Rss

  • youtube
  • linkedin
  • google

Archives for : Linux

Setting up an E-mail server

Tenho meu próprio servidor de e-mail utilizando ;Postfix, Dovecot, MariaDB, Spamassassin, ClamAV, Amavisd-new, Fail2ban, Nginx, Postfixadmin and Roundcube ;under CentOS 8.
Although it has several recipes for how to configure this package, It took me many hours to figure out how to keep the service running correctly, each configuration in the main.cf and in the master.cf and in the end manage to reduce the flood of spam that arrives every instant.
And anti-spam is the focus of this publication. I have suffered and still suffer with the constant attempts to use my services as a zombie or shedding of viruses, fraud and everything else you can.

I lost count of how many times my DNS service stopped by excess of connection attempts to entupiam the memory and forced the s.. a cortar processos para economizar recursos e o ;named ;was chosen for being the weakest link.
So, This article has focus in the proper configuration for private mail services, a few users and few domains. Certainly a lot of what is in this short manual serves to world-class services, but I believe that for these cases the use of tools or dedicated and specialized services should always be taken into consideration.

Então deixemos de lado o falatório para irmos direto ao ;hands-on.

Installation of packages

The first step is to install all the packages that will be used. Roundcube and Postfixadmin run under a PHP-supported webserver whose email accounts can be stored on a database server. How do I use Nginx Webserver and although I prefer PostgreSQL will use the MariaDB as DBMS due to the fact that most of the uses (due to WordPress probably).

So, at the end of the installation process, we should have installed some new package repositories.

Activate the Extra repositories to your distribution Packages, If you haven't already. For CentOS 8 the command below will do that.

$ sudo dnf install epel-release

Additionally, install the packages Curl, htop, I came, yum-utils, wget, NET-tools, chrony and certbot that will be needed at other points in the configuration.

$ sudo dnf install -y curl htop vim yum-utils wget net-tools chrony certbot

Postfix

Postfix ;is an MTA (mail transfer agent). An MTA bridges the gap between the computers for the exchange of electronic mail messages. For our case, is the main element.

The version of Postfix that I'll use in this document is the 3.3. To find out which version will be installed type:

$ sudo dnf info postfix

To install run the command

$ sudo dnf install -y postfix postfix-mysql postfix-pcre

Let's leave the service stopped for now but already set to open along with the operating system.

$ sudo systemctl enable postfix

Dovecot

Dovecot ;is an Imap and Pop3 mail server. With it we can send and receive messages via Postfix and among other things control the access to the service via authentication.
To install Dovecot with mysql support just run the command:

$ sudo dnf install -y dovecot dovecot-mysql

Once again, We will activate the service but leave it standing.

$ sudo systemctl enable dovecot

Amavis

Amavis ;is a content filter for e-mail. With it is possible to filter harmful messages using settings against spam, viruses and other malware. Below the commands that install. It requires many government offices that will be updated and/or installed with. Uma dessas dependencias é o ;SpamAssassin ;that will be configured later, along with all the other packages we're installing.

First make sure that the PowerTools repositorio is enabled, because it is from it that we will install amavisd-new.

$ sudo dnf config-manager --set-enabled powertools

Em seguida instalamos o Amavis e algumas dependencias sendo uma delas o ;ClamAV ;It's a simple and very efficient antivirus for the most common types of threats and completely free.

$ sudo dnf -y install amavisd-new clamd perl-Digest-SHA1 perl-IO-stringy

Again, Let's turn to services that always start automatically, but for now leaving them standing.

$ sudo systemctl enable amavisd spamassassin

MariaDB (or MySQL)

Normally, quem usa WordPress já possui instalado e configurado o ;MariaDB ;or MySQL. If that's the case, can skip this step.

I prefer PostgreSQL, but as the intent of this document is to allow can have its own services DevOps and can not always have multiple instances I decided to use the MariaDB. In this way, If you need to add the WordPress, no need to add an additional DBMS or even use wrappers to have PostgreSQL support.

