Windows 10 – Tech Preview

If you’re using VMware, set as Windows and Windows 8 64 bit, it’ll start up fine.

Edit your settings before doing the install. If you leave it with default boot, it’ll crash with “Your PC couldn’t start properly, error code 0xc0000001″. Right click on VM, Edit Settings, go to Options, Boot Options, change to EFI.

Setup includes Microsoft account, which I’m not sure will be great for Enterprise environments. Will definitely need something for nLite, WinReducer or RT Se7en Lite.

Setup is very user friendly for home users.

Start Menu is just plain weird. Better than Win 8. Niftiest thing so far was right clicking on the start menu button. They moved System and Properties to the start menu button rather than right clicking My Computer.

Windows Update hides a lot of information and is dumbed down. Maybe a good choice for home users, but not so great in the corporate environment or for advanced users. On the other hand, File History looks promising for users to back up their data, and Recovery has a lot of good options for home users. There is a “Refresh” option that likely restores Windows and registry to baseline without deleting user data, “Reinstall Windows” that wipes everything and an Advanced Startup likely for power users.

There’s a way to get to the ‘real’ Windows Update interface. Right click start menu, Control Panel, Windows Update. Yay!

I skipped OneDrive setup, and it setup anyways.

I like the App Store, it looks exactly like Google Play. But again, corporate environment should be interesting. I’d love if they had an enterprise app store. Be nice for licensing compliance.

MySQL and CSV

Exporting from CSV is extremely straight forward. Don’t forget to clean up the tab file afterwards. Field names will be the first entry.

mysql -u READONLYACCOUNTHERE –password=PASSWORDHERE -e “select * from DATABASE.TABLE” > test.tab
perl -lpe ‘s/”/””/g; s/^|$/”/g; s/t/”,”/g’ < test.tab > test.csv

You can delete the first line with the following (no output, just file edit):
sed -i 1d file.csv

You can display (or pipe to another program or file) everything except the first line with:
sed 1d file.csv

Entry is not that much worse:

USE TestData;

CREATE TABLE TEST
(
Field1 VARCHAR(40),
Field2 VARCHAR(40),
Field3 VARCHAR(40));

BULK
INSERT TEST
FROM ‘/path/to/testdata.csv’
WITH
(
FIELDTERMINATOR = ‘,’,
ROWTERMINATOR = ‘n’
);

Or the following:

START TRANSACTION;

DELETE FROM `TESTTABLE`;

LOAD DATA INFILE ‘/path/to/testdata.csv’ INTO TABLE `TESTTABLE`
FIELDS TERMINATED BY ‘,’ OPTIONALLY ENCLOSED BY ‘”‘ ESCAPED BY ”
LINES TERMINATED BY ‘n’
(Field1, Field2, Field3);

COMMIT;

It’s Halloween time. Time for the Safety Briefing!

Howdy folks, it’s getting closer to everyone’s favorite holiday season. No doubts you’re looking forward to Trick’r’Treat, maybe a costume party, or ritualistic sacrifice to the Dark Ones! But always remember, safety comes first! Now, here’s some very simple rules that should make your Halloween a fun and safe holiday for everyone!

