Config postfixamdin on Debian 7.7 (postfix+mysql+dovecot)

Read on:
1. debian-wheezy-mail-server-postfix-dovecot-sasl-mysql-postfixadmin-roundcube-spamassassin-clamav-greylist-nginx-php5
2. http://rimuhosting.com/knowledgebase/linux/mail/postfixadmin


1. fix multi domain can't send mail
Error:
: unknown user: “maxime”

fix mydestination = localhost

2. create Local DNS for test mail

setup-dns-server-debian-7-wheezy

     2.1 cat /etc/bind/named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone    "nanyang.com"   {
        type master;
        file    "/etc/bind/nanyang.com";
 };
zone    "sirivatana.com"   {
        type master;
        file    "/etc/bind/sirivatana.com";
 };

zone   "122.168.192.in-addr.arpa"        {
       type master;
       file    "/etc/bind/db.192.168.122";
 };

zone   "122.168.192.si.in-addr.arpa"        {
       type master;
       file    "/etc/bind/db.192.168.122.si";
 };

------------------------------------------------------------------------

     2.2 cat /etc/bind/nanyang.com
;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     pop3s.nanyang.com. root.nanyang.com. (
                         121220143      ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

        IN      A       192.168.122.10
;
@       IN      NS      pop3s.nanyang.com.
@       IN      MX      10      pop3s.nanyang.com.
@       IN      A       192.168.122.10
@       IN      AAAA    ::1
pop3s   IN      A       192.168.122.10
mail    IN      A       192.168.122.10
dns     IN      A       192.168.122.10
www     IN      A       192.168.122.10

--------------------------------------------------------------------------

     2.3 cat /etc/bind/db.192.168.122

;

; BIND reverse data file for local loopback interface

;

$TTL    604800

@       IN      SOA     pop3s.nanyang.com. root.pop3s.nanyang.com. (

                         121220142      ; Serial

                         604800         ; Refresh

                          86400         ; Retry

                        2419200         ; Expire

                         604800 )       ; Negative Cache TTL

;

@       IN      NS      pop3s.

@       IN      A       192.168.122.10

10      IN      PTR     pop3s.nanyang.com.

3. setup Superuser postfixadmin

3.1#cp config.inc.php.bak config.inc.php
--------------------------Edit file----------------------
$CONF['configured'] = true; $CONF['postfix_admin_url'] = 'https://192.168.122.10/postfixadmin';
$CONF['database_type'] = 'mysqli'; $CONF['database_host'] = 'localhost'; $CONF['database_user'] = 'postfix_admin'; $CONF['database_password'] = ''; $CONF['database_name'] = 'postfix'; $CONF['domain_path'] = 'YES'; $CONF['domain_in_mailbox'] = 'NO'; $CONF['fetchmail'] = 'NO';
------------------------------------------------

3.2 run setup.php from browser: https://192.168.122.10/postfixadmin/setup.php

Step 1 Click Generate password hash

Step 2 add Gen passwd to config.inc.php

add $CONF['setup_password'] = '13a402059836b65b6531a7a16d66dfbb:223b34da76ccf8daeb193737e2266be3dc2e7e6b'; to file config.inc.php and save and then create Supper user postfixadmin

Step 3 add Super user postfixadmin done!

* ในการสร้าง user จะมีพาสเวิร์ด 2 ส่วนคือ
1. ส่วน Setup password ต้องจำให้ได้ว่า ตอนแรกใส่พาวเวิร์ดอะไรไว้ เพราะมันเข้ารหัสไว้ เช่น '13a402059836b65b6531a7a16d66dfbb:223b34da76ccf8daeb193737e2266be3dc2e7e6b';
2. Password Admin: พาสเวิร์ดที่ตั้งไว้ให้กับ Super Admin

4. Dovecot

You really want to change in /etc/dovecot/conf.d/10-mail.conf:

mail_location = maildir:/home/vmail/%d/%n:INDEX=/home/vmail/%d/%n/indexes
to
mail_location = maildir:/home/vmail/%Ld/%Ln:INDEX=/home/vmail/%Ld/%Ln/indexes

otherwise if someone will send you email with mixed case such as AbCdE@ExAmPle.com then dovecot will create a NEW directories for the same user.

5. vacation
postfixadmin-setup-with-correct-vacation-settings-on-freebsd

Error: Command output: Can't locate
    MIME/EncWords.pm
#apt-get install libmime-encwords-perl

Command output: Can't locate
    Email/Valid.pm
#apt-get install libemail-valid-perl

Command output: Can't locate
    Mail/Sender.pm
Run command....
# perl -MCPAN -e shell
Y to all

  cpan> install Mail::Sender
  cpan> quit

#apt-get install libmail-sendmail-perl libdbd-pg-perl libemail-valid-perl libmime-tools-perl liblog-log4perl-perl liblog-dispatch-perl libgetopt-argvfile-perl libmime-charset-perl libmime-encwords-perl

