyrus as postfix transport edit main.cf and add this line

mailbox_transport = cyrus

9) To SASL Posfix SMTP add following lines in main.cf

smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes

10) Add /usr/lib/sasl2/smtp.conf

pwcheck_method: saslauthd

11) The next step is to tell postfix how to find the saslauthd socket:

mv /var/run/sasl2 /var/run/sasl2-old
ln -s /var/run/saslauthd /var/run/sasl2

12) With Fedora Core 3 there is a error in master.cf. Correct it as follows

user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}

Only then delivery to cyrus will work.

CVS Setup

1) First we need to create enviornment variable called CVSROOT and point it to the root of the repository

export CVSROOT=/home/cvsroot

It can have othernames than cvsroot

2) Now we need to initialise the repository with the following command. Be root to do this.

cvc init

3) Next we have to setup files, directories and then define a module.

Suppose I have a directory called "staff/resume" with some files that should be added to CVS.
To import these files go to staff/resume directory and issue this command

cvs import -m "Import Source" staff/resume thestaff start
cvs checkout CVSROOT/modules

Now Alter the modules file in root directory (not repository) and add this
line.

resume staff/resume

Now save the file and issue the command

cvs commit -m "Added resume module." modules

Now this creates our needed file in CVSROOT. Now we can delete the original
staff/resume directory.

One way is to rm -rf staff. But a better and safer way is

cvs release -d staff
4) Now we should give proper unix group and user permission for modules
directory as this determines who can commit changes. It means that modules
directory should be owned by group who has permission to commit change.
Also group must have write permission if they have permission to update CVS.


5) To make the changes you have made locally into the repository use command

cvs commit staff

or to update

cvs update staff

Normally its good to update the cvs and then give command commit.

6) To create login authentication for cvs do the following.
a) Create a /etc/xinetd.d/cvspserver file if it does not exist, and add the
following.

service cvspserver
{
port = 2401
socket_type = stream
protocol = tcp
wait = no
user = root
passenv = PATH
server = /usr/bin/cvs
server_args = -f --allow-root=/usr/cvsroot pserver
}

Then restart xinetd with /usr/xinetd restart

b) Now create password file in $CVSROOT/CVSROOT/passwd with following content

anonymous:
ullas:$1$75g0K7Vm$ULM55Jj/b6QvVB8RxAlk5/
vikas:@#$$$%7677665566@45667777665555667:ullas
suvas:233$$%7677665566@45667777665555667:ullas

Here password is unix crypt.
Here ullas will have permission if he supplies password. Vikas user can login
with password even if he does not have an account in server and he will run as
ullas in this case. Simalar is the case with Suvas.

c) Now you can login with following command

cvs -d :pserver:anonymous@localhost:/home/cvsroot co staff
or
cvs -d :pserver:ullas:sallut123@localhost:/home/cvsroot co staff

d) You can make this as your CVSROOT enviornment variable in .bash_profile
like the comman below.

CVSROOT=:pserver:ullas:sallut123@localhost:/home/cvsroot co staff

e) To create readonly access to CVS create a file $CVSROOT/CVSROOT/readers
with following contents.

ramesh
sujatha
suvas

Now above three persons becomes read only members of cvs.

PPP Server

1) Edit inittab and add following line

s1:2345:respawn:/usr/sbin/mgetty ttyS0

2) Change pppd to setuid

chmod 4755 /usr/sbin/pppd

3) Create /etc/ppp/pap-secrets file with this content

#user server secret addrs
* * """" *
ullas * - *
root * - *
bin * - *
deamon * - *

4) Create file /etc/ppp/options.ttyS0

192.168.0.1:192.168.0.100

5) Create file /etc/ppp/options.server

-detach
asyncmap 0
modem
crtscts
lock
require-pap
refuse-chap
login
proxyarp
ms-dns 192.168.0.1

6) Check /etc/pam.d/login and make sure the following line is commented out:

auth required pam_dialup.so
insert a # in front of the line to comment out.

7) In /etc/mgetty+sendfax/login.config add following file.

/AutoPPP/ - @ /usr/sbin/pppd file /etc/ppp/options.server

8) In /etc/bashrc file add the following line

alias ppp="exec /usr/sbin/pppd -detach"


9) Now create a normal user as follows.

elango:x:522:100:Elangovan:/tmp:/etc/ppp/ppplogin

10) Now create /etc/ppp/ppplogin

#!/bin/sh
mesg -n
stty -echo
exec /usr/sbin/pppd crtscts modem passive auth