Duplicate mail on postfix

แก้ปัญหาเรื่องเมลเบิ้ลใน postfix สร้างไฟล์ดังกล่าวขึ้นมา แล้วปรับไฟล์ /etc/postfix/main.cf ดังนี้
-------------------------------------------------
mailbox_command = /usr/bin/procmail -a "$EXTENTION"
-------------------------------------------------

Create file procmailc

vim /etc/procmailrc

------------------------
LOCKFILE=$HOME/.lock
VERBOSE=no
LOGFILE="/var/log/procmail.log"

:0 Wh: msgid.lock
| formail -D 8192 msgid.cache

------------------------


For iRedmail
For Duplicate mail for forwards (dovecot+postfix+postfixadmin

Edit main.cf, "receive_override_options = no_address_mappings"

ตัวอย่าง smtp command

Reference:

COMMAND:
telnet mail.reddit.com 25

COMMAND:
helo hi
RESPONSE:
250 mail.reddit.com

COMMAND:
mail from: youremail@gmail.com
RESPONSE:
250 2.1.0 Ok

COMMAND:
rcpt to: mailbox.does.not.exist@reddit.com
RESPONSE:
550 5.1.1 : Recipient address rejected: User unknown in local recipient table

COMMAND:
quit
RESPONSE:
221 2.0.0 Bye

dovecot with ssl (995)

Reference:

Howto: Linux Dovecot Secure IMAPS / POP3S SSL Server configuration

by Nix Craft on July 16, 2007 · 1 comment· LAST UPDATED July 16, 2007

in CentOS, Debian / Ubuntu, EMail Servers

Q. How do I configure Dovecot IMAPS and POP3s server using SSL certificate? Can I use SSL certificates generated for Postfix mail server?
A. Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats.
You need to enable POP3s and IMAPS. Open default configuration file:
# vi /etc/dovecot.conf
Make sure POP3S and IMAPS are enabled:
protocols = imaps pop3s
Next you must set PEM encoded X.509 SSL/TLS certificate and private key. They're opened before dropping root privileges, so keep the key file unreadable by anyone but root (see how create certificate CSR and configure certificates for Postfix):
ssl_cert_file = /etc/postfix/ssl/smtp.theos.in.crt
ssl_key_file = /etc/postfix/ssl/smtp.theos.in.key
If key file is password protected, give the password using ssl_key_password directive:
ssl_key_password = myPassword
Save and close the file. Restart Dovecot server:
# /etc/init.d/dovecot restart

MailScanner: Bad Filename Detected

To fix error Subject: Bad Filename Detected



Edit file archives.filetype.rules.conf
------------------------2 deny------------

#deny    executable      No executables          No programs allowed

#deny    ELF             No executables          No programs allowed

--------------------------End----------

Install pflogsumm on postfix

To viewlog mail on postfix

#aptitude install pflogsumm

script on crontab -e

0 0 * * *       perl /usr/sbin/pflogsumm -e -d today /var/log/mail.log | mail -s 'Logwatch for Postfix on My Mail Server' email@domain.ltd
#0 0 * * *      perl /usr/sbin/pflogsumm -u 50 -h 50 --problems_first -d today /var/log/mail.log | mail -s "pflogsumm report `date` on My Mail Server" email@domain.ltd


Reference:
www.howtoforge.com
calomel.org

chmod command

chmod u+x file.txt

1. Grant read and write permission to owner and read permission to group and other using an absolute mode.

   chmod 644 myfile
   

2. Deny write permission to group and other.

   chmod go-w myfile
   

3. Clear all permissions that are currently set and grant read and write permissions to owner, group, and other.

   chmod =rw myfile
   

4. Grant search permission on a directory to owner, group, and other if search permission is set for one them.

   chmod +X mydir
   

5. Grant read, write, and execute permission to owner and read and execute permission to group and other using an absolute mode.

   chmod 755 myfile
   

6. Clear all permissions for group and other.

   chmod go= myfile
   

7. Set the group permissions equal to the owner permission, but deny write permission to the group.

   chmod g=u-w myfile
   

8. Set the set-user-id on execute bit and grant read, write, and execute permission to the owner and execute permission for other using an absolute mode.

   chmod 4701 myfile
   

20 Linux Log Files that are Located under /var/log Directory

Reference: copy from website: thegeekstuff.com

----------------------------------------------------------------------------------------------------------------------------------

The following are the 20 different log files that are located under /var/log/ directory. Some of these log files are distribution specific. For example, you’ll see dpkg.log on Debian based systems (for example, on Ubuntu).

