Archive

iRedMail: Build A Full-Featured Mail Server On CentOS 6 With Postfix, Dovecot, PostgreSQL

Build A Full-Featured Mail Server On CentOS 6 With Postfix, Dovecot, PostgreSQL

Summary

We’re going to set up a free, full-featured mail server on CentOS 6.2, all mail service related components are free and open source, and you have control over your own data. The installation process is extremly easy and smooth.

By following this tutorial, you will have below major software and services ready for production use:

  • Postfix: SMTP service
  • Dovecot: POP3/POP3S, IMAP/IMAPS, Managesieve service
  • PostgreSQL: Storing mail accounts and application data
  • Apache: Web server
  • Amavisd, SpamAssassin, ClamAV: Anti-spam, anti-virus
  • Roundcube: Webmail
  • Fail2ban: scans log files (e.g. /var/log/maillog) and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc.
  • iRedAdmin: A basic, free & open source administration panel to manage the mail accounts. Full featured edition is available for purchase here: http://www.iredmail.org/admin_panel.html.
  • Awstats: Apache and Postfix log analyzer
  • phpPgAdmin: web-based administration tool for PostgreSQL

Introduce iRedMail

Homepage of iRedMail project is here: http://www.iredmail.org/

iRedMail is:

  • A ZERO COST, fully fledged, full-featured mail server solution. All components are free and open source software.
  • An open source project, released under GPLv2, hosted on BitBucket.

With iRedMail, you can set up a full-featured, zero-cost mail server in less than 2 minutes. iRedMail works on 8 major Linux/BSD distributions:

  • Red Hat Enterprise Linux 5.x, 6.x
  • CentOS 5.x, 6.x
  • Scientific Linux 5.x, 6.x
  • Debian 6.x (Squeeze)
  • Ubuntu 10.04 LTS, 11.10, 12.04
  • Linux Mint 12 (based on Ubuntu)
  • Gentoo Linux, the latest official release (or daily build) with the latest portage
  • openSUSE 12.1
  • FreeBSD 8.x, 9.x

The latest beta release of iRedMail, 0.8.0-beta4, supports PostgreSQL on RHEL/CentOS/Scientific Linux (6.x), Ubuntu (11.10, 12.04), FreeBSD.

 

System Requirements

WARNING: iRedMail is designed to be deployed on a FRESH server system, which means your server does NOT have mail related components installed, e.g. Apache, PostgreSQL, OpenLDAP, Postfix, Dovecot, Amavisd, etc. Otherwise it may override your existing files/configurations althought it will backup files before modifing, and it may be not working as expected.

To install iRedMail, you need:

  • A FRESH, minimal working CentOS Linux 6. The latest 6.2 release is recommended.
  • At least 512MB of memory is required for production use.

 

Preparations

Set A Fully Qualified Domain Name (FQDN) Hostname On Your Server

We need to set a FQDN hostname before we set up the mail server.

On CentOS Linux, hostname is set in two files:

Hostname setting: /etc/sysconfig/network

# Part of file: /etc/sysconfig/network
HOSTNAME=demo.iredmail.org

Hostname <=> IP address mapping: /etc/hosts. WARNING: Please list the FQDN hostname as the first item.

# Part of file: /etc/hosts
127.0.0.1   demo.iredmail.org demo localhost localhost.localdomain

Verify the FQDN hostname with command ‘hostname -f’. If you change the hostname, please reboot the server to make it work.

$ hostname -f

demo.iredmail.org

 

Enable yum repositories for installing new packages

Please enable all default yum repositories in /etc/yum.repos.d/CentOS-Base.repo, and disable all third-party repositories. Repositories are enabled if you set “enabled=1” in the repo file.

 

Download The Latest Release Of iRedMail

Visit Download page to get the latest release of iRedMail. At least iRedMail-0.8.0-beta4 is required.

Upload iRedMail to your mail server via ftp or scp or whatever method you can use, login to the server to install iRedMail. We assume you uploaded it to directory /root/iRedMail-x.y.z.tar.bz2 (replace x.y.z by the actual version number).

Uncompress iRedMail tarball:

# cd /root/
# tar xjf iRedMail-x.y.z.tar.bz2

 

Start iRedMail Installer

It’s now ready to start iRedMail installer, it will ask you some simple questions, that are all steps to set up a full-featured mail server.

