Rss

  • youtube
  • linkedin
  • google

Archives for : DevOps

Setting up an E-mail server

Tenho meu próprio servidor de e-mail utilizando ;Postfix, Dovecot, MariaDB, Spamassassin, ClamAV, Amavisd-new, Fail2ban, Nginx, Postfixadmin and Roundcube ;under CentOS 8.
Although it has several recipes for how to configure this package, It took me many hours to figure out how to keep the service running correctly, each configuration in the main.cf and in the master.cf and in the end manage to reduce the flood of spam that arrives every instant.
And anti-spam is the focus of this publication. I have suffered and still suffer with the constant attempts to use my services as a zombie or shedding of viruses, fraud and everything else you can.

I lost count of how many times my DNS service stopped by excess of connection attempts to entupiam the memory and forced the s.. a cortar processos para economizar recursos e o ;named ;was chosen for being the weakest link.
So, This article has focus in the proper configuration for private mail services, a few users and few domains. Certainly a lot of what is in this short manual serves to world-class services, but I believe that for these cases the use of tools or dedicated and specialized services should always be taken into consideration.

Então deixemos de lado o falatório para irmos direto ao ;hands-on.

Installation of packages

The first step is to install all the packages that will be used. Roundcube and Postfixadmin run under a PHP-supported webserver whose email accounts can be stored on a database server. How do I use Nginx Webserver and although I prefer PostgreSQL will use the MariaDB as DBMS due to the fact that most of the uses (due to WordPress probably).

So, at the end of the installation process, we should have installed some new package repositories.

Activate the Extra repositories to your distribution Packages, If you haven't already. For CentOS 8 the command below will do that.

$ sudo dnf install epel-release

Additionally, install the packages Curl, htop, I came, yum-utils, wget, NET-tools, chrony and certbot that will be needed at other points in the configuration.

$ sudo dnf install -y curl htop vim yum-utils wget net-tools chrony certbot

Postfix

Postfix ;is an MTA (mail transfer agent). An MTA bridges the gap between the computers for the exchange of electronic mail messages. For our case, is the main element.

The version of Postfix that I'll use in this document is the 3.3. To find out which version will be installed type:

$ sudo dnf info postfix

To install run the command

$ sudo dnf install -y postfix postfix-mysql postfix-pcre

Let's leave the service stopped for now but already set to open along with the operating system.

$ sudo systemctl enable postfix

Dovecot

Dovecot ;is an Imap and Pop3 mail server. With it we can send and receive messages via Postfix and among other things control the access to the service via authentication.
To install Dovecot with mysql support just run the command:

$ sudo dnf install -y dovecot dovecot-mysql

Once again, We will activate the service but leave it standing.

$ sudo systemctl enable dovecot

Amavis

Amavis ;is a content filter for e-mail. With it is possible to filter harmful messages using settings against spam, viruses and other malware. Below the commands that install. It requires many government offices that will be updated and/or installed with. Uma dessas dependencias é o ;SpamAssassin ;that will be configured later, along with all the other packages we're installing.

First make sure that the PowerTools repositorio is enabled, because it is from it that we will install amavisd-new.

$ sudo dnf config-manager --set-enabled powertools

Em seguida instalamos o Amavis e algumas dependencias sendo uma delas o ;ClamAV ;It's a simple and very efficient antivirus for the most common types of threats and completely free.

$ sudo dnf -y install amavisd-new clamd perl-Digest-SHA1 perl-IO-stringy

Again, Let's turn to services that always start automatically, but for now leaving them standing.

$ sudo systemctl enable amavisd spamassassin

MariaDB (or MySQL)

Normally, quem usa WordPress já possui instalado e configurado o ;MariaDB ;or MySQL. If that's the case, can skip this step.

I prefer PostgreSQL, but as the intent of this document is to allow can have its own services DevOps and can not always have multiple instances I decided to use the MariaDB. In this way, If you need to add the WordPress, no need to add an additional DBMS or even use wrappers to have PostgreSQL support.

Don't worry about the settings at this point, because I will detail them later in another publication. Continuing with the installation we should run the command:

$ sudo dnf install -y mariadb-server

and then activate the service to start along with the system

$ sudo systemctl enable mariadb

Webserver (Nginx + Php-Fpm)

The last elements to be installed are part of the Webserver. It is possible that you already have a running as Apache then this point can be skipped. If you are starting a new server or if you have no intimacy with apache and PHP configuration, I recommend following the tips of this installation.