ส่งไฟล์ขนาดใหญ่ ด้วยคำสั่ง nc (netcat)

http://imrgill.com/2013/01/09/transfer-file-with-nc-netcat.html

script add new user on centos

---------------------------adduser.sh----------------------------------------------------
#!/bin/bash
# Script to add a user to Linux system

if [ $(id -u) -eq 0 ]; then
        read -p "Enter realname : " realname
#       read -p "Enter company : " company
        read -p "Enter username : " username
        read -s -p "Enter password : " password
        egrep "^$username" /etc/passwd >/dev/null
        if [ $? -eq 0 ]; then
                echo "$username exists!"
                exit 1
        else
                sender=email@mydomain.com
                pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
                useradd -p $pass $username -c "$realname" -m -g group -s /sbin/nologin
                [ $? -eq 0 ] && echo "User has been added to system!" && echo | mail -s "Welcome new email, Do not reply mail" < user.txt mooy@mydomain.com -c image@mydomain.com -- -f $sender  || echo "Failed to add a user!"
        fi
else
        echo "Only root may add a user to the system"
        exit 2
fi

-------------------------------------------------------------------------------

----------------------------------user.txt------------------------------------
Hi
You email address: mooy@mydomain.com
password: m12345


By.
Auto Generate mail.

-----------------------------------------------------------------------------

How to generate user & password on ubuntu

Install package makepasswd
apt-get install makepasswd

makepasswd -count 100 --chars 6 --string=คำที่ต้องการนำไป Gen ใช้คำ ข้อความ ตัวอักษรเล้กใหญ่ หรือตัวเลข > passwor.txt

nstmp folder

nstmp คือ temp file ที่เกิดขึ้นเมือเรา compact mail thunderbird มันจะสร้างขึ้นอัตโนมัติใน Folder เมลนั้นในรูปแบบ nstmp1, nstmp2

แล้วมันมีประโยชน์อย่างไร?

     ขณะที่เรา compact mail อยู่ เกิดเครื่องดับ โปรแกรมปิดอัตโนมัติ คิดดูแล้วกันว่าจะเกิดอะไรขึ้นกับเมลที่เรากำลัง compact อยู่ เมื่อเปิดเมลขึ้นมาใหม่ เปิดโปรแกรมมองเห็นข้อมูลได้นับว่าโชคดี แล้วถ้าเปิดเมลไม่ได้ละ?

    นี่คือประโยชน์ของไฟล์ nstmp ให้เข้าไปยัง Folder ที่เรา compact ไปเมื่อก่อนหน้านี้ แล้วมองหาไฟล์ nstmp1, nstmp2, ... ทำการลบไฟล์เหล่านี้ออก ปิดเปิดเมลใหม่อีกครั้ง จะกลับไปยังสถานการณ์แรกที่จะทำการ compact.

    การ compact ทำงานอย่างไร?

    ในโปรแกรม Thunderbird การลบไฟล์ต่าง ๆ นั้นไม่ได้หมายความว่า "ลบ" ใน Thunderbird มันคือการซ่อนไฟล์ ฉะนั้น จึงเห็นว่าการลบเมลอยู่เป็นประจำ ทำไมเนื้อที่เมลยังคงเพิ่มขี้นอยู่เรื่อย ๆ ได้ยิน user พูดอยู่เสมอว่า "ทำการลบเมลอยู่ตลอดนะ ทำไมเมลยังเต็ม"

    ฉะนั้น การ compact mail ใน Thunderbird คือการลบเมลออกไปนั้นเอง ใน Thunderbird version 5 ขึ้นไปมี Feature auto compact mail ซึ่งเราสามารถกำหนดได้ว่าให้มัน compact ทุก ๆ Mb. 

ตัวอย่าง

mail gateway authen mail with postfix admin (rimap)

Step configure mail postfix authen on postfix admin

1. vim /etc/default/saslauthd
PARAMS="-r"
MECHANISMS="rimap -O 192.168.x.x"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

2. vim /etc/postfix/sasl/smtpd.conf
pwcheck_method: auxprop saslauthd
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM

auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 192.168.x.x
sql_user: xxx
sql_passwd: xxx
sql_database: database mail
sql_select: SELECT password FROM LoginUsers WHERE LoginUser = '%u@%r'

3. Restart service postfix restart, service saslauthd restart

4. Check log mail more detail

vim /etc/postfix/master.cf

smtp      inet  n       -       -       -       -       smtpd -v

Ref:

lukasz

Format hard disk to ext3

hades@nbhqf6it081104:~$ sudo fdisk -l
[sudo] password for hades:

Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders, total 976773168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x82398239

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1            2048   204797951   102397952   83  Linux
/dev/sda2       204797952   208795647     1998848   82  Linux swap / Solaris
/dev/sda3   *   208795648   286920703    39062528   83  Linux
/dev/sda4       286920704   976771071   344925184   83  Linux

Disk /dev/sdb: 1500.3 GB, 1500301910016 bytes
255 heads, 63 sectors/track, 182401 cylinders, total 2930277168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x97be5b6a

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1              63  2930277167  1465138552+  83  Linux
hades@nbhqf6it081104:~$ sudo mkfs -t ext3 /dev/sdb1

#umount /dev/sdb1

X-GNOME-Autostart-Delay cairo-dock

/.config/autostart$ vim cairo-dock.desktop

[Desktop Entry]
Type=Application
Exec=cairo-dock &
Hidden=false
NoDisplay=false
#X-GNOME-Autostart-enabled=true
X-GNOME-Autostart-Delay=150
Name[en_US]=Cairo Dock
Name=Cairo Dock
Comment[en_US]=Cairo Dock
Comment=Cairo Dock

