RSS

  • YouTube
  • LinkedIn
  • Google

Archives for : April2019

Servidor de Email –; Part 4 ; Postfix 3

Part 1 ; Configure main.cf file

This is the third part of the process of creating the mail server on a CentOS 7 and the first part of the Postfix configuration. If you came here by accident, better read one of the publications below first:

Part 1 ; Installation of packages

Part 2 ; Configuring MariaDB

Part 3 ; Dovecot configuration

Postfix is the most important part of our mail server. He will be responsible for talking with other MTAs for you to receive and send e-mail messages and so that it can be reached it is necessary that he be identifiable by the name of the server or your hostname.



Continue Reading >>

Servidor de Email –; Part 3 ; Dovecot

This is the third part of the process of creating the mail server on a CentOS 7. If you came here by accident, You should read first the previous publications

Part 1 ; Installation of packages

Part 2 ; Configuring MariaDB

Dovecot is an MDA (Mail Delivery Agent) means is an agent that transport messages from Postfix to virtual message boxes. In this section we will configure the Dovecot installation to force users to use SSL when they connect, in this way never sending passwords in plain text mode.

I always like to keep the original files of any definition for if I end up getting lost while changing settings. I can say that this step is not needed if you are doing this tutorial entirely, However, If you already have a previous configuration and is just improving it I strongly suggest you make copies of your files.

In our case, the configuration files will be in /etc/dovecot/conf.d/. We can then make copies with the command:

Creating user

Dovecot will store messages (and all your content) in a directory defined in the configuration file and for it can do that must run under a user with the appropriate permissions. The following commands will create this user and group. I will use a common standard for these names that make it easy enough to search for solutions to problems on the internet.

Editing configuration Files

First file we configure authentication is. How do we use a table in MariaDB database to store users and passwords we point out that in two files. The first sets the authentication type and second as the Dovecot will do the authentication validation.

Edit the file /etc/dovecot/CONF.d/10-auth file and uncomment (or add) the lines below:

After, Edit the file /etc/dovecot/CONF.d/auth-sql.conf.ext for you to have the following lines:

ATTENTION: The last few lines that differ slightly from the original commentary about the argument Home.

We must also set up the data connection with the MariaDB through file /etc/dovecot/dovecot-sql.conf.ext. This file is not created at the facility so we create.

NOTE: Use the same data as that used in the step to set up the database in MariaDB

We will make several changes to the main configuration file of the Dovecot which is the 10-master file. The number in front of the file indicates the load order (priority). You can user any editor of your choice. I like Vim because I'm so used to your commands, but nothing prevents to use nano for example.

To improve the security of the server and reduce attacks we will disable access unencrypted. For this we assign the door is sufficient 0 for imap and pop3 services. Only imaps and pop3s are available. You will need to use a SSL key that we will create later ahead.

Change also the following settings:

SSL Certificate

So we can use the cryptographic services necessary both in user authentication to access your account and to ensure that the postfixadmin and roundcube are under secure connections create SSL keys valid. At this point we're going to do the configuration by creating a self-signed key (self-signed) which is created during the installation of the Dovecot. This key cannot be used to validate the secure browser connection. Later we will change this setting to use a SSL key obtained by Certbot (Lets Encrypt) in conjunction with Nginx and DNS settings.

If you are following the steps of this tutorial, you do not need to no change in the file /etc/dovecot/conf.d/10-ssl.conf which should contain the following lines

If the files do not exist or alternatively recreate them (must be done if you have changed the hostname, for example) do the following:

Edit the file /etc/pki/dovecot/dovecot-openssl.cnf and change the entries according to the information that you have.

After you have changed the file, If the files already exist /etc/pki/dovecot/certs/dovecot.pem and /etc/pki/dovecot/private/dovecot.pem, delete them and then run the script mkcert.sh.

The output of the script should be something like this:

Other configuration still in the file/etc/dovecot/conf.d/10-ssl.conf related to encryption is the optional attribute ssl_dh. Add or uncomment the line:

and run the following command to generate the file .PEM:

Running the above command usually take a long time, sometimes even near 1 time. You can also use a command below to generate the same file more quickly.