Eu gosto muito do ;Nginx ;e vou usar em conjunto com o ;Php-Fpm.

$ sudo dnf install -y nginx php-fpm

At this point we have all the necessary files to start the configuration of the mail server.

I'm too lazy

Don't like typing or is not concerned in the details of each item installed. Your problems are over!

You can run any command of this document with the following lines:

ATTENTION! This script is just a file with command lines. Eventually may not work properly depending on your system settings.

$ sudo dnf update
$ sudo dnf install -y epel-release
$ sudo dnf config-manager --set-enabled powertools
$ sudo dnf -y install --enable-repo=epel-release,powertools curl htop vim yum-utils wget net-tools chrony certbot postfix dovecot amavisd-new clamd perl-Digest-SHA1 perl-IO-stringy mariadb-server ngixn php-fpm
$ sudo systemctl enable postfix mariadb spamassassin amavisd dovecot nginx php-fpm 

With everything installed we can start the settings. Comecemos pelo ;MariaDB.

Antispam para Servidores de E-mail

Já publiquei um tempo atrás um artigo mostrando como montei um servidor e e-mail utilizando as ferramentas mais comuns para ambiente OpenSource em Linux. Usei Postfix, Dovecot, Postfixadmin, Roundcube e Spamassassin.

Agora vou mostrar uma outra ferramenta que é uma alternativa ao Spamassassin que é o MailCleaner.



Continue Reading >>

Servidor de Email –; Part 4 ; Postfix 3

Part 1 ; Configure main.cf file

This is the fourth part of the process of creating the Mail server in a CentOS 8 and the first part of the Postfix configuration. If you came here by accident, better read one of the publications below first:

Part 1 ; Instalação dos Pacotes

Part 2 ; Configuração do MariaDB

Part 3 ; Configuração do Dovecot

Postfix is the most important part of our mail server. He will be responsible for talking with other MTAs for you to receive and send e-mail messages and so that it can be reached it is necessary that he be identifiable by the name of the server or your hostname.



Continue Reading >>

Servidor de Email –; Part 3 ; Dovecot

This is the third part of the process of creating the mail server on a CentOS 8. If you came here by accident, You should read first the previous publications

Part 1 ; Instalação dos Pacotes

Part 2 ; Configurar MariaDB

Dovecot is an MDA (Mail Delivery Agent) means is an agent that transport messages from Postfix to virtual message boxes. In this section we will configure the Dovecot installation to force users to use SSL when they connect, in this way never sending passwords in plain text mode.

I always like to keep the original files of any definition for if I end up getting lost while changing settings. I can say that this step is not needed if you are doing this tutorial entirely, However, If you already have a previous configuration and is just improving it I strongly suggest you make copies of your files.

In our case, the configuration files will be in /etc/dovecot/conf.d/. We can then make copies with the command:



Continue Reading >>

Correcting modules not loaded error on Centos 6. x

A common problem after upgrading a kernel via yum on Centos is not creating the new kernel modules.
An example of this error happens when you try to use grep as in the print below.


# iptables-L-n | grep "my ip"
FATAL: Could not load/lib/modules/2.6.32-042stab123.9/modules.dep: No such file or directory


#
This indicates that the directory 2.6.32-042stab 123.9 and therefore any module in your content can be loaded.

To correct this problem, the simplest way is this recipe:


# mkdir -p /lib/modules/uname -r


# cd /lib/modules/uname -r
[root@vps3 2.6.32-042stab123.9]# depmod
[root@vps3 2.6.32-042stab123.9]# ls -lah
total 64K
drwxr-xr-x 2 root root 4.0K Oct 18 16:11 .
dr-xr-xr-x 10 root root 4.0K Oct 18 16:11 ..
-rw-r--r-- 1 root root 45 Oct 18 16:11 modules.alias
-rw-r--r-- 1 root root 12 Oct 18 16:11 modules.alias.bin
-rw-r--r-- 1 root root 69 Oct 18 16:11 modules.ccwmap
-rw-r--r-- 1 root root 0 Oct 18 16:11 modules.dep
-rw-r--r-- 1 root root 12 Oct 18 16:11 modules.dep.bin
-rw-r--r-- 1 root root 73 Oct 18 16:11 modules.ieee1394map
-rw-r--r-- 1 root root 141 Oct 18 16:11 modules.inputmap
-rw-r--r-- 1 root root 81 Oct 18 16:11 modules.isapnpmap
-rw-r--r-- 1 root root 74 Oct 18 16:11 modules.ofmap
-rw-r--r-- 1 root root 99 Oct 18 16:11 modules.pcimap
-rw-r--r-- 1 root root 43 Oct 18 16:11 modules.seriomap
-rw-r--r-- 1 root root 131 Oct 18 16:11 modules.softdep
-rw-r--r-- 1 root root 49 Oct 18 16:11 modules.symbols
-rw-r--r-- 1 root root 12 Oct 18 16:11 modules.symbols.bin
-rw-r--r-- 1 root root 189 Oct 18 16:11 modules. usbmap
[root@vps3 2.6.32-042stab123.9]# iptables-L-n | grep "my ip"
[root@vps3 2.6.32-042stab123.9]#
This will create the directory and dependencies to modules for the kernel currently in use (uname -r).

If the problem is not resolved with the above commands. Try to reinstall the kernel via yum with the commands below.

mv /boot/grub/grub.conf /boot/grub/grub.conf.bak yum -y reinstall kernel

And then try the commands listed earlier.

I hope you find it useful both when it was for me.

How to clear deferred messages from Postfix Queue

Today I was watching the log file from Postfix (in CentOS 6.X default is /var/log/maillog) and saw a lot of messages being deferred.

Jan 5 15:02:03 vps3 postfix/smtp[27441]: 3187E2180015: to=<undesired@domain.com>, relay=domain.com[167.114.XXX.XXX]:25, delay=254553, delays=254538/0.2/15/0, dsn=
4.4.2, status=deferred (conversation with domain.com[167.114.XXX.XXX] timed out while receiving the initial server greeting)
Jan 5 15:02:03 vps3 postfix/smtp[27442]: CDED02180014: to=<undesired@domain.com.br>, relay=domain.com[167.114.XXX.XXX]:25, delay=258753, delays=258738/0.13/15/0, dsn
=4.4.2, status=deferred (conversation with domain.com[167.114.XXX.XXX] timed out while receiving the initial server greeting)
Jan 5 15:02:03 vps3 postfix/smtp[27443]: C8EE72180012: to=<undesired@domain.com.br>, relay=domain.com[167.114.XXX.XXX]:25, delay=258753, delays=258738/0.14/15/0, dsn
=4.4.2, status=deferred (conversation with domain.com[167.114.XXX.XXX] timed out while receiving the initial server greeting)
Jan 5 15:02:03 vps3 postfix/smtp[27444]: CDCE32180013: to=<undesired@domain.com.br>, relay=domain.com[167.114.XXX.XXX]:25, delay=258753, delays=258738/0.15/15/0, dsn
=4.4.2, status=deferred (conversation with domain.com[167.114.XXX.XXX] timed out while receiving the initial server greeting)

and these messages did repeat from time to time.

Continue Reading >>

Servidor de Email –; Part 1 ; Necessary facilities

I have my own mail server using Postfix, Dovecot, MariaDB, SpamAssassin, ClamAV, Amavisd-new, fail2ban, nginx, postfixadmin and RoundCube under CentOS 7.
Although it has several recipes for how to configure this package, It took me many hours to figure out how to keep the service running correctly, each setting in main.cf and master.cf and in order to achieve in reducing the flood of spam that arrives every minute.
And anti-spam is the focus of this publication. I have suffered and still suffer with the constant attempts to use my services as a zombie or shedding of viruses, fraud and everything else you can.

I lost count of how many times my DNS service stopped by excess of connection attempts to entupiam the memory and forced the s.. cutting processes to conserve resources and the named was chosen for being the weakest link.
So, This article has focus in the proper configuration for private mail services, a few users and few domains. Certainly a lot of what is in this short manual serves to world-class services, but I believe that for these cases the use of tools or dedicated and specialized services should always be taken into consideration.



Continue Reading >>