Tuesday, February 6, 2018

Email Server in Ubuntu 14.04

For this setup I followed the youtube link given below so kudos to that guy.  The documentation is a bit poor.  However if you listed to that video then this becomes cake walk.  I have bolded all the command entered in the terminal.

Email server using ubuntu 14.04
https://www.youtube.com/watch?v=2pMC-6LVLLg

1. Vi /etc/hosts
127.0.1.1 mail.robert.com mail

2. vi /etc/hostname
mail

3. reboot

4. apt-get update -y; apt-get dist-upgrade -y

5. apt-get install postfix -y

Press enter twice, Internet site and

6. sudo dpkg-reconfigure postfix


* Let it be internet site
* Let it just be the main domain e.g. robert.com
* Other destinations to accept email for
mail.rober.com, localhost.robert.com, , localhost, robert.com
* Force sync update press no for that.
* Local network
Add up 10.10.10.0/24
* Put 0 for mailbox size limit.
* Leave + for local address extension character
* ipv4 for internet protocol.

Now we edit postfix

vi /etc/postfix/main.cf

home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = robert.com
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject unknown client hostname
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes

7. Certificates
$ openssl genrsa -des3 -out server.key 4096
enter and verify pass phrase

8.
$ openssl rsa -in server.key -out server.key.insecure
Enter and verify pass phrase

9. mv server.key server.key.secure
mv server.key.insecure server.key

openssl req -new -key server.key -out server.csr
For Common Name alone put robert.com

10.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'

sudo nano /etc/postfix
we can see the key and cert file getting added up.

11. vi /etc/postfix/master.cf
uncomment
submission inet n
 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
 -o smtpd_saslauth_enable=yes
 -o smtpd_relay_restictions=permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING

under smtps inet n - - - - smtpd
 -o syslog_name=postfix/smtps
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes

12. apt-get install dovcot-common -y
* Press Yes for self signed cert
* Host name as mail.robert.com and press okay.

vi /etc/dovecot/conf.d/10-master.conf

uncomment
unix_listener /var/spool/postfix/private/auth {
  mode = 0660
  user = postfix
  group = postfix
}

vi /etc/dovecot/conf.d/10-auth.conf
auth_mechanisms = plain login

sudo service postfix restart
sudo service dovecot restart

Both of these should connect
nc mail.robert.com 25
nc mail.robert.com 586

sudo apt-get install dovecot-imapd dovecot-pop3d -y

vi /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir

vi /etc/dovecot/conf.d/20-pop3.conf

Uncomment the line
pop3_uidl_format = %08Xu%08Xv

vi /etc/dovecot/conf.d/10-ssl.conf
uncomment the line
ssl = yes

sudo service dovecot restart


nc mail.robert.com 110
nc mail.robert.com 995
nc mail.robert.com 993
nc mail.robert.com 143



Friday, June 9, 2017

Linux - find command

This command will search for all file type with a case insensitive ending of .conf.
find . -type f -iname "*.conf"

This will do the same search however only in the current directory, means it will not recurse through the directory.
find . -maxdepth 1 -type f -iname "*.conf"

This search will search for all file over 50 Kilobytes.  If we replace k with M we get megabytes I suppose (Would it kill you to look up the man page yourself ?).
find . -maxdepth 1 -type f -iname "*.conf" -size +50k




Tuesday, April 25, 2017

GSO, TSO and UFO ethtool for nic

Wonderful article at https://www.coverfire.com/articles/queueing-in-the-linux-network-stack/

Tuesday, March 7, 2017

Shadow file line


balatesting:$6$mgdrjbp6$CuWkPbZHHZpYanP5zJZWwS1awzdh4objOvsfJ.IrIqmYgu1.h5oIu.UvrMysy/NFaZEdS8Zm4jN8Mv/oJor.y.:17232:0:99999:7:::