# cd /root/iRedMail-x.y.z/
# bash iRedMail.sh

 

Screenshots Of iRedMail Installation

1) Welcome and thanks for your use:

Click to enlarge

 

2) Specify location to store all mailboxes. Default is /var/vmail/.

Click to enlarge

 

3) Choose backend used to store mail accounts. We will choose PostgreSQL for example in this tutorial, please choose the one which you’re familiar with. You can manage mail accounts with iRedAdmin, our web-based iRedMail admin panel.

Click to enlarge

 

4) Set password of PostgreSQL admin user. PostgreSQL is used to store mail accounts and application data. e.g. Roundcube webmail, Amavisd-new.

Click to enlarge

 

5) Add your first mail domain name:

Click to enlarge

 

6) Set password of admin account of your first mail domain. NOTE:

  • This account is used only for system administration, not a mail user. That means you CANNOT login to webmail with this account.
  • You can login to iRedAdmin (web-based iRedMail admin panel) with this account for mail accont management, login name is full email address.
  • Admin username is hard-coded, you can create new admins with iRedAdmin after installation has completed.

Click to enlarge

 

7) Set password of first mail user of your first mail domain. NOTE:

  • This account is a normal mail user, that means you can login to webmail with this account, login name is full email address.
  • Username is hard-coded, you can create new mail users with iRedAdmin after installation has completed.

Click to enlarge

 

8) Choose optional components:

Click to enlarge

 

After these questions, iRedMail installer will ask you to confirm this installation. It will install and configure required packages automatically. Type y or Y and press Enter to confirm, type n or N and press Enter to cancel this installation.

Important Things You Should Know After Installation

  • Read file /root/iRedMail-x.y.z/iRedMail.tips first, it contains:
    • URLs, usernames and passwords of web-based applications
    • Location of mail serve related software configuration files
    • Some other important and/or sensitive information
  • Setup DNS record for SPF
  • Setup DNS record for DKIM

 

Access Webmail And Other Web Applications

After installation has successfully completed, you can access web-based programs if you choose to install them. Replace ‘your_server’ below by your actual server name or IP address.

  • Webmail: http://your_server/mail/ (or /webmail, /roundcube. HTTPS is available also.)
  • Admin panel: https://your_server/iredadmin/
  • phpMyAdmin: https://your_server/phpmyadmin/
  • Awstats: https://your_server/awstats/awstats.pl?config=web (or ?config=smtp)

 

How To Set Up Multiple SSL Certificates on One IP with Apache on Ubuntu 12.04

You can host multiple SSL certificates on one IP Address using Server Name Identification (SNI).

About SNI

Although hosting several sites on a single virtual private server is not a challenge with the use of virtual hosts, providing separate SSL certificates for each site traditionally required separate IP addresses. The process has recently been simplified through the use of Server Name Indication (SNI), which sends a site visitor the certificate that matches the requested server name.

Note:

SNI can only be used for serving multiple SSL sites from your web server and is not likely to work at all on other daemons, such as mail servers, etc. There are also a small percentage of older web browsers that may still give certificate errors. Wikipedia has an updated list of software that does and does not support this TLS extension.

Set Up


SNI does need to have registered domain names in order to serve the certificates.

The steps in this tutorial require the user to have root privileges. You can see how to set that up in the Initial Server Setup Tutorial in steps 3 and 4.

Apache should already be installed and running on your VPS. If this is not the case, you can download it with this command:

sudo apt-get install apache2

 

Step One—Create Your SSL Certificates


For the purposes of this tutorial, both certificates will be self-signed. We will be working to create a server that hosts both example.com and example.org.

The SSL certificate has 2 parts main parts: the certificate itself and the public key. To make all of the relevant files easy to access, we should create a directory for each virtual host’s SSL certificate.

mkdir -p /etc/apache2/ssl/example.com
mkdir -p /etc/apache2/ssl/example.org

Step Two— Activate the SSL Module


The next step is to enable SSL on the droplet.

sudo a2enmod ssl

Follow up by restarting Apache.

sudo service apache2 restart

 

Step Three—Create a Self Signed SSL Certificate


When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/example.com/apache.key –out /etc/apache2/ssl/example.com/apache.crt

With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory.

This command will prompt terminal to display a lists of fields that need to be filled in.