/.config/autostart$ vim dropbox.desktop

[Desktop Entry]
Name=Dropbox
GenericName=File Synchronizer
Comment=Sync your files across computers and to the web
Exec=dropbox start -i
Terminal=false
Type=Application
X-GNOME-Autostart-Delay=180
Icon=dropbox
Categories=Network;FileTransfer;
StartupNotify=false

webmin + ssl + https

To use webmin with https:// on debian

Install pack 'libnet-ssleay-perl'

aptitude install perl libnet-ssleay-perl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl


Ref: install-webmin-on-debianubuntu

ERROR 1064 (42000) at line 19: mailwatch

'-------------Old---------------------'
CREATE TABLE audit_log (
  timestamp timestamp(14) NOT NULL,
  user varchar(20) NOT NULL default '',
  ip_address varchar(15) NOT NULL default '',
  action text NOT NULL
) TYPE=MyISAM;


'---------------Edit----------------------'

CREATE TABLE audit_log (
  timestamp timestamp NOT NULL,
  user varchar(20) NOT NULL default '',
  ip_address varchar(15) NOT NULL default '',
  action text NOT NULL
) ;

Delete (14) and TYPE=MyISAM;

ทุกฟิวด์ในดาต้าเบส

การแก้เลขเศษส่วน 1/2, 3/4 ใน LibreOffice

มักเจอปัญหาเรื่องการพิมพ์เลข 1/2, 3/4 ใน LibreOffice แล้วแสดงออกมาเป็นเลขเศษส่วน วิธีแก้ไขปัญหาดังกล่าวคือ การปิด AutoCorrect  ดังนี้

dum mysql table

mysql -u username -p db_name < /path/to/table_name.sql

mysql -u root -p --default_character_set utf8 Database < directory.sql

Database


Collation ของ UTF-8 การสร้างตารางหรือแม้แต่ฟิวส์ให้ใช้เป็น utf8_unicode_ci




- ถ้ามีการติดต่อฐานข้อมูล ให้เพิ่มในส่วนของ mysql_db_query($dbname,"SET NAMES UTF8");
- หรือ mysql_query("SET NAMES UTF8");

Dum database

Ref:
http://www.thaicreate.com/community/php-mysql-thai.html

http://forum.dekitclub.com/index.php?topic=863.0

http://stackoverflow.com/questions/6682916/how-to-take-a-backup-of-a-single-table-in-the-mysql-database

รวมสูตรใน Excel

1. ถ้าไม่มีการคีย์ข้อมูล แล้วผลลัพยังไม่แสดง ตัวอย่าง

สูตร: =IF(B3="","DD/MM/YYYY",B3+D3)

ถ้าไม่มีการคีย์ข้อมูลในช่อง Start Date ให้แสดง MM/DD/YYYY แต่คีย์ข้อมูลให้คำนวนเซล B3+D3 ออกมา

Can't import mysql database on ubuntu Err. phpmyadmin "open_basedir" access to the /tmp directory "ubuntu"

Fix it
1. sudo vim /etc/phpmyadmin/apache.conf
บรรทัด
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/

ให้เพิ่ม /tmp/ ต่อท้าย ดังนี้
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/tmp/

2. sudo chmod -R 777 /tmp/

3. sudo service apach2 restart

Ref.

stackoverflow.com

วิธีตั้งค่าคีย์ลัดเปลี่ยนภาษาเป็น Alt+Shift สำหรับ gnome desktop

ให้เปิดโปรแกรม dconf แล้วไปที่ org > gnome > desktop > wm > keybinding มองหาหัวข้อ switch-input-source กับ switch-input-source-backward นะเจ้าฮะ โดยให้ตั้งค่าดังนี้เจ้าฮะ

switch-input-source ['Shift_L']
switch-input-source-backward ['Shift_L']



คัดลอกมาจากเว็บไซต์
http://forum.ubuntuclub.com/index.php?topic=510.0

Duplicate mail on postfix

แก้ปัญหาเรื่องเมลเบิ้ลใน postfix สร้างไฟล์ดังกล่าวขึ้นมา แล้วปรับไฟล์ /etc/postfix/main.cf ดังนี้
-------------------------------------------------
mailbox_command = /usr/bin/procmail -a "$EXTENTION"
-------------------------------------------------

Create file procmailc

vim /etc/procmailrc

------------------------
LOCKFILE=$HOME/.lock
VERBOSE=no
LOGFILE="/var/log/procmail.log"

:0 Wh: msgid.lock
| formail -D 8192 msgid.cache

------------------------


For iRedmail
For Duplicate mail for forwards (dovecot+postfix+postfixadmin

Edit main.cf, "receive_override_options = no_address_mappings"

ตัวอย่าง smtp command

Reference:

COMMAND:
telnet mail.reddit.com 25

COMMAND:
helo hi
RESPONSE:
250 mail.reddit.com

COMMAND:
mail from: youremail@gmail.com
RESPONSE:
250 2.1.0 Ok

COMMAND:
rcpt to: mailbox.does.not.exist@reddit.com
RESPONSE:
550 5.1.1 : Recipient address rejected: User unknown in local recipient table