1. If someone tells you that you are the Chosen One and must save whoever or whatever, kill them and change your name.
2. Same bloody well goes for any harbinger of any “prophesy”. If possible, resurrect them and kill them a second time.
3. If a mysterious and beautiful woman appears out of nowhere and is interested in you, run.
4. If you see a lone young child in the middle of nowhere and is uncommonly cheerful and/or giggling, run like you heard banjos.
5. Black cats, not so bad. Black dog that watches you without ever blinking? Don’t run. Slowly back away.
6. Attics? Tell one of your buddies that you hid the beer up there.
7. Cellars? Tell your buddy that you forgot you moved the beer down to the cellar. That’s the point of buddies, they’re gullable.
8. Bullets may or may not work. Either way, shoot the evil entity. A lot.
9. Fire always makes a situation better. Or more entertaining, and that’s the truly important thing.
10. If mysterious folk with foreign or ancient accents pop on any suspicious date (full moon, ides of march, etc), pretend to not understand them.
11. If you can’t outrun the evil entity, well, you only have to outrun the more cliche characters.
12. For the love of the gods, if you are driving at night, fill the tank when you’re between a quarter and half tank.
13. Fix-A-Flat. Cheaper than being hung up on a rusty meat hook.
14. Hawt chicks are like canaries. Always keep a few around when you visit Bad Place. They’ll die first.
15. Little known fact, vampires are allergic to magnesium. When ignited and shoved down their throat.
16. If you have reason to believe you are being stalked by an evil entity, someone might want to stay awake when everyone else sleeps.
17. If one member of your party starts hearing voices, party over, time to leave.
18. If a disembodied voice tells you to get out, follow the advice.
19. Vacations to run down shacks in the middle of nowhere never work out well.
20. Vacations to Eastern Europe can end with you dismembered. But they have very attractive women. Definitely worth the risk.
21. If anyone says “But Whatever Bad Entity doesn’t exist”, kneecap them and leave them while the rest of you wait to see if he or she is right.
22. A flamethrower is always appropriate.
23. When various members of your party mysteriously start missing, don’t individually go looking for them.
24. There’s no such thing as overkill. Only “Not enough” and “Needs more”. Remember this when you think the evil critter is finally dead.
25. When you find the sacred/cursed/ancient artifact, don’t screw with it. Just put it on eBay and let the feedback answer your curiosity.
26. If some random weirdo offers you unsolicited food, drugs or drink, politely decline.
27. If the innkeeper is way too happy to see you, leave. They probably want to sacrifice you. Or they have termites.
28. If someone gives you a quest to find something oddly obscure that happens to be bloody far away with implausibly complicated directions, go on a vacation instead.
29. If you really HAVE to go, dial Blackwater’s Rent-A-Friend program then rent a helicopter to take you and friends to said obscure location.
30. If you manage to escape the werewolves, undead, aliens, or whatever long enough to get to the phone, don’t try to explain the situation. Just call the National Guard and tell them al-Qaeda is planning to poison the nation’s beer supplies and they’re currently at such and such an address. You’ll have all the Blackhawks and Apache gunships you’d want in about ten minutes.

That’s it! Remember these rules, and you’ll have a safe and happy Halloween! Ph’nglui mglw’nafh Cthulhu R’lyeh wgah’nagl fhtagn!

Backup thoughts

Backup your stuff.  Period.  No exceptions.  Viruses, power surges, HD failures, etc will never go away.  Evar.  Entropy is just one of those things.

For simplest form of backup, copy My Documents, Favorites and Desktop to an external HD (cheap on Newegg, TigerDirect, etc), thumb drive or SD card.  Keep one off-site, one in a safety deposit box or a buddy’s place.  Swap every few months.  Every year or so, buy a new one.  Retire the old one to your safety deposit box or whatever clearly labeled with the year in question.

I’m partial to 32 gig micro SD cards for critical data, which are the size of your pinky nail.  Very easy to hide.


Next simplest is “cloud” backups.  (cloud.  ugh.)  For home users, I highly recommend BackBlaze.  $4-5 a month for unlimited (and they bloody well mean unlimited) storage.  There are others, any of them are good enough.  Mozy is another.

Geeks, read this:   http://blog.backblaze.com/2009/09/01/petabytes-on-a-budget-how-to-build-cheap-cloud-storage/
If you’re not drooling, you’re not a geek.


If you’re a slightly more geeky person, you can use the S3.  I use it for my servers, as s3sync is very handy.

Here’s my script for my CentOS servers:  http://www.revdisk.org/projects/backups/

It’s a very stripped down version.  I’m obviously not publishing the locations of anything that’s not standardized stuff.  I do daily light backups of log files, configuration files, SQL databases, etc.   Weekly backups for my HTML files, graphics, MP3s, videos.  Now, in the posted code, I left it using ECB.  Why, I friggin forget, but it should be cipher-block chaining.  Don’t use ECB in multiple block encryption.  Evar.  CBC is fine for most stuff, but you could adjust for whatever you’re doing.