Don't worry about the settings at this point, because I will detail them later in another publication. Continuing with the installation we should run the command:

$ sudo dnf install -y mariadb-server

and then activate the service to start along with the system

$ sudo systemctl enable mariadb

Webserver (Nginx + Php-Fpm)

The last elements to be installed are part of the Webserver. It is possible that you already have a running as Apache then this point can be skipped. If you are starting a new server or if you have no intimacy with apache and PHP configuration, I recommend following the tips of this installation.

Eu gosto muito do ;Nginx ;e vou usar em conjunto com o ;Php-Fpm.

$ sudo dnf install -y nginx php-fpm

At this point we have all the necessary files to start the configuration of the mail server.

I'm too lazy

Don't like typing or is not concerned in the details of each item installed. Your problems are over!

You can run any command of this document with the following lines:

ATTENTION! This script is just a file with command lines. Eventually may not work properly depending on your system settings.

$ sudo dnf update
$ sudo dnf install -y epel-release
$ sudo dnf config-manager --set-enabled powertools
$ sudo dnf -y install --enable-repo=epel-release,powertools curl htop vim yum-utils wget net-tools chrony certbot postfix dovecot amavisd-new clamd perl-Digest-SHA1 perl-IO-stringy mariadb-server ngixn php-fpm
$ sudo systemctl enable postfix mariadb spamassassin amavisd dovecot nginx php-fpm 

With everything installed we can start the settings. Comecemos pelo ;MariaDB.

Docker on Ubuntu. Service nginx failed to build: ADD failed: stat /var/lib/docker/tmp/docker-builder(…)/startup.sh: no such file or directory

Docker in Ubuntu

Sometimes, when using Laradock, this error occurs after trying a container rebuild with no such file or directory message on docker-compose up -d –build nginx command.

Its not clear to me what is the actual issue, but running the command with sudo, we can run it sucessfully.

Seems that the regular user need access rights to directory /var/lib/docker/tmp/ but do not have. So, running with sudo the trouble is bypassed and the build can finished normally.

After build containers with sudo, is possible to unload it and reload without sudo.

Servidor de Email –; Part 4 ; Postfix 3

Part 1 ; Configure main.cf file

This is the fourth part of the process of creating the Mail server in a CentOS 8 and the first part of the Postfix configuration. If you came here by accident, better read one of the publications below first:

Part 1 ; Instalação dos Pacotes

Part 2 ; Configuração do MariaDB

Part 3 ; Configuração do Dovecot

Postfix is the most important part of our mail server. He will be responsible for talking with other MTAs for you to receive and send e-mail messages and so that it can be reached it is necessary that he be identifiable by the name of the server or your hostname.



Continue Reading >>

Servidor de Email –; Part 3 ; Dovecot

This is the third part of the process of creating the mail server on a CentOS 8. If you came here by accident, You should read first the previous publications

Part 1 ; Instalação dos Pacotes

Part 2 ; Configurar MariaDB

Dovecot is an MDA (Mail Delivery Agent) means is an agent that transport messages from Postfix to virtual message boxes. In this section we will configure the Dovecot installation to force users to use SSL when they connect, in this way never sending passwords in plain text mode.

I always like to keep the original files of any definition for if I end up getting lost while changing settings. I can say that this step is not needed if you are doing this tutorial entirely, However, If you already have a previous configuration and is just improving it I strongly suggest you make copies of your files.

In our case, the configuration files will be in /etc/dovecot/conf.d/. We can then make copies with the command:



Continue Reading >>

Correcting modules not loaded error on Centos 6. x

A common problem after upgrading a kernel via yum on Centos is not creating the new kernel modules.
An example of this error happens when you try to use grep as in the print below.


# iptables-L-n | grep "my ip"
FATAL: Could not load/lib/modules/2.6.32-042stab123.9/modules.dep: No such file or directory


#
This indicates that the directory 2.6.32-042stab 123.9 and therefore any module in your content can be loaded.

To correct this problem, the simplest way is this recipe:


# mkdir -p /lib/modules/uname -r


# cd /lib/modules/uname -r
[root@vps3 2.6.32-042stab123.9]# depmod
[root@vps3 2.6.32-042stab123.9]# ls -lah
total 64K
drwxr-xr-x 2 root root 4.0K Oct 18 16:11 .
dr-xr-xr-x 10 root root 4.0K Oct 18 16:11 ..
-rw-r--r-- 1 root root 45 Oct 18 16:11 modules.alias
-rw-r--r-- 1 root root 12 Oct 18 16:11 modules.alias.bin
-rw-r--r-- 1 root root 69 Oct 18 16:11 modules.ccwmap
-rw-r--r-- 1 root root 0 Oct 18 16:11 modules.dep
-rw-r--r-- 1 root root 12 Oct 18 16:11 modules.dep.bin
-rw-r--r-- 1 root root 73 Oct 18 16:11 modules.ieee1394map
-rw-r--r-- 1 root root 141 Oct 18 16:11 modules.inputmap
-rw-r--r-- 1 root root 81 Oct 18 16:11 modules.isapnpmap
-rw-r--r-- 1 root root 74 Oct 18 16:11 modules.ofmap
-rw-r--r-- 1 root root 99 Oct 18 16:11 modules.pcimap
-rw-r--r-- 1 root root 43 Oct 18 16:11 modules.seriomap
-rw-r--r-- 1 root root 131 Oct 18 16:11 modules.softdep
-rw-r--r-- 1 root root 49 Oct 18 16:11 modules.symbols
-rw-r--r-- 1 root root 12 Oct 18 16:11 modules.symbols.bin
-rw-r--r-- 1 root root 189 Oct 18 16:11 modules. usbmap
[root@vps3 2.6.32-042stab123.9]# iptables-L-n | grep "my ip"
[root@vps3 2.6.32-042stab123.9]#
This will create the directory and dependencies to modules for the kernel currently in use (uname -r).

If the problem is not resolved with the above commands. Try to reinstall the kernel via yum with the commands below.

mv /boot/grub/grub.conf /boot/grub/grub.conf.bak yum -y reinstall kernel

And then try the commands listed earlier.

I hope you find it useful both when it was for me.

How to clear deferred messages from Postfix Queue

Today I was watching the log file from Postfix (in CentOS 6.X default is /var/log/maillog) and saw a lot of messages being deferred.

Jan 5 15:02:03 vps3 postfix/smtp[27441]: 3187E2180015: to=<undesired@domain.com>, relay=domain.com[167.114.XXX.XXX]:25, delay=254553, delays=254538/0.2/15/0, dsn=
4.4.2, status=deferred (conversation with domain.com[167.114.XXX.XXX] timed out while receiving the initial server greeting)
Jan 5 15:02:03 vps3 postfix/smtp[27442]: CDED02180014: to=<undesired@domain.com.br>, relay=domain.com[167.114.XXX.XXX]:25, delay=258753, delays=258738/0.13/15/0, dsn
=4.4.2, status=deferred (conversation with domain.com[167.114.XXX.XXX] timed out while receiving the initial server greeting)
Jan 5 15:02:03 vps3 postfix/smtp[27443]: C8EE72180012: to=<undesired@domain.com.br>, relay=domain.com[167.114.XXX.XXX]:25, delay=258753, delays=258738/0.14/15/0, dsn
=4.4.2, status=deferred (conversation with domain.com[167.114.XXX.XXX] timed out while receiving the initial server greeting)
Jan 5 15:02:03 vps3 postfix/smtp[27444]: CDCE32180013: to=<undesired@domain.com.br>, relay=domain.com[167.114.XXX.XXX]:25, delay=258753, delays=258738/0.15/15/0, dsn
=4.4.2, status=deferred (conversation with domain.com[167.114.XXX.XXX] timed out while receiving the initial server greeting)

and these messages did repeat from time to time.

Continue Reading >>

Como corrigir Data/hora no Centos 6.X para seu timezone inclusive nos logs

Hoje eu me deparei com um problema ao utilizar o Fail2ban que me ajuda demais a manter o servidor no ar mesmo sob ataques de brute-force.

Um dos meus filtros não estavam barrando as diversas tentativas de autenticação em um dos meus serviços embora estivesse tudo certo. Resolvi aumentar o tempo de Findtime na configuração comum e ele começou a barrar.