COMMAND:
quit
RESPONSE:
221 2.0.0 Bye

dovecot with ssl (995)

Reference:

Howto: Linux Dovecot Secure IMAPS / POP3S SSL Server configuration

by Nix Craft on July 16, 2007 · 1 comment· LAST UPDATED July 16, 2007

in CentOS, Debian / Ubuntu, EMail Servers

Q. How do I configure Dovecot IMAPS and POP3s server using SSL certificate? Can I use SSL certificates generated for Postfix mail server?
A. Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats.
You need to enable POP3s and IMAPS. Open default configuration file:
# vi /etc/dovecot.conf
Make sure POP3S and IMAPS are enabled:
protocols = imaps pop3s
Next you must set PEM encoded X.509 SSL/TLS certificate and private key. They're opened before dropping root privileges, so keep the key file unreadable by anyone but root (see how create certificate CSR and configure certificates for Postfix):
ssl_cert_file = /etc/postfix/ssl/smtp.theos.in.crt
ssl_key_file = /etc/postfix/ssl/smtp.theos.in.key
If key file is password protected, give the password using ssl_key_password directive:
ssl_key_password = myPassword
Save and close the file. Restart Dovecot server:
# /etc/init.d/dovecot restart

MailScanner: Bad Filename Detected

To fix error Subject: Bad Filename Detected



Edit file archives.filetype.rules.conf
------------------------2 deny------------

#deny    executable      No executables          No programs allowed

#deny    ELF             No executables          No programs allowed

--------------------------End----------

Install pflogsumm on postfix

To viewlog mail on postfix

#aptitude install pflogsumm

script on crontab -e

0 0 * * *       perl /usr/sbin/pflogsumm -e -d today /var/log/mail.log | mail -s 'Logwatch for Postfix on My Mail Server' email@domain.ltd
#0 0 * * *      perl /usr/sbin/pflogsumm -u 50 -h 50 --problems_first -d today /var/log/mail.log | mail -s "pflogsumm report `date` on My Mail Server" email@domain.ltd


Reference:
www.howtoforge.com
calomel.org

chmod command

chmod u+x file.txt

1. Grant read and write permission to owner and read permission to group and other using an absolute mode.

   chmod 644 myfile
   

2. Deny write permission to group and other.

   chmod go-w myfile
   

3. Clear all permissions that are currently set and grant read and write permissions to owner, group, and other.

   chmod =rw myfile
   

4. Grant search permission on a directory to owner, group, and other if search permission is set for one them.

   chmod +X mydir
   

5. Grant read, write, and execute permission to owner and read and execute permission to group and other using an absolute mode.

   chmod 755 myfile
   

6. Clear all permissions for group and other.

   chmod go= myfile
   

7. Set the group permissions equal to the owner permission, but deny write permission to the group.

   chmod g=u-w myfile
   

8. Set the set-user-id on execute bit and grant read, write, and execute permission to the owner and execute permission for other using an absolute mode.

   chmod 4701 myfile
   

20 Linux Log Files that are Located under /var/log Directory

Reference: copy from website: thegeekstuff.com

----------------------------------------------------------------------------------------------------------------------------------

The following are the 20 different log files that are located under /var/log/ directory. Some of these log files are distribution specific. For example, you’ll see dpkg.log on Debian based systems (for example, on Ubuntu).

1. /var/log/messages – Contains global system messages, including the messages that are logged during system startup. There are several things that are logged in /var/log/messages including mail, cron, daemon, kern, auth, etc.
2. /var/log/dmesg – Contains kernel ring buffer information. When the system boots up, it prints number of messages on the screen that displays information about the hardware devices that the kernel detects during boot process. These messages are available in kernel ring buffer and whenever the new message comes the old message gets overwritten. You can also view the content of this file using the dmesg command.
3. /var/log/auth.log – Contains system authorization information, including user logins and authentication machinsm that were used.
4. /var/log/boot.log – Contains information that are logged when the system boots
5. /var/log/daemon.log – Contains information logged by the various background daemons that runs on the system
6. /var/log/dpkg.log – Contains information that are logged when a package is installed or removed using dpkg command
7. /var/log/kern.log – Contains information logged by the kernel. Helpful for you to troubleshoot a custom-built kernel.
8. /var/log/lastlog – Displays the recent login information for all the users. This is not an ascii file. You should use lastlog command to view the content of this file.
9. /var/log/maillog /var/log/mail.log – Contains the log information from the mail server that is running on the system. For example, sendmail logs information about all the sent items to this file
10. /var/log/user.log – Contains information about all user level logs
11. /var/log/Xorg.x.log – Log messages from the X
12. /var/log/alternatives.log – Information by the update-alternatives are logged into this log file. On Ubuntu, update-alternatives maintains symbolic links determining default commands.
13. /var/log/btmp – This file contains information about failed login attemps. Use the last command to view the btmp file. For example, “last -f /var/log/btmp | more”
14. /var/log/cups – All printer and printing related log messages
15. /var/log/anaconda.log – When you install Linux, all installation related messages are stored in this log file
16. /var/log/yum.log – Contains information that are logged when a package is installed using yum
17. /var/log/cron – Whenever cron daemon (or anacron) starts a cron job, it logs the information about the cron job in this file
18. /var/log/secure – Contains information related to authentication and authorization privileges. For example, sshd logs all the messages here, including unsuccessful login.
19. /var/log/wtmp or /var/log/utmp – Contains login records. Using wtmp you can find out who is logged into the system. who command uses this file to display the information.
20. /var/log/faillog – Contains user failed login attemps. Use faillog command to display the content of this file.