Log file

By default Dovecot will use the log mechanism syslog the CentOS, that usually sends the information to the file /var/log/messages. As later I will show you how to spread several attempts to attack and one of them includes the use of the script fail2ban, that makes analysis of logs is best define a unique file so we don't have to monitor log file that changes constantly.

To define a unique log file, Let's open the Dovecot log configuration /etc/dovecot/CONF.d/10-logging file and change or add the following lines.

Save the file and restart the service

Make sure the file/var/log/dovecot.log has been created and contains information indicating that the service is operating normally.

Firewall rules

If you are following this tutorial from the start in a default installation, It is possible that the connection ports are closed to the outside world. The commands below aim to release the doors imaps (993), pop3s (995) before you can connect an email client like Outlook or Gmail. Even if they are open, later in another publication, I'm going to show you a list of firewall rules to improve safety.

First make sure that the service firewalld is running. If you are stopped, probably all the doors that have a listener service will be open.

Check the line of the State that can be as Active (running) or as inactive (dead). If you're as inactive, There is no need to continue. If you're as active, We will list which ports are open externally.

In the example above, only dhcpv6-client and ssh are allowed. We then add the required ports to receive and send e-mail externally.

As you can see in the example, Add imaps and pop3s services that are being heard by Dovecot service. Later we will also add the smtp ports and submission that will be heard by the Postfix (master). Note that I won't open the imap and pop3 ports unsafe because I want to force the use of SSL/TLS.

To make sure that the doors are open you can even try doing telnet ports 993 and 995 another system on the same network and verify that the file /var/log/dovecot.log Displays the attempts. If you do not have conditions at the time of taking the test in this way check the output of the command below?

And that's all for now. Then We configure Postfix 3.

Servidor de Email –; Part 2 ; MariaDB

This is the second part of the process of creating the mail server on a CentOS 7. If you came here by accident, You should read first the previous publication on the Installation of packages

Why use MariaDB/MySQL?

First of all I must clarify that I prefer to use PostgreSQL instead of MariaDB/MySQL for many reasons, However, There is one that weighs against the use of PostgreSQL in a unified server with WordPress and E-mail services is the simple fact that WP does not have native support for PostgreSQL. You can have more information on this topic on the official WordPress documentation This link. How am I basing on personal experience to write this document and also for small services, I'm using the most common and most accessible. If the use of PostgreSQL is of your interest, You can consult this document later where I'll show you how to migrate from MariaDB for PostgreSQL.

Configuring MariaDB/MySQL

Assuming that you are following the steps of this manual, You'll be with an installation of MariaDB still not configured. If you already have a functional installation, You can skip to the next step.

Initially I block any and all access to the database of foreign origin. Only from connections created within the server itself is that they may be made for safety. For that we open the file /etc/my.cnf. d/server.cnf and add the following lines right after [mysqld] existing.

If the intention is to allow remote connections to MariaDB, You must run the following commands to enable remote connections.

Restart the service for the changes to take effect

Creating user for Postfix and the required tables

So we can use the Postfix with the MariaDB we have to create a user for access to and from it the required tables to manage virtual domains and accounts.

First let's create the database.

NOTE: If it was not made any change in MariaDB installation you can connect without the use of password for the user ;root’;@’;localhost’;, otherwise, use the option -p to be requested enter the password.

Then we'll create the user and tables. I'm going to use mypostfixdb as the name for the database and mypostfixdbuser for the user name. Change the information according to what you want, mainly mypostfixdbuser_password. This information will be used in the configuration of Postfix files that use tables created.

These tables will store the accounts and virtual domains and will be accessed by Dovecot (According to the proposal of this tutorial).
And that's all.

Now we're ready to configure the Dovecot.

Datatables + HTML 5 Export Buttons + Laravel-Mix (Webpack)

In the last days, I have experienced a problem trying to use Datatables and Bootstrap 4 with support for exporting results to Excel and PDF using Laravel-Mix. After hours and hours trying to put all scripts to work together, I finally win. So, I decide to write this little how to for those with same kind of troubles.



Continue Reading >>