Thursday, October 26, 2006

FreeBSD : Postfix (SMTP + SSL + TLS) + Courier (IMAP + POP3 + SSL) + Cyrus SASL, with virtual delivery

Links

* http://www.postfix.org/SASL_README.html
* http://www.unixpeople.com/HOWTO/postfix.solaris.html
* http://www.pacnog.org/pacnog1/day1/mail/courier.html

Postfix

/usr/local/etc/postfix/master.cf

# enables SMTP over SSL on port 465. Note the command line arguments for smtpd.
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

/usr/local/etc/postfix/main.cf

queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550

mynetworks = 192.168.1.0/24, 127.0.0.0/8
smtpd_banner = $myhostname ESMTP

debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no

transport_maps = hash:/usr/local/etc/postfix/transport
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain

virtual_mailbox_domains = sun-research.com
virtual_mailbox_base = /mirror/mail/
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:125
virtual_gid_maps = static:125
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual

smtpd_sasl_security_options = noanonymous
smtpd_use_tls = yes
smtpd_tls_cert_file = /usr/local/etc/postfix/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_auth_only = yes
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_helo_required = yes

Don't forget to make your PEM file!

/usr/local/etc/postfix/transport (Do a "postconf transport" after editing)

# null entry means to handle this domain ourselves
company.com :
.company.com :
# enable next line to use a smart host for all outgoing mail
# * smtp:smtp.my.isp.com

/usr/local/etc/postfix/vmailbox ("postconf vmailbox")

This file sets up the users that postfix will receive mail for, and where to store their mail.

# Don't forget the trailing / for maildir format!
user1@company.com company.com/user1/
user2@company.com company.com/user2/

Using virtual_mailbox_base directory from main.cf above:
mkdir -p $virtual_mailbox_base
cd $virtual_mailbox_base
maildirmake user1
maildirmake user2
chown -R postfix:postfix .


Courier

/usr/local/etc/courier-imap/imapd

IMAPDSTART=YES

/usr/local/etc/courier-imap/pop3d

POP3DSTART=YES

/usr/local/etc/courier-imap/imapd-ssl

IMAPDSTARTTLS=YES

/usr/local/etc/courier-imap/pop3d-ssl

POP3_STARTTLS=YES


Make your TLS certificates:

* Edit /usr/local/etc/courier-imap/{pop3d,imapd}.cnf and put in your details.
* Put CN = mail.companyname.com, or whatever your clients use to connect.
* Then:

cd /usr/local/share/courier-imap/
./mkpop3dcert
./mkimapdcert

/etc/rc.conf

courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
courier_imap_imapd_ssl_enable="YES"
saslauthd_enable="YES"

saslauthd_flags="-r -a rimap -O localhost"

The saslauthd_flags set it to use the full realm (-r), use remote IMAP server for authenticating against (-a rimap) and to contact the IMAP server on this machine (-O localhost).  The default is to use pam that will do things like checking against passwd.


/usr/local/etc/authlib/authdaemonrc

authmodulelist="authuserdb"

Edit /usr/local/etc/authlib/userdb

This controls who can log in to get their email, and who is allowed to relay SMTP.

# All one line...
user1@company.com
uid=125|
gid=125|
home=/mirror/mail/company.com/user1|
mail=/mirror/mail/company.com/user1|
systempw=|

Run "makeuserdb" after editing the userdb file!

 Configure Cyrus SASL by creating/editing  /usr/local/lib/sasl2/smtpd.conf with these two lines:

 pwcheck_method: saslauthd
mech_list: PLAIN LOGIN


 Remember to open firewall ports!

And I think that's it. :)
Posted by at No comments:

Monday, April 10, 2006

Rebuilding a vinum RAID5 array when a drive has failed

A drive in your vinum RAID5 array has failed...