Apart from the above log files, /var/log directory may also contain the following sub-directories depending on the application that is running on your system.

• /var/log/httpd/ (or) /var/log/apache2 – Contains the apache web server access_log and error_log
• /var/log/lighttpd/ – Contains light HTTPD access_log and error_log
• /var/log/conman/ – Log files for ConMan client. conman connects remote consoles that are managed by conmand daemon.
• /var/log/mail/ – This subdirectory contains additional logs from your mail server. For example, sendmail stores the collected mail statistics in /var/log/mail/statistics file
• /var/log/prelink/ – prelink program modifies shared libraries and linked binaries to speed up the startup process. /var/log/prelink/prelink.log contains the information about the .so file that was modified by the prelink.
• /var/log/audit/ – Contains logs information stored by the Linux audit daemon (auditd).
• /var/log/setroubleshoot/ – SELinux uses setroubleshootd (SE Trouble Shoot Daemon) to notify about issues in the security context of files, and logs those information in this log file.
• /var/log/samba/ – Contains log information stored by samba, which is used to connect Windows to Linux.
• /var/log/sa/ – Contains the daily sar files that are collected by the sysstat package.
• /var/log/sssd/ – Use by system security services daemon that manage access to remote directories and authentication mechanisms.

Instead of manually trying to archive the log files, by cleaning it up after x number of days, or by deleting the logs after it reaches certain size, you can do this automatically using logrotate as we discussed earlier.

To view the log files use any one of the following methods. But, please don’t do ‘cat | more’.

Error: /usr/lib/php5/20090626/idn.so

full error: PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20090626/idn.so' - /usr/lib/php5/20090626/idn.so: cannot open shared object file: No such file or directory in Unknown on line 0


fix: sudo bzip2 /etc/php5/conf.d/idn.ini

Reference: ubuntuforums.org

Check log mail

how to check logmail

1. grep “tom@anydomain.tld” /var/log/mail.log
2. tail -f /var/log/mail.log |grep "@gmail.com"
3. tail -n 100 /var/log/mail.log

how to migrate user account linux

copy from  website howto-move-migrate-user-accounts-old-to-new-server

Q. How do I Move or migrate user accounts to from old Linux server a new Cent OS Linux server including mails? This new system a fresh installation.

A. You can migrate users from old Linux server to new Linux sever with standard commands such as tar, awk, scp and others. This is also useful if you are using old Linux distribution such as Redhat 9 or Debian 2.x.

Following files/dirs are required for traditional Linux user management:
* /etc/passwd - contains various pieces of information for each user account

* /etc/shadow - contains the encrypted password information for user's accounts and optional the password aging information.

* /etc/group - defines the groups to which users belong

* /etc/gshadow - group shadow file (contains the encrypted password for group)

* /var/spool/mail - Generally user emails are stored here.

* /home - All Users data is stored here.

You need to backup all of the above files and directories from old server to new Linux server.

Commands to type on old Linux system

First create a tar ball of old uses (old Linux system). Create a directory:
# mkdir /root/move/
Setup UID filter limit:
# export UGIDLIMIT=500
Now copy /etc/passwd accounts to /root/move/passwd.mig using awk to filter out system account (i.e. only copy user accounts)
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > /root/move/passwd.mig
Copy /etc/group file:
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/group > /root/move/group.mig
Copy /etc/shadow file:
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534) {print $1}' /etc/passwd | tee - |egrep -f - /etc/shadow > /root/move/shadow.mig
Copy /etc/gshadow (rarely used):
# cp /etc/gshadow /root/move/gshadow.mig
Make a backup of /home and /var/spool/mail dirs:
# tar -zcvpf /root/move/home.tar.gz /home
# tar -zcvpf /root/move/mail.tar.gz /var/spool/mail

Where,

• Users that are added to the Linux system always start with UID and GID values of as specified by Linux distribution or set by admin. Limits according to different Linux distro:
• RHEL/CentOS/Fedora Core : Default is 500 and upper limit is 65534 (/etc/libuser.conf).
• Debian and Ubuntu Linux : Default is 1000 and upper limit is 29999 (/etc/adduser.conf).
• You should never ever create any new system user accounts on the newly installed Cent OS Linux. So above awk command filter out UID according to Linux distro.
• export UGIDLIMIT=500 - setup UID start limit for normal user account. Set this value as per your Linux distro.
• awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > /root/move/passwd.mig - You need to pass UGIDLIMIT variable to awk using -v option (it assigns value of shell variable UGIDLIMIT to awk program variable LIMIT). Option -F: sets the field separator to : . Finally awk read each line from /etc/passwd, filter out system accounts and generates new file /root/move/passwd.mig. Same logic is applies to rest of awk command.
• tar -zcvpf /root/move/home.tar.gz /home - Make a backup of users /home dir
• tar -zcvpf /root/move/mail.tar.gz /var/spool/mail - Make a backup of users mail dir

Use scp or usb pen or tape to copy /root/move to a new Linux system.
# scp -r /root/move/* user@new.linuxserver.com:/path/to/location

Commands to type on new Linux system

First, make a backup of current users and passwords:
# mkdir /root/newsusers.bak
# cp /etc/passwd /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak
Now restore passwd and other files in /etc/
# cd /path/to/location
# cat passwd.mig >> /etc/passwd
# cat group.mig >> /etc/group
# cat shadow.mig >> /etc/shadow
# /bin/cp gshadow.mig /etc/gshadow

Please note that you must use >> (append) and not > (create) shell redirection.