Então era hora de entender porque com um findtime baixo ele não conseguia barrar. Comecei a checar detalhadamente as configurações e percebi que mesmo tendo alterado a hora para meu timezone para o horario oficial de Brasilia, os logs continuavam a exibir o horario em UTC. Desconfiei que pudesse ser isso e resolvi alterar o horário que é colocado nos logs (/var/log/messages).

Bingo!

Após a alteração e confirmar que os logs estavam usando o mesmo horario que o reportado em

date 

mudei o findtime para os valores que desejava e tudo funcionou como esperado.

Segue a receita para alterar o horario.

As informações de Timezone ficam no arquivo /etc/localtime e caso ele não esteja no que você quer basta substitui-lo pelo que deseja e que esteja presente em /usr/share/zoneinfo/. No meu caso, como queria o horario de Brasília, utilizei /usr/share/zoneinfo/America/Sao_Paulo.

# ln -sf /usr/share/zoneinfo/America/Sao_Paulo /etc/localtime

Agora é só testar usando o comando date e verificar a saída que deverá ser algo como:

# date
Wed Dec 9 15:55:58 BRST 2015

Mesmo após essas mudanças, os logs continuarão a terem o horário da forma antiga. Para alterar isso edite o arquivo /etc/sysconfig/clock e adicione as linhas abaixo para refletir também o seu timezone.

ZONE="America/Sao_Paulo"
UTC=false
ARC=false

No meu caso, precisei reiniciar o servidor para que as alterações surtissem efeito mas pode ser que apenas reiniciando o serviço rsyslog já resolva.

# service rsyslog restart

Até a próxima.

Como corrigir erro de LOCALE no Linux Debian/Ubuntu

Hoje precisei olhar os logs de um servidor FTP que roda sob o pure-ftp e percebi que os horários estavam todos em UTC .
Como eu precisava enviar parte dos logs a um terceiro que faz uso dele e não está familiarizado com sistemas, poderia acabar ocorrendo algum mal entendido. Resolvi então que deveria manter os logs de todas as aplicações no fuso horário brasileiro.
De acordo com a documentação do pure-ftp ele utiliza as variáveis de ambiente para determinar qual será o horário incluído nos logs

Continue Reading >>

Servidor de Email –; Part 1 ; Necessary facilities

I have my own mail server using Postfix, Dovecot, MariaDB, SpamAssassin, ClamAV, Amavisd-new, fail2ban, nginx, postfixadmin and RoundCube under CentOS 7.
Although it has several recipes for how to configure this package, It took me many hours to figure out how to keep the service running correctly, each setting in main.cf and master.cf and in order to achieve in reducing the flood of spam that arrives every minute.
And anti-spam is the focus of this publication. I have suffered and still suffer with the constant attempts to use my services as a zombie or shedding of viruses, fraud and everything else you can.

I lost count of how many times my DNS service stopped by excess of connection attempts to entupiam the memory and forced the s.. cutting processes to conserve resources and the named was chosen for being the weakest link.
So, This article has focus in the proper configuration for private mail services, a few users and few domains. Certainly a lot of what is in this short manual serves to world-class services, but I believe that for these cases the use of tools or dedicated and specialized services should always be taken into consideration.



Continue Reading >>

Criando base de dados no PostgreSQL com encoding diferente

Como criar uma base de dados UTF8 em um servidor em LATIN1 ou como criar uma base de dados LATIN1 em um servidor em UTF8?

O PostgreSQL tem dessas coisas. Ele não permite que se crie Bases de Dados com Encoding diferentes em um mesmo template.
Hoje tentei criar uma nova base de dados em UTF8 e me deparei com o seguinte:

bash-4.1$ psql
psql (9.3.5)
Digite "help" para ajuda.

postgres=# CREATE DATABASE teste WITH ENCODING='UTF8';
ERRO:  codificação "UTF8" não corresponde a configuração regional "pt_BR.iso88591"
DETALHE:  A definição de LC_TYPE escolhida requer codificação "LATIN1".
postgres=#

Isso acontece porque o locale do S.O. está em latin1 e quando foi instalado o PostgreSQL ele absorve esta configuração.
Quando tentei instalar em um encoding diferente do padrão definido ele reclamou por não estar de acordo com o template padrão que é o template1.

Continue Reading >>