Wednesday 21 September 2016

Mail Server Setup to avoid SPAM/JUNK

Mail Server Setup to avoid SPAM/JUNK::
===============================
Make sure to setup rDNS,SPF,DKIM authentications on your mail server to avoid being marked as spam

1. rDNS setup

2. SPF 
SPF and SenderID allow a domain owner to add a file or record on the server that the recipient server cross-checks.
v=spf1 include:spf.linuxgeeknotes.com ?all

3. DKIM Authentication
DKIM and DomainKeys embed information within the email, making it harder to forge (but they can also be harder to implement for senders and receivers).

We can make the setups in the mail server dns zone file
at No comments:

Exim mail server configuration on Centos 7



What is Exim?

Exim is a mail transfer agent (MTA) used on Unix-like operating systems. Exim is free software distributed under the terms of the GNU General Public License, and it aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail.

What is Dovecot?

Dovecot is an open source IMAP and POP3 email server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations.



UPDATE THE SYSTEM

First off, ssh to your server and initiate a screen session using the command below:

## screen -U -S exim-dovecot
once you’re in a screen session, update your CentOS 7 VPS using yum as in:

## yum update


ENABLE EPEL REPOSITORY

Enable EPEL repository on the CentOS system using:

## yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
if you get a 404 not found, go at http://dl.fedoraproject.org/pub/epel/7/x86_64/e/ and install the latest epel-release rpm package available.

check if EPEL has been enabled on your system using:

## yum repolist
once EPEL is enabled, install some useful tools using:

## yum install file perl-Mail-SPF.noarch openssl vim


GENERATE SSL CERTIFICATE

Since we are going to use SSL in Dovecot and Exim, we need to have an SSL certificate. You can purchase and use one of our GeoTrust SSL Certificates or you can create your own self-signed SSL certificate for mail.mydomain.com using the commands below:

## mkdir /root/SSL/mail.mydomain.com -p
## cd /root/SSL/mail.mydomain.com
## openssl req -nodes -x509 -newkey rsa:2048 -keyout mail.mydomain.com.key -out mail.mydomain.com.crt -days 365
Move the SSL certificate and key to /etc/ssl using:

## cp mail.mydomain.com.key mail.mydomain.com.crt /etc/ssl/


INSTALL AND CONFIGURE EXIM

Install exim on the CentOS 7 virtual server using yum:

## yum install exim
next, open /etc/exim/exim.conf with your favorite editor and configure exim as follows:

## cp /etc/exim/exim.conf{,.orig}
## vim /etc/exim/exim.conf

primary_hostname = mail.mydomain.com
domainlist local_domains = @ : mydomain.com

tls_advertise_hosts = *
tls_certificate = /etc/ssl/mail.mydomain.com.crt
tls_privatekey = /etc/ssl/mail.mydomain.com.key

auth_advertise_hosts = *
find the transport section and edit the following:

local_delivery:
  driver = appendfile
  directory = $home/Maildir
  maildir_format
  maildir_use_size_file
  delivery_date_add
  envelope_to_add
  return_path_add
scroll down the the authenticators section and add the following lines:

dovecot_login:
  driver = dovecot
  public_name = LOGIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1

dovecot_plain:
  driver = dovecot
  public_name = PLAIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1
Start the EXIM MTA and add it to system’s startup using systemctl

## systemctl start exim
## systemctl status exim
## systemctl enable exim


Exim Commands::
==============
Email Count
exim -bpc

Email queue details
exim -bp

Email header details
exim -Mvh ID

Email body details
exim -Mvb ID

Email log details
exim -Mvl ID

Email count with sender details
exim -bpr|grep "<"|awk {'print $4'}|cut -d"<" -f2|cut -d">" -f1|sort -n|uniq -c|sort -n