Now copy and extract home.tar.gz to new server /home
# cd /
# tar -zxvf /path/to/location/home.tar.gz

Now copy and extract mail.tar.gz (Mails) to new server /var/spool/mail
# cd /
# tar -zxvf /path/to/location/mail.tar.gz

Now reboot system; when the Linux comes back, your user accounts will work as they did before on old system:
# reboot

Please note that if you are new to Linux perform above commands in a sandbox environment. Above technique can be used to UNIX to UNIX OR UNIX to Linux account migration. You need to make couple of changes but overall the concept remains the same.

Further readings

• Read man pages of awk, passwd(5), shadow(5), group(5), tar command

Updated for accuracy.

Root Alert

Script alert root login on shell.

1. edit file .bashrc
#vim /root/.bashrc
--------------------------------------Start-----------------------------------------------
Type: 1
echo 'ALERT - Root Shell Access (mail.mydomain.co.th) on:' `date` `who` | mail -s "Alert: Root Access to MAIL server mycompany from `who | cut -d"(" -f2 | cut -d")" -f1`" email@domain.co.th

Type: 2

sh /root/checklogin/.shell-login.sh | mail -s "Alert Root Access to Server from: `who | cut -d"(" -f2 | cut -d")" -f1`" email@domain.co.th

Type:3 [send pass SMPT, By sender]
sh /root/checklogin/.shell-login.sh | mail -S smtp:192.168.0.xx:25 -s "Alert Root Access to Server from: `who | cut -d"(" -f2 | cut -d")" -f1`" -r sender@domain.co.th -v receive@domain.co.th

---------------------------------------End-----------------------------------------------

2. create file on /root/.shell-login.sh
-----------------------------/root/.shell-login.sh-------------------------------------------
#!/bin/bash

echo "Login on: $(hostname) (at) $(date)"
echo "Change user to: "$(whoami)
echo
w -i

------------------------------End------------------------------------------------------

add change passwd plugin roundcubemail

#aptitude install sudo
#change /etc/sudoes

www-data ALL=NOPASSWD: /usr/sbin/chpasswd



Reading

ERROR: Wrong 'suhosin.session.encrypt' option value and it wasn't possible to set it to required value ()

how to troubleshooting config roundcubemail v.0.9


Edit file php.ini and add this line bottom file

#vim /etc/php5/apache2/php.ini

For Err: date.timezone:  NOT OK(not set)
----------------------Edit-----------------------------
date.timezone = "Asia/Bangkok"


---------------Adding Bottom line--------
suhosin.session.encrypt = 0


For Err: Intl:  NOT AVAILABLE (See http://www.php.net/manual/en/book.intl.php)

Just install intl package
#aptitude install php5-intl
#/etc/init.d/apache2 restart

unknown option '$TTL' and unexpected token near end of file

วิธีแก้ไข Err. bind(DNS) ใน Debain
- unknown option '$TTL'
- unexpected token near end of file

คำสั่งตรวจสอบค่าคอนฟิก ที่ Zone file ที่มีปัญหา
1. named-checkconf db.domain.co.th
-----------------------------------
#db.domain.co.th:1: unknown option '$TTL'
#db.domain.co.th:47: unexpected token near end of file
//---------------------------------------

2. named-checkzone domain.co.th /var/named/db.domain.co.th
--------------------------------------
zone domain.co.th/IN: NS 'hostxxx.domain.co.th' has no address records (A or AAAA)
zone domain.co.th/IN: not loaded due to errors.
//--------------------------------------

How to fix BIND does not permit underscores "_" unless you specificy the whole domain name

# named-checkzone abc.com. /var/named/abc.com.hosts 

/var/named/abc.com.hosts:60: express_www1.abc.com: bad owner name (check-names)

/var/named/abc.com.hosts:61: express_www2.abc.com: bad owner name (check-names)

zone abc.com/IN: loaded serial 2020122401

OK

Add this to the option []

------

vim /etc/named.conf

options {

        listen-on port 53 { any; };

        listen-on-v6 port 53 { any; };

.