Saturday, February 25, 2017

Basic Email server in Ubuntu

Here we will see about the installation of a basic SMTP server on Ubuntu
$ sudo apt-get update
# apt-get update –fix-missing
# apt-get install bind9 dnsutils apache2 php5 postfix dovecot-common dovecot-imapd dovecot-pop3d squirrelmail 
Click okay for Internet Site
Let us cd /etc/bind
# vim named.conf.local  be very careful about the style of quotes it is a normal double quote msword will put curly quotes which will not get interpreted correctly.
zone “mark.net” {
                   type master;
                   file “/etc/bind/db.mark”;
};
zone “0.168.192.in-addr.arpa” {
                   type master;
                   file “/etc/bind/db.192”;
};
# cp db.local db.mark
# cp db.127 db.192
# vim db.mark
$TTL 604800
@   IN   SOA   ns.mark.net.   root.mark.net. (
                                               2     ; Serial
                                    604800     ; Refresh
                                      86400     ; Retry
                                  2419200    ; Expire  
                                     604800 ) ; Negative Cache TTL
;
@         IN    NS           ns.mark.net.
@         IN    A             192.168.0.1
ns         IN    A             192.168.0.1
             IN    MX 10    mail.mark.net.
www   IN    CNAME   ns
mail     IN    CNAME   ns
# vim db.192
$TTL 604800
@   IN   SOA   ns.mark.net.   root.mark.net. (
                                               1     ; Serial
                                    604800     ; Refresh
                                      86400     ; Retry
                                  2419200    ; Expire  
                                     604800 ) ; Negative Cache TTL
;
@         IN    NS           ns.mark.net.
1         IN    PTR      ns.mark.net

Now we will restart bind9
# invoke-rc.d bind9 restart
Now when we do nslookup mail.mark.net we should get the IP of our mail server.
When we do a dig mail.mark.net we should get answers from mark.db file of bind9 conf.
Now let us work on the configuration of apache2 configuration file.
# cd /etc/apache2/sites-available/
# ls -l
# cp default mail.conf
# vim mail.conf
Now under VirutalHost directive under ServerAdmin let add the first line and update DocumentRoot
                         ServerAdmin   webmaster@localhost
                         ServerName    mail.mark.net
                         DocumentRoot  /usr/share/squirrelmail
# Change the next Directory line as shown below.
        

Next we should try to enable that site with # a2ensite mail
Then try to reload apache2 service.
 service apache2 reload
Now let us try to reconfigure postfix
# dpkg-reconfigure postfix
Select Localonly and press Okay
Then for System mail name: “mail.mark.net” and press OK.
Then for Root and postmaster don’t give anything and press OK.
Then for other destination to accept mail for change the line to
mail.mark.net, mark-virtual-machine, localhost.localdomain, , localhost, mark.net
Then for “Force synchronous updates on mail queue” press No
Then in Local networks append 192.168.0.0/24 network
Then leave the mailox size limit at 0 bytes.
Then leave the * for Local address extension character and press Ok.
Then for Internet Protocols to use press all and press OK.

Now let us edit the squirrelmail’s apache configuration file.
# vim /etc/squirrelmail/apache.conf
Go down and uncomment
DocumentRoot /usr/share/squirrelmail
Edit the next line to this
ServerName mail.mark.net
vim.tiny /etc/squirrelmail/config.php
$imapServerAddress      = '192.168.56.102';
$smtpServerAddress      = '192.168.56.102';
Now let us start editing the Dovecot configuration file.
# vim /etc/dovecot/dovecot.conf
Go to the very bottom of the file and start typing
protocols = imap pop3
#disable_plaintext_auth = no
mail_location = mbox:~/mail:INBOX=/var/mail/%u
#mail_location = maildir: ~/Maildir

Change this line alone in  /etc/postfix/main.cf
inet_interfaces = 192.168.56.102,127.0.0.1
Now that all configuration is over let us restart all the processes.
# killall named
# killall apache2
# killall dovecot
# invoke-rc.d bind9 restart
# invoke-rc.d apache2 restart
# invoke-rc.d postfix restart
# invoke-rc.d dovecot restart

Now let us create a couple of users to try logging in as them for email transaction.
# adduser bala1
# adduser bala2

Then the important piece of information is to head to http://mail.mark.net/src/login.php


Monday, January 23, 2017

Shredding a disk securely



shred -vfz -n 10 /dev/sda5


-v: show progress
-f: change permissions to allow writing if necessary
-z: add a final overwrite with zeros to hide shredding
-n: overwrite N times instead of the default (3)

Tuesday, January 17, 2017

Serial Edit on VIM editor

When we need to use serial edit while on vim editor.

The following command will change from lines 3 to 7 all words of dogs in to cats.

:3,7s/dogs/cats/g