Count of emails sent from a sender
exiqgrep -f sendername|grep "<"|wc -l

Count of emails sent to a particular email
exiqgrep -f recipient|grep "<"|wc -l

Delete mails from a particular sender
exim -bpr| grep sendername| awk '{print $3}'|xargs exim -Mrm

List of frozen mails
exim -bp|grep frozen|wc -l

Delete frozen mails
exim -bp|grep frozen|awk {'print $3'}|xargs exim -Mrm

Summary of emails in the queue
exim -bp|exiqsumm

Display what exim is doing now
exiwhat


INSTALL AND CONFIGURE DOVECOT
===============================
Install Dovecot on the system using yum

## yum install dovecot
Once installed, configure SSL in Dovecot by editing the following:

## vim /etc/dovecot/conf.d/10-ssl.conf

ssl = yes
ssl_cert = </etc/ssl/mail.mydomain.com.crt
ssl_key = </etc/ssl/mail.mydomain.com.key
next, allow plaintext authentication in /etc/dovecot/conf.d/10-auth.conf:

## vim /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no
auth_mechanisms = plain login
configure mailbox location and type in /etc/dovecot/conf.d/10-mail.conf:

## vim /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:~/Maildir
Set-up Dovecot so that is allows Exim to use its authentication system in /etc/dovecot/conf.d/10-master.conf

## vim /etc/dovecot/conf.d/10-master.conf

service auth {
...
    unix_listener auth-client {
        mode = 0660
        user = exim
    }
}
Start Dovecot and add it to system’s start-up using:

## systemctl start dovecot
## systemctl status dovecot
## systemctl enable dovecot


CREATE SYSTEM USER

## useradd -m test
## passwd test
at No comments:

Tuesday 20 September 2016

ffmpeg installation

ffmpeg installation::
==============

 If you just want to install ffmpeg without php extension

 Goto ffmpeginstaller.com

 Download the autoinstaller
run ./install.sh.

 It should work fine.
at No comments:

Friday 2 September 2016

Mysql/Mariadb installation in fedora 24

Mysql/Mariadb installation in fedora 24::
============================
Mysql project is owned by Oracle now. Mysql and Mariadb are the widely used in web applications like joomla, wordpress, magento etc

In fedora we use dnf instead of yum. dnf is the future version of yum. Please follow the steps below

# dnf -y update
# dnf -y install mysql-server mysql
# systemctl start mariadb
# systemctl enable mariadb
# systemctl status mariadb
# mysql

 Latest server version is 10.1.16 mariadb

Mysql tweaks::
===========

>> Mysql performs better in ext4 and xfs filesystem. Please check if you are using older file system versions.

>> Mysql performs better if the database is stored on a separate drive/partition. Make sure mysql database have a separate drive/partition if your server is a shared server.
# mount /dev/sdb1   /mysql/
# ln -s  /mysql/mysql  /var/lib/mysql

>> Check for sleep process
# mysqladmin processlist grep “Sleep”
set time out for sleep process in my.cnf so that it won't  take memory anymore
wait_timeout=60

>> Optimization of databases
# mysqlcheck -u root -p --auto-repair --check --optimize --all-databases
# mysqlcheck -u root -p --auto-repair --check --optimize databasename


>> Turn of reverse DNS lookup of clients and set max connections appropriately in my.cnf
skip-name-resolve
global max_connections := 300;

>> Use different tools like mysqltuner for performance tuning. You can try this by downloading from the below url::
https://github.com/search?utf8=%E2%9C%93&q=mysqltuner
at No comments:

LDAP configuration in centos 7

ldap set in centos 7::
===============

My virtual servers  with IP's as follows::
Server IP : 192.168.1.1
Client IP : 192.168.1.2

Please follow the steps below as follows in server and client for ldap configuration.