The most important line is “Common Name”. Enter your official domain name here or, if you don’t have one yet, your site’s IP address.

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.com                  
Email Address []:[email protected]

Then go ahead and take the same steps for the second (example.org) domain:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/example.org/apache.key -out /etc/apache2/ssl/example.org/apache.crt

 

Step Four—Create the Virtual Hosts


Once you have the certificates saved and ready, you can add in your information in the virtual host files.

Although it’s not required, we can create two virtual host files to store virtual host information in separate files, copying the configuration from the default virtual host file.

sudo nano /etc/apache2/sites-available/example.com
sudo nano /etc/apache2/sites-available/example.org

Go ahead and open up each file and paste in the configuration below.

This configuration is a simplified version of two separate configuration files: the default virtual server configuration file found at /etc/apache2/sites-available/default and the default SSL configuration located in /etc/apache2/sites-available/default-ssl.

Additionally, this configuration includes an important change that facilitates multiple SSL certificates.

Whereas the default SSL configuration has the following line, specifying a certificate as the default one for the server,

<VirtualHost _default_:443>

the configuration below does not have a reference to a default certificate. This is key.

Overall, the default configuration files offer a variety of useful directives and additional configuration options that you can add to the virtual host. However, the following information will provide the server everything it needs to set up multiple SSL certificates on one IP address.

<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName example.com
        DocumentRoot /var/www

</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>

        ServerAdmin [email protected]
        ServerName example.com
        DocumentRoot /var/www

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile /etc/apache2/ssl/example.com/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/example.com/apache.key
</VirtualHost>

</IfModule>

There are a few lines in these configuration files that need to be customized.

  • ServerAdmin: This is simply your webmaster’s email address
  • ServerName: This is your domain name. Make sure that you write it in without a prepended www.
  • DocumentRoot: This is the directory where you keep your site information. Currently it points to the apache default directory. You will probably have different server roots for the 2 different virtual hosts.
  • SSLCertificateFile: This directive points to the location of the certificate file. The certificate for each site is stored in the directory that we created earlier in the tutorial.
  • SSLCertificateKeyFile : This directive points to the location of the certificate key. The certificate key for each site is stored in the directory that we created earlier in the tutorial.

Set up both domains’ configurations. We still have more step before the separate SSL certificates will work on both servers.

Step Five—Edit the ports.conf file


The final step required to make sure that multiple certificates work on one VPS is to tell the server to listen on port 443. Add the bolded line to the apache ports configuration file.

sudo nano /etc/apache2/ports.conf

 

NameVirtualHost *:80
NameVirtualHost *:443

Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to 
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

 

Step Six—Activate the Virtual Hosts


The last step is to activate the hosts. Apache makes activating and deactivating hosts very easy.

sudo a2ensite example.com
sudo a2ensite example.org

(You can deactivate virtual hosts with the command: sudo a2dissite example.com)

With all of the virtual hosts in enabled, restart apache.

sudo service apache2 restart

You should now be able to access both sites, each with its own domain name and SSL certificate.

You can view the sites both with and without the signed SSL certificates by typing in just the domain (eg. example.com or example.org) or the domain with the https prefix (https://example.com or https://example.org).

How To Create a SSL Certificate on Apache for CentOS 6

About Self-Signed Certificates


A SSL certificate is a way to encrypt a site’s information and create a more secure connection. Additionally, the certificate can show the virtual private server’s identification information to site visitors. Certificate Authorities can issue SSL certificates that verify the virtual server’s details while a self-signed certificate has no 3rd party corroboration.

Step One—Install Mod SSL


In order to set up the self signed certificate, we first have to be sure that Apache and Mod SSL are installed on our VPS. You can install both with one command:

yum install mod_ssl

 

Step Two—Create a New Directory


Next, we need to create a new directory where we will store the server key and certificate

mkdir /etc/httpd/ssl

 

Step Three—Create a Self Signed Certificate


When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory.

This command will prompt terminal to display a lists of fields that need to be filled in.

The most important line is “Common Name”. Enter your official domain name here or, if you don’t have one yet, your site’s IP address.

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.com                  
Email Address []:[email protected]

 

Step Four—Set Up the Certificate


Now we have all of the required components of the finished certificate.The next thing to do is to set up the virtual hosts to display the new certificate.