%> vinum list
D drive6 State: down /dev/twed6s1a A: 114325/114470 MB (99%)
P raid5volume.p0 R5 State: degraded Subdisks: 8 Size: 1020 MB
S raid5volume.p0.s6 State: crashed D: drive6 Size: 145 MB

Go find a replacement drive. Once you have a replacement drive in hand:

* Shutdown PC (my FreeBSD + twe driver get confused with a hot-plug of a drive)
* Remove faulty drive and replace with a good one
* Restart PC

%> vinum list
D drive6 State: referenced unknown A: 0/0 MB
P raid5volume.p0 R5 State: degraded Subdisks: 8 Size: 1020 MB
S raid5volume.p0.s6 State: stale D: drive6 Size: 145 MB

When it says "referenced", this seems to means either:
  • You forgot to plug the drive power/data cable in
    • Clues to this is that at least one /dev/twedXs1a is missing. Check your /var/log/messages, the drives that vinum has in its list, and what there is in /dev.
  • This drive is completely blank (to be expected, if you replaced the drive)
Before you partition and label the drive, make sure you're working on the new drive. You don't want to accidentally nuke a remaining good drive.

* Partition (fdisk) the new drive. If you see it already has a partition on it, be careful, and double-check you're working on the right drive!
* Disklabel the new drive

%> vinum printconfig
drive drive6 device unknown

Vinum doesn't know which phsyical drive/device 'drive6' refers to.

* Remove the referenced drive from vinum:

%> vinum rm drive6

The referenced drive6 disappears from vinum's list

%> vinum list
S raid5volume.p0.s6 State: stale D: Size: 145 MB

* Create a text file, e.g. foo.txt, with the single line:

drive drive6 device /dev/twed6s1a

* Load the text configuration file into vinum

%> vinum config foo.txt

%> vinum list
D drive6 State: up /dev/twed6s1a A: 114325/114470 MB (99%)
P raid5volume.p0 R5 State: degraded Subdisks: 8 Size: 1020 MB
S raid5volume.p0.s6 State: stale D: drive6 Size: 145 MB

* Start the plex

%> vinum start raid5volume.p0
Reviving raid5volume.p0.s6 in the background
vinum[870]: reviving raid5volume.p0.s6

* Wait patiently

You can run "vinum list" to see the percentage it is through the rebuild. Eventually, you'll see:

vinum[870]: raid5volume.p0.s6 is up

* Done!

Your array is back.

%> vinum list
V raid5volume State: up Plexes: 1 Size: 1020 MB
P raid5volume.p0 R5 State: up Subdisks: 8 Size: 1020 MB
S raid5volume.p0.s6 State: up D: drive6 Size: 145 MB

%> vinum checkparity -f -v raid5volume.p0
Checking at 1020 MB (99%) raid5volume.p0 has correct parity
Posted by at No comments:

Creating a vinum RAID5 volume

8 * 120GB hard drives, on a 3Ware controller (/dev/twe)

----------vinum.conf----------
volume raid5volume

drive drive0 device /dev/twed0s1a
drive drive1 device /dev/twed1s1a
drive drive2 device /dev/twed2s1a
drive drive3 device /dev/twed3s1a
drive drive4 device /dev/twed4s1a
drive drive5 device /dev/twed5s1a
drive drive6 device /dev/twed6s1a
drive drive7 device /dev/twed7s1a

plex org raid5 491k
sd length 114470m drive drive0
sd length 114470m drive drive1
sd length 114470m drive drive2
sd length 114470m drive drive3
sd length 114470m drive drive4
sd length 114470m drive drive5
sd length 114470m drive drive6
sd length 114470m drive drive7
------------------------------

vinum resetconfig
vinum create vinum.conf
vinum init raid5volume.p0
(...wait five and a half hours...)
newfs /dev/vinum/raid5volume
mount /dev/vinum/raid5volume /raid

Posted by at No comments:

Wednesday, April 05, 2006

OGMoose

   The original moose.
Posted by at No comments:

Cheeseburger beats grapes

At the place where I get my lunch they also sell fruit, etc. This kid (probably 6-7 years old) was choosing something. His mother says "Pick one piece of fruit", so the kid grabs a bunch of grapes. The mother (slightly flustered/rushed) says "No! One piece!". The kid puts back grapes and grabs a peach. The mother gets impatient "No! Don't bother. Put it back ...". She takes the peach from the kid, and puts it back on the display. "I'll get you a cheeseburger at Macquarie."

Surprisingly, neither the mother or any of her 3 kids (all 4-7 age range) were fat.
Posted by at No comments:

Tuesday, April 04, 2006

A blog!

I hereby welcome myself to 1994.
Posted by at No comments:
Subscribe to: Comments (Atom)