.

         check-names master ignore;

         check-names slave ignore;

         check-names response ignore;

};

# systemctl restart named

# systemctl status named

# named-checkzone abc.com. /var/named/abc.com.hosts   -> recheck if show bad owner name (check-names) but it is OK!

ref:

https://help.directadmin.com/item.php?id=669

คำสั่งปฏิบัติการ
1. rndc flush
2. rndc reload
3. เข้าไปแก้ไข Serail Number ที่ Zone File นั้นก่อน restart service DNS
4. /etc/init.d/bind9 reload  (Restart service DNS)


ตัวอย่าง การแก้ไข

root@sip40:/etc/bind# rndc flush
root@sip40:/etc/bind# rndc reload
server reload successful
root@sip40:/etc/bind# named-checkzone domain.co.th db.domain.co.th
zone domain.co.th/IN: NS 'hqbackup01.domain.co.th' has no address records (A or AAAA)   ** แสดงโดเมนที่ไม่สามารถโหลดได้ เราต้องเข้าไปแก้ไขตรวจสอบดูว่า ยังใช้งานอยู่ไหม
zone domain.co.th/IN: not loaded due to errors.

root@sip40:/etc/bind# vim db.domain.co.th ** เข้าไปแก้ไข และปรับค่า Serial ใหม่
root@sip40:/etc/bind# /etc/init.d/bind9 reload
Reloading domain name service...: bind9.
root@sip40:/etc/bind# named-checkzone domain.co.th db.domain.co.th
zone domain.co.th/IN: loaded serial 2014032701
OK
//--------------------------------------------------------------

แล้วกลับไปตรวจสอบอีกครั้ง

1. named-checkconf db.domain.co.th
-----------------------------------
#db.domain.co.th:1: unknown option '$TTL'
#db.domain.co.th:47: unexpected token near end of file
//---------------------------------------
**** ยังเจอ err. อยู่เหมือนเดิม แต่เมื่อลองไป nslookup จากเครื่องอื่น กลับสามารถ solve domain ได้ ถือว่า ok

2. named-checkzone domain.co.th db.domain.co.th
-----------------------------------
zone domain.co.th/IN: loaded serial 2014032701
OK
 //--------------------------------
*** ใช้งานได้แล้ว

Reference:

rndc flush & rndc reload
Command Check DNS

Upgrade debian 6.x to 7.x

Reading .... how to upgrade debian 6.x to 7.x

Script Convert Ms outlook.psd to Thunderbird

to convert read link below

Convert

http://www.howtoforge.com/convert_outlook_pst_files_to_thunderbird_and_evolution_on_linux

zimbra whitelist

Add zimbra whitelist

Reference: wiki.zimbra.com


PLEASE NOTE:
WHITELISTING SPECIFIC IP ADDRESS & HOSTNAME CAN INCREASE SPAM EMAILS IN CASE OF THE CLIENT MACHINE (IP) THAT YOU WHITELIST IS INFECTED BY VIRUS, ALSO IF THE WHITELISTED IP/HOSTNAME IS ALREADY BLACKLISTED, THEN BLACKLIST RULES WILL BE CONSIDERED FIRST.

Workaround1: whitelist specific user/complete domain
Edit the Spamassassin config file "/opt/zimbra/conf/salocal.cf.in" add below lines to the end of the file to whitelist a complete domain or specific user.

whitelist_from *@domain.com 
whitelist_from user@domain.com 

After the above changes restart zmmtactl and zmamaviasdctl services and test the issue.

zmmtactl restart && zmamavisdctl restart

Workaround2: Whitelist IP Addresses/Hostnames while using RBL restrictions
Example:

[zimbra@zcs ~]$ vi /opt/zimbra/conf/postfix_rbl_override
[zimbra@zcs ~]$ cat /opt/zimbra/conf/postfix_rbl_override -> add IP/hostnames you want to   whitelist in this file.
10.137.27.80 OK
10.137.27.88 OK
zcs711.us.zimbralab.com OK
zcs714.us.zimbralab.com OK
[zimbra@zcs ~]$ postmap /opt/zimbra/conf/postfix_rbl_override
[zimbra@zcs ~]$ vi /opt/zimbra/conf/postfix_recipient_restrictions.cf
[zimbra@zcs ~]$ cat /opt/zimbra/conf/postfix_recipient_restrictions.cf
%%contains VAR:zimbraServiceEnabled cbpolicyd, check_policy_service inet:127.0.0.1:10031%%
reject_non_fqdn_recipient
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
check_client_access hash:/opt/zimbra/conf/postfix_rbl_override
reject_unlisted_recipient
%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
%%contains VAR:zimbraMtaRestriction reject_unknown_client%%
%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%
%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
%%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
%%contains VAR:zimbraMtaRestriction check_policy_service unixrivate/policy%%
permit
[zimbra@zcs ~]$ zmmtactl restart
Rewriting configuration files...done.
postfix/postfix-script: refreshing the Postfix mail system
Stopping saslauthd...done.
Starting saslauthd...done.
[zimbra@zcs ~]$