Open up the SSL config file:

 vi /etc/httpd/conf.d/ssl.conf

Find the section that begins with <VirtualHost _default_:443> and make some quick changes.

Uncomment the DocumentRoot and ServerName line and replace example.com with your DNS approved domain name or server IP address (it should be the same as the common name on the certificate):

 ServerName example.com:443

Find the following three lines, and make sure that they match the extensions below:

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key

Your virtual host is now all set up! Save and Exit out of the file.

Step Five—Restart Apache


You are done. Restarting the Apache server will reload it with all of your changes in place.

 /etc/init.d/httpd restart

In your browser, type https://youraddress to view the new certificate.

OpenVZ – RHEL/CentOS/Scientific 6.5 Container Networking Bug

Yesterday CentOS 6.5 was released and if you’ve not already seen this, you will likely see floods of tickets come in because when you upgrade an OpenVZ container to CentOS 6.5 and reboot, it will lose all network connectivity.

No active network interfaces:

Code:
[[email protected] ~]# ifconfig
[[email protected] ~]#


We cant bring interfaces up either:

Code:
[[email protected] log]# service network restart
Shutting down loopback interface:                          [  OK  ]
FATAL: Module ipv6 not found.
Bringing up loopback interface:  RTNETLINK answers: Operation not supported
Failed to bring up lo.
                                                           [FAILED]
Bringing up interface venet0:  RTNETLINK answers: Operation not supported
Failed to bring up venet0.
                                                           [FAILED]
FATAL: Module ipv6 not found.

How to solve (CentOS 6 64Bit):

Until the OpenVZ developers create an official fix, you can downgrade the iproute package as follows:

1. From your OpenVZ Hostmachine, download the old RPM:

# wget http://repo.smartservermanagement.co…el6.x86_64.rpm

2. Copy this inside the container:
# cp /root/iproute-2.6.32-23.el6.x86_64.rpm /vz/private/<CTID>/root/

3. Console into the VPS, forcefully remove the current iproute package, and replace with old one:

# vzctl enter <CTID>
# rpm -e iproute-2.6.32-31.el6.x86_64 –nodeps
# rpm -ivh /root/iproute-2.6.32-23.el6.x86_64.rpm

4. Restart the network service

# service network restart

..and voila!

Don’t forget if you have automated yum updates configured (e.g. cPanel does this), add iproute* to the exclude= line in /etc/yum.conf for the time being.

If this fix doesn’t work for you please let me know as we would be interested to hear about it!

Source : http://www.webhostingtalk.com/showthread.php?t=1327600

How to Setup Transmission in a Ubuntu

Transmission is a cross platform bittorrent client. It is an open-source, lightweight and volunteer-based project, and, it is extremely easy to use.

It is Ubuntu’s default torrent client and extremely poweful. And today we are going to learn how to install it in a remote server aka headless server.

Note: Do not install using root user. Choose a user with admin privileges .

 

1 – Open terminal and type:

sudo apt-get update

sudo apt-get install transmission-daemon

 

2 – Next, we’ll need to make the directories where transmission will download and store complete/incomplete files:

mkdir ~/transmission

mkdir ~/transmission/completed ~/transmission/incomplete

 

3 – Transmission-daemon runs using the user “debian-transmission”, so we need to grant it full access to the folder. Also, we will give ourselves access to the directories.

sudo chown debian-transmission:debian-transmission ~/transmission/completed

sudo chown debian-transmission:debian-transmission ~/transmission/incomplete

 

4 – Add current user to debian-transmission group.

sudo usermod -a -G debian-transmission <user>

 

5 – Change permissions to allow only owner and group access:

sudo chmod 770 ~/transmission/*

 

6 – Edit the config file:

sudo nano /etc/transmission-daemon/settings.json

 

download-dir: /home/<user>/transmission/completed

incomplete-dir: /home/<user>/transmission/incomplete

pc-authentication-required: true,#Authentication is enabled by default

pc-password: 1234567890 #Set a password for username

pc-port: 9091,

pc-username: transmission #Default username

pc-whitelist: 127.0.0.1,*.*.*.* #Allow access from anywhere

 

7 – After you’re done, restart the transmission daemon.

sudo service transmission-daemon reload

 

8 – Go to your transmission web interface:

<server_ip>:9091