1. /var/log/messages – Contains global system messages, including the messages that are logged during system startup. There are several things that are logged in /var/log/messages including mail, cron, daemon, kern, auth, etc.
2. /var/log/dmesg – Contains kernel ring buffer information. When the system boots up, it prints number of messages on the screen that displays information about the hardware devices that the kernel detects during boot process. These messages are available in kernel ring buffer and whenever the new message comes the old message gets overwritten. You can also view the content of this file using the dmesg command.
3. /var/log/auth.log – Contains system authorization information, including user logins and authentication machinsm that were used.
4. /var/log/boot.log – Contains information that are logged when the system boots
5. /var/log/daemon.log – Contains information logged by the various background daemons that runs on the system
6. /var/log/dpkg.log – Contains information that are logged when a package is installed or removed using dpkg command
7. /var/log/kern.log – Contains information logged by the kernel. Helpful for you to troubleshoot a custom-built kernel.
8. /var/log/lastlog – Displays the recent login information for all the users. This is not an ascii file. You should use lastlog command to view the content of this file.
9. /var/log/maillog /var/log/mail.log – Contains the log information from the mail server that is running on the system. For example, sendmail logs information about all the sent items to this file
10. /var/log/user.log – Contains information about all user level logs
11. /var/log/Xorg.x.log – Log messages from the X
12. /var/log/alternatives.log – Information by the update-alternatives are logged into this log file. On Ubuntu, update-alternatives maintains symbolic links determining default commands.
13. /var/log/btmp – This file contains information about failed login attemps. Use the last command to view the btmp file. For example, “last -f /var/log/btmp | more”
14. /var/log/cups – All printer and printing related log messages
15. /var/log/anaconda.log – When you install Linux, all installation related messages are stored in this log file
16. /var/log/yum.log – Contains information that are logged when a package is installed using yum
17. /var/log/cron – Whenever cron daemon (or anacron) starts a cron job, it logs the information about the cron job in this file
18. /var/log/secure – Contains information related to authentication and authorization privileges. For example, sshd logs all the messages here, including unsuccessful login.
19. /var/log/wtmp or /var/log/utmp – Contains login records. Using wtmp you can find out who is logged into the system. who command uses this file to display the information.
20. /var/log/faillog – Contains user failed login attemps. Use faillog command to display the content of this file.

Apart from the above log files, /var/log directory may also contain the following sub-directories depending on the application that is running on your system.

• /var/log/httpd/ (or) /var/log/apache2 – Contains the apache web server access_log and error_log
• /var/log/lighttpd/ – Contains light HTTPD access_log and error_log
• /var/log/conman/ – Log files for ConMan client. conman connects remote consoles that are managed by conmand daemon.
• /var/log/mail/ – This subdirectory contains additional logs from your mail server. For example, sendmail stores the collected mail statistics in /var/log/mail/statistics file
• /var/log/prelink/ – prelink program modifies shared libraries and linked binaries to speed up the startup process. /var/log/prelink/prelink.log contains the information about the .so file that was modified by the prelink.
• /var/log/audit/ – Contains logs information stored by the Linux audit daemon (auditd).
• /var/log/setroubleshoot/ – SELinux uses setroubleshootd (SE Trouble Shoot Daemon) to notify about issues in the security context of files, and logs those information in this log file.
• /var/log/samba/ – Contains log information stored by samba, which is used to connect Windows to Linux.
• /var/log/sa/ – Contains the daily sar files that are collected by the sysstat package.
• /var/log/sssd/ – Use by system security services daemon that manage access to remote directories and authentication mechanisms.

Instead of manually trying to archive the log files, by cleaning it up after x number of days, or by deleting the logs after it reaches certain size, you can do this automatically using logrotate as we discussed earlier.

To view the log files use any one of the following methods. But, please don’t do ‘cat | more’.

Error: /usr/lib/php5/20090626/idn.so

full error: PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20090626/idn.so' - /usr/lib/php5/20090626/idn.so: cannot open shared object file: No such file or directory in Unknown on line 0


fix: sudo bzip2 /etc/php5/conf.d/idn.ini

Reference: ubuntuforums.org

Check log mail

how to check logmail

1. grep “tom@anydomain.tld” /var/log/mail.log
2. tail -f /var/log/mail.log |grep "@gmail.com"
3. tail -n 100 /var/log/mail.log

how to migrate user account linux

copy from  website howto-move-migrate-user-accounts-old-to-new-server

Q. How do I Move or migrate user accounts to from old Linux server a new Cent OS Linux server including mails? This new system a fresh installation.

A. You can migrate users from old Linux server to new Linux sever with standard commands such as tar, awk, scp and others. This is also useful if you are using old Linux distribution such as Redhat 9 or Debian 2.x.

Following files/dirs are required for traditional Linux user management:
* /etc/passwd - contains various pieces of information for each user account

* /etc/shadow - contains the encrypted password information for user's accounts and optional the password aging information.

* /etc/group - defines the groups to which users belong

* /etc/gshadow - group shadow file (contains the encrypted password for group)

* /var/spool/mail - Generally user emails are stored here.