Server Configuration on 192.168.1.1
==========================
yum -y install *openldap* migrationtools
slappasswd
New password:
Re-enter new password:{SSHA}Gks7qu7ndsmwopjsfgbwr4b452b2b1n2K91T5rwt9ns0dfg
olcRootDN: cn=Manager,dc=linuxgeeknotes,dc=in


Ldap configutaion files are located at  /etc/openldap/slapd.d/
Edit the file as follows::
# vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
olcSuffix: dc=linuxgeeknotes,dc=in
olcRootDN: cn=Manager,dc=linuxgeeknotes,dc=in
olcRootPW: {SSHA}bHSiwuPJEypHS6zHSE2Uy7M69sQjmkPL
olcTLSCertificateFile: /etc/certs/linuxgeeknotescert.pem
olcTLSCertificateKeyFile: /etc/certs/linuxgeeknoteskey.pem

 Now edit the file 
# vi /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif
Edit the line starting with "olcAccess"
dn.base="cn=Manager,dc=linuxgeeknotes,dc=in" read by * none

 Check the configuration using the command
slaptest -u
systemctl start slapd

 systemctl enable slapd

 Configuring ldap database

 # cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# chown -R ldap:ldap /var/lib/ldap/

 Generate ldap certificate
# openssl req -new -x509 -nodes -out /etc/certs/linuxgeeknotescert.pem -keyout /etc/certs/linuxgeeknoteskey.pem -days 365

 Create  object in ldap
Edit the file as follows::
# vi  /usr/share/migrationtools/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "linuxgeeknotes.in";
$DEFAULT_BASE = "dc=linuxgeeknotes,dc=in";
$EXTENDED_SCHEMA = 1;

 Create base.ldif file as follows.
# vi  /root/base.ldif

 dn: dc=linuxgeeknotes,dc=in
objectClass: top
objectClass: dcObject
objectclass: organization
o: linuxgeeknotes in
dc: linuxgeeknotes

 dn: cn=Manager,dc=linuxgeeknotes,dc=in
objectClass: organizationalRole
cn: Manager
description: Directory Manager

 dn: ou=People,dc=linuxgeeknotes,dc=in
objectClass: organizationalUnit
ou: People

 dn: ou=Group,dc=linuxgeeknotes,dc=in
objectClass: organizationalUnit
ou: Group

 Create users on the server.
# useradd lduser1
useradd lduser2
set password for both the users
grep ":10[0-9][0-9]" /etc/passwd > /root/passwd
grep ":10[0-9][0-9]" /etc/group > /root/group

 # ./usr/share/migrationtools/migrate_passwd.pl  /root/passwd  /root/users.ldif
# ./usr/share/migrationtools/migrate_group.pl /root/group /root/groups.ldif

 # ldapadd -x -W -D "cn=Manager,dc=linuxgeeknotes,dc=in" -f /root/base.ldif
# ldapadd -x -W -D "cn=Manager,dc=linuxgeeknotes,dc=in" -f /root/users.ldif
# ldapadd -x -W -D "cn=Manager,dc=linuxgeeknotes,dc=in" -f /root/groups.ldif

  # ldapsearch -x cn=lduser1 -b dc=linuxgeeknotes,dc=in

 Mounting ldap users home directories
# vi /etc/exports
/home *(rw,sync)
# yum -y install rpcbind nfs-utils
# systemctl start rpcbind
# systemctl start nfs
# systemctl enable rpcbind
# systemctl enable nfs
LDAP Client Configuration in 192.168.1.2
================================
# yum install -y openldap-clients nss-pam-ldapd
# authconfig-tui
1. Put '*' Mark on "Use LDAP"
2. Put '*' Mark on "Use LDAP Authentication"
3. Select "Next" and Enter.
4. Enter the server field as "ldap://192.168.1.1/"
5. Enter the Base DN Field as "dc=linuxgeeknotes,dc=in"
6. Select "OK" and Enter

You will be able to see the ldap user details using the command.
# getent passwd lduser1

Mount server home directory 
192.168.1.1:/home   /home   auto  defaults 0 0
at No comments:
Subscribe to: Posts (Atom)