Prune it down every month or two and you’re looking at 12 cents a month or so.  Most I ever reached was a dollar, because I forgot to prune for a few months.  I added an appointment every two months.  I keep monthly and yearly heavy uploads.


For a paranoid non-geek home user, use TrueCrypt and just backup the TrueCrypt container.  The program and documentation are friendly to non-geeks.

Stock anti-virus advice

My stock solution is to disconnect from network/internet, remove the crapware “anti-malware” software, blacklight to check for rootkits, Microsoft safety scanner, some of the AV quick scanners, install Kaspersky AV, reconnect to the network/internet and patch the machine.

Ideally, if a user is backing up their data, just format the machine, re-install with an unattended install disk (nLite for the win), install KAV, connect to internet, patch.  Microsoft killed off any offline patching utilities.  But if you’re clever, you can isolate a port on a switch to only connect with your WSUS server.

You should not be using multiple AV/AM (anti-virus, anti-malware) products under normal circumstances.  Pick a good AV and use it solely under normal circumstances.  Trend, F-Secure, KAV are top tier.  McAfee, Bitdefender, Norton, Clam, Microsoft Security Essentials are second tier.  NOD32, AVG, et al are third tier.

Patch your OS and software regularly.  Backup your info regularly.  This is as important or more important than your AV/AM solution.

Useful Android apps

Geospatial

    c:geo – Free, pretty good
    Geocaching – Paid, but extremely well written. Use c:geo if you rarely cache, but if you’re a regular geocacher, buy this.

Sensors -

    Tricorder – Free, uses virtually all of the sensors built into an Android phone

Utilities -

    SuperBox – Multipurpose utility, I use it mainly for quickly checking my battery and moving apps to the SD card
    MyBookDroid – You can use it for many purposes, but I use it to quickly scan/catalog my book collection
    WordPress – Bit obvious, this.
    ConnectBot – SSH client, tiny letters but handy for rebooting a server or restarting a service
    ColorNote – Best notepad app I’ve found thus far
    ElectroDroid – Multipurpose electronics utility, has all kinds of reference material
    Diaster Alerts – Good way to check on world wide alerts of bad things
    How To Tie a Tie – I’m not much of a tie person, so this is surprisingly handy
    KnotsGuide – Very handy
    Net Scan – Works alright, scans a wifi network
    Net Swiss Tool – Various tools that are common on OS’s (ping, tracert, etc)
    Wifi Analyzer – Has a handful of utilities for scanning wifi networks
    SSHTunnel – If you are using public Wifi, you want to secure your traffic. This is the best way of doing so.
    Where’s My Droid – Handy for “Where did I leave my phone” situations

Entertainment

    Amazon Kindle – eBook reader. I just use it for free classics and reading books from Baen
    Slacker – Internet radio
    Khan Academy – Educational classes on just about anything

Disaster Recovery planning

Ok, let me start off by saying, I’m not a survivalist. I’m not even really a “prep’er” (preparedness, think survivalist lite). Closest I come is hiking and camping. I however have done a lot of Disaster Recovery and Contingency Planning work, primarily for IT and businesses. It’s entirely the business of mitigating risk to the needs and capacity of the customer. Disaster Recovery, whether for a business or for an individual, is pretty straight forward. It’s just like any other project. Figure out your specifications, and then go about meeting them within time/budget.

We’ll skip the business stuff and go for personal. If you’re a business that’d like DR consulting, feel free to drop me a line at revdisk@ this domain. The examples in this blog posting isn’t meant to be taken overly seriously and will be overstated for entertainment value.

Let’s start off with the specifications. Specifications can be anything, and are the core of any DR planning. You need to know what you want to do before you work toward it. Your specifications can be anything from “personally surviving as many bad things as possible”, “getting my family to crazy Uncle Carl’s fortified retreat in Oklahoma”, “minimizing financial damage from bad things” or “Saving my family”. You can have as many as you’d like, but the more you have the more work you’ll have to do. Keep it as simple as possible, and spend a fair amount of time thinking about your real priorities.

Draw up any significant concerns you have that may impact your specifications.