* /home - All Users data is stored here.

You need to backup all of the above files and directories from old server to new Linux server.

Commands to type on old Linux system

First create a tar ball of old uses (old Linux system). Create a directory:
# mkdir /root/move/
Setup UID filter limit:
# export UGIDLIMIT=500
Now copy /etc/passwd accounts to /root/move/passwd.mig using awk to filter out system account (i.e. only copy user accounts)
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > /root/move/passwd.mig
Copy /etc/group file:
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/group > /root/move/group.mig
Copy /etc/shadow file:
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534) {print $1}' /etc/passwd | tee - |egrep -f - /etc/shadow > /root/move/shadow.mig
Copy /etc/gshadow (rarely used):
# cp /etc/gshadow /root/move/gshadow.mig
Make a backup of /home and /var/spool/mail dirs:
# tar -zcvpf /root/move/home.tar.gz /home
# tar -zcvpf /root/move/mail.tar.gz /var/spool/mail

Where,

• Users that are added to the Linux system always start with UID and GID values of as specified by Linux distribution or set by admin. Limits according to different Linux distro:
• RHEL/CentOS/Fedora Core : Default is 500 and upper limit is 65534 (/etc/libuser.conf).
• Debian and Ubuntu Linux : Default is 1000 and upper limit is 29999 (/etc/adduser.conf).
• You should never ever create any new system user accounts on the newly installed Cent OS Linux. So above awk command filter out UID according to Linux distro.
• export UGIDLIMIT=500 - setup UID start limit for normal user account. Set this value as per your Linux distro.
• awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > /root/move/passwd.mig - You need to pass UGIDLIMIT variable to awk using -v option (it assigns value of shell variable UGIDLIMIT to awk program variable LIMIT). Option -F: sets the field separator to : . Finally awk read each line from /etc/passwd, filter out system accounts and generates new file /root/move/passwd.mig. Same logic is applies to rest of awk command.
• tar -zcvpf /root/move/home.tar.gz /home - Make a backup of users /home dir
• tar -zcvpf /root/move/mail.tar.gz /var/spool/mail - Make a backup of users mail dir

Use scp or usb pen or tape to copy /root/move to a new Linux system.
# scp -r /root/move/* user@new.linuxserver.com:/path/to/location

Commands to type on new Linux system

First, make a backup of current users and passwords:
# mkdir /root/newsusers.bak
# cp /etc/passwd /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak
Now restore passwd and other files in /etc/
# cd /path/to/location
# cat passwd.mig >> /etc/passwd
# cat group.mig >> /etc/group
# cat shadow.mig >> /etc/shadow
# /bin/cp gshadow.mig /etc/gshadow

Please note that you must use >> (append) and not > (create) shell redirection.

Now copy and extract home.tar.gz to new server /home
# cd /
# tar -zxvf /path/to/location/home.tar.gz

Now copy and extract mail.tar.gz (Mails) to new server /var/spool/mail
# cd /
# tar -zxvf /path/to/location/mail.tar.gz

Now reboot system; when the Linux comes back, your user accounts will work as they did before on old system:
# reboot

Please note that if you are new to Linux perform above commands in a sandbox environment. Above technique can be used to UNIX to UNIX OR UNIX to Linux account migration. You need to make couple of changes but overall the concept remains the same.

Further readings

• Read man pages of awk, passwd(5), shadow(5), group(5), tar command

Updated for accuracy.

Root Alert

Script alert root login on shell.

1. edit file .bashrc
#vim /root/.bashrc
--------------------------------------Start-----------------------------------------------
Type: 1
echo 'ALERT - Root Shell Access (mail.mydomain.co.th) on:' `date` `who` | mail -s "Alert: Root Access to MAIL server mycompany from `who | cut -d"(" -f2 | cut -d")" -f1`" email@domain.co.th

Type: 2

sh /root/checklogin/.shell-login.sh | mail -s "Alert Root Access to Server from: `who | cut -d"(" -f2 | cut -d")" -f1`" email@domain.co.th

Type:3 [send pass SMPT, By sender]
sh /root/checklogin/.shell-login.sh | mail -S smtp:192.168.0.xx:25 -s "Alert Root Access to Server from: `who | cut -d"(" -f2 | cut -d")" -f1`" -r sender@domain.co.th -v receive@domain.co.th

---------------------------------------End-----------------------------------------------

2. create file on /root/.shell-login.sh
-----------------------------/root/.shell-login.sh-------------------------------------------
#!/bin/bash

echo "Login on: $(hostname) (at) $(date)"
echo "Change user to: "$(whoami)
echo
w -i

------------------------------End------------------------------------------------------

add change passwd plugin roundcubemail

#aptitude install sudo
#change /etc/sudoes

www-data ALL=NOPASSWD: /usr/sbin/chpasswd



Reading