Workaround3: Whitelist Hostname/IP addresses without restarting any services

[[root@v01 ~]# mkdir /etc/zimbra_custom --> create a directory inside /etc
[root@v01 ~]# chown zimbra:zimbra /etc/zimbra_custom --> change user and group ownership to  zimbra
[root@v01 ~]# ls -ld /etc/zimbra_custom/
drwxr-xr-x 2 zimbra zimbra 4096 Jan 26 18:23 /etc/zimbra_custom/
[root@v01 ~]# su - zimbra --> switch to zimbra 
[zimbra@v01 ~]$ touch /etc/zimbra_custom/test_whitelist --> create a file
[zimbra@v01 ~]$ nano /etc/zimbra_custom/test_whitelist --> ad list of domains or specific user  that you want to whitelist
[zimbra@v01 ~]$ cat /etc/zimbra_custom/test_whitelist
v01.vinay.com OK
10.112.233.180 OK
[zimbra@v01 ~]$ /opt/zimbra/postfix/sbin/postmap /etc/zimbra_custom/test_whitelist --> create a  hash file using zimbra postmap
[zimbra@v01 ~]$ ls -l /etc/zimbra_custom/
total 12
-rw-r----- 1 zimbra zimbra 18 Jan 26 18:24 test_whitelist
-rw-r----- 1 zimbra zimbra 12288 Jan 26 18:24 test_whitelist.db --> .db file will be created
[zimbra@v01 ~]$
[zimbra@v01 ~]$ postconf |grep smtpd_recipient_restrictions --> check the current recipient  restrictions
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated,   permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient,   reject_invalid_helo_hostname, reject_non_fqdn_sender, permit
[zimbra@v01 ~]$ postconf -e smtpd_recipient_restrictions="reject_non_fqdn_recipient,  permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination,  reject_unlisted_recipient, check_sender_access hash:/etc/zimbra_custom/test_whitelist,  reject_invalid_helo_hostname, reject_non_fqdn_sender, permit" --> add the hash file to current  recipient restrictions
[zimbra@v01 ~]$ postconf |grep smtpd_recipient_restrictionssmtpd_recipient_restrictions =  reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks,  reject_unauth_destination, reject_unlisted_recipient, check_sender_access  hash:/etc/zimbra_custom/test_whitelist, reject_invalid_helo_hostname, reject_non_fqdn_sender,  permit
[zimbra@v01 ~]$

Note: All 3 workarounds will not survive upgrades, will have to take backup of above changes and redo the same changes after the upgrade.

Check Download/Upload Internet on Ubuntu

เป็นโปรแกรมไว้ใช้ตรวจสอบมีการใช้งาน Internet / Network ไปเท่าไร ด้วยโปรแกรมเล็ก ๆ ต่อไปนี้

1.iftop
2. tcptrack
3. slurm
4. bmon -shows  
5. nload Install

Ref: askubuntu.com

disable service apparmour

Disable & remove Apparmour

#sudo /etc/init.d/apparmour stop
#sudo /etc/init.d/apparmor teardown
#sudo update-rc.d -f apparmor remove

บันทึกคอนฟิก switch 3com 5500G

อ้างอิง nisolution.co.th : LINK

- คำสั่งที่ใช้ในการ Save Configuration

è ตัวอย่างการใช้คำสั่ง

<5500-ei>save                   -> ใช้คำสั่ง Save จากนั้นกดปุ่ม Enter

The configuration will be written to the device.

Are you sure?[Y/N] y -> ตอบ Y เพื่อทำการ Save จากนั้นกดปุ่ม Enter

Please input the file name (*.cfg)

[flash:3comoscfg.cfg]: -> เลือกชื่อไฟล์ที่ต้องการ Save Configuration ถ้าต้องการ Save ไว้ที่ไฟล์อื่นก็สามารถพิมพ์ชื่อไฟล์เข้าไปได้หรือกด Enter ผ่านไปโดยจะทำการ Save ไว้ที่ไฟล์ 3comoscfg.cfg

- คำส่งที่ใช้ในการ Factory Default

è ตัวอย่างการใช้คำสั่ง

<5500-ei>reset saved-configuration -> คำสั่งที่ใช้ในการ Factory Default จากนั้นกด Enter

The saved configuration will be erased.

Are you sure?[Y/N] y -> ถ้ามั่นใจแล้วตอบ Y แล้วกด Enter

Configuration in flash memory is being cleared.

Please wait …

<5500-ei>reboot -> จากนั้นใช้คำสั่ง reboot เพื่อ Restart อุปกรณ์

This will reboot device. Continue? [Y/N] y -> ตอบ y อีกครั้งเพื่อทำการ Reboot

หลังจากสั่ง Reboot ตัวอุปกรณ์แล้วจากนั้น Switch จะกลับมาเป็นค่า Default ที่มาจากโรงงานโดยค่า Configuration เดิมจะหายหมด โดยเราจะต้องทำการตั้งค่าเริ่มต้นของระบบใหม่ไม่ว่าจะเป็น Password ของ Admin สิทธ์ในการเข้าถึงต่างๆ เวลาของระบบ รวมถึงค่า Configuration ต่างๆ

DHCP multisubnet on Linux dhcp server

Edit config

------dhcpd.conf---------
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;

# internal subnet.
subnet 192.168.x.0 netmask 255.255.255.0 {
  range 192.168.x.90 192.168.x.150;
  option domain-name-servers 192.168.x.xx, 192.168.x.x;
  option routers 192.168.x.254;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.x.255;
}
# Other Subnet
subnet 192.168.2.0 netmask 255.255.255.0 {
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.2.255;
        option routers 192.168.2.1;
        option domain-name-servers 192.168.x.xx, 192.168.x.x;
        range 192.168.2.10 192.168.2.120;
}

host computer {
  hardware ethernet 00:E0:7D:FD:04:AB;
  fixed-address 192.168.x.xx;
}


configure switch 3com 5500G-ei ให้ DHCP Relay