Growing up within half a mile of TMI, possible nuclear disaster wasn’t an idle thought. There were plenty of other localized concerns. Within fifty miles were chemical plants, ethanol plant, plenty of old bridges, natural gas plants, etc. Spend some time going over what your pressing concerns actually are. “zOMG zombie apocalypse”, “Martians invading the US” or “Russian/Cuban soldiers dropping out of the sky” should not be on it. If they are, you need lithium or at least a long vacation more than you need planning.

It should start off with the most realistic options. For me, it’s snow storms. They occur virtually every year and being shut in for a couple days is very likely.

If you live on a fault line, sooner or later, you WILL have an earthquake of note. Same with a flood plain. If you’re on the coast, do a bit of research and figure out previous damage from storms. Go to the library and do some research. Don’t rank them by how theoretically bad they could be. Rank them intelligently, which means impact assessment * frequency at a minimum. You can factor in other things like financial concerns, social/family commitments or whatnot, up to you.

In this case, my example and Impact Analysis methodology. I ranked by impact multiplied by the likelihood of occurring. A snow storm is not likely to be lethal unless you are intentionally stupid or unprepared. So let’s give it a weight of 3 (on a scale of one to ten for impact). We multiple that weight by the likelihood of happening. Which would be rounded to 10 out of 10. So net weight of 30. Another nuclear meltdown at Three Mile Island might have an impact of 10, but a likelihood of happening at 0.5 (that’s actually too high, but I’m using simple numbers for demonstration purposes), with a final weighting of 5.

So a snow storm should have six times the priority in preparation. If you’re doing one priority at a time, you just sort the list by the weight. If you’re working toward all of them on a schedule, you should allocate resources toward snow storm preparation at six times the rate of radiation from nuclear meltdown preparation.

So suppose I do my research, run my Impact Analysis and come up with a prioritized list of concerns:

1. Snow storm
2. House on fire
3. Earthquake
4. Wildfire
5. Flood
6. Nuclear disaster
7. Other – Significant, Non-Local
8. Other – Localized

You can break them out discretely in as granular manner as you would like. More granular, more works. You can create subsets for variations, but you only want to do that on your revisions and not on your first project.

Obviously, the last two categories are basically anything else not covered on the list. But basically vague general contingency plans for anything that isn’t on your list. An “Other – Localized” could be anything from a very unlikely accident like a train wreck to a meteor strike. Anything where somewhere else is safer than right here, and it’s contained to a specific geographic area.

“Other – Significant, Non-Local” is your “it’s bad everywhere, and there’s no point in going somewhere else” category.

“Other – Insignificant, Non-Local” means it’s not in your neighborhood and it’s not likely to effect you. You can leave it on, or toss it. But it does sometimes pop up. This category would cover dealing with the secondary effects from someone else’s problems. Katrina refugees would be an example.

Ok, you have your list of priorities. Develop a plan for dealing with each. You want to make your plan as modular as possible. “Stocking extra food in plastic, water resistant containers” would assist in all categories except “House on Fire”. Actually think through the scenario. Walk it out or simulate it as closely as possible.

If your house burned to the ground, what would you actually need? You may have under a minute to get out. An AR15 and a pallet of MREs would be near useless, but copies of your insurance paperwork, birth certificates, medical records, asset documentation, and contact information for friends, relatives, business would be worth their weight in gold. Immediately after a major earthquake, the situation may be reversed.

Start on the highest priorities, and work your way through the list. Make records of your current state, and the state you want to be in when you’re finished. I like a Green-Yellow-Red coded spreadsheet. Gives you a sense of accomplishment as the red and yellow starts to disappear, and more green fills the screen.

So an example:

Plans
1. Snow storm
2. House on fire
3. Earthquake
4. Wildfire
5. Flood
6. Nuclear disaster
7. Other – Significant, Non-Local
8. Other – Localized

Item Plan(s) Status Notes
Extra batteries 1, 3, 4, 5, 6 GREEN
Pallet of MREs 1,3,5,6 RED Swap out on 01/15
Essential Paper Docs 2-6 YELLOW Need X, Y and Z
Digital copies 2-6 RED Encrypt on multiple thumb drives
Waterproof boxes 5 GREEN

Allocate resources in accordance with a schedule, and in direct proportions to your weighted priority list. Leave a margin for targets of opportunity. Once you’re done, draw up a maintenance/inventory schedule. Revisit your Impact Analysis on a set duration (annual, usually).

If you’re working without an overall plan, you’re probably wasting money, time and reducing effectiveness. Go with the right methodology, and you’re more likely to be successful than winging it. The above general “philosophy” is stone cold, tested and true, core disaster recovery management. You can use whatever format you’d like or fits your needs.

 

Some potentially useful templates:

DR Inventory Template

DR Impact Analysis Template

Planning Guide Template

 

 

Adding TLS, SASL, SSL support to Postfix on CentOS

k, so you have a wonderfully working email server. Then you try to send an email from your PC or mobile device, with no joy. Congrads, your email is set up right and postfix is refusing to send out unsecured and/or unauthenticated email.

Time to add some secure authentication.

Add the following to /etc/postfix/main.cf

# SASL
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous

Check smtpd_recipient_restrictions in main.cf, which I usually put dead last in the file. It needs permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination at a minimum. You can test out sasl if you wish at this point. I didn’t bother, but I like living on the edge. Save your main.cf and restart postfix (at the command prompt: postfix reload)

Now run these commands from root.

yum install crypto-utils
genkey –days 1000 mail.domain.tld

I went with the super paranoid encryption level, but that’s me. It’ll take a while to crunch. Don’t encrypt the key. You’d need to input a password at boot, which would be bad. You can sign your key with a CA if you wish, I didn’t see the need to pay to do so for my private email server. The keys should be put in the following locations:

/etc/pki/tls/certs/mail.domain.tld.cert
/etc/pki/tls/private/mail.domain.tld.key

Make sure the private key is owned by root and chmod 600. Verify the files exist.

Now, fire /etc/postfix/main.cf up again and add the following:

smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/pki/tls/private/mail.domain.tld.key
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.domain.tld.cert
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
tls_random_source = dev:/dev/urandom
smtpd_tls_auth_only = yes # Dork with this setting during testing

Run another postfix reload.

Fire up /etc/dovecot.conf and make sure the following is included:

protocols = imap imaps pop3 pop3s
#disable_plaintext_auth = no
#ssl_disable = no
ssl_cert_file = /etc/pki/tls/certs/mail.domain.tld.cert
ssl_key_file = /etc/pki/tls/private/mail.example.tld.key
ssl_cipher_list = ALL:!LOW:!SSLv2

Restart dovecot. If it squawks, you need to add pop3_uidl_format = %08Xu%08Xv to the pop3 section. Remember to update iptables.

Rerouting spam or viruses with postfix and SpamAssassin

Go to /etc/mail/spamassassin/local.cf
Add or change this line. You can change THIS_IS_SPAM to any constant, just remember to add it to the header check as well. Spelling counts, double check it. It’ll be put in front of anything that SA flags as spam.

# Change the subject of suspected spam
rewrite_header subject THIS_IS_SPAM

Go to /etc/postfix/main.cf
Add the following. Postfix uses this to check or alter headers across the entire server. Don’t use this for trivial activities.

# Spam
header_checks = regexp:/etc/postfix/header_checks

Go to /etc/postfix/header_checks
Put this at the end. It routes all spam to a catch-all email account.

header_checks
/^Subject: THIS_IS_SPAM/ REDIRECT spam@yourdomain.tld

Under ideal circumstances, you really don’t want to do this. You want to reject as much spam as possible BEFORE your email server processes this. Invalid helo, impersonating the server (by IP or host), not RFC 2821 compliant, etc. Blacklists are… problematic at times, but shouldn’t be ignored.

This is however handy if a) your users don’t have/use email programs with build in filters (like a Blackberry not tied to a BES) or b) your users are using low-bandwidth lines to get their email.

Additionally, you can add more filtering to header_checks, such as attachment filtering. Lot of folks block .EXE and .VBS. To do so, add the following to /etc/postfix/header_checks:

/^content-(type|disposition):.*name[[:space:]]*=.*.(exe|vbs)/
REJECT Bad attachment file name extension: $2

Some folks use a plain Linux box running postfix as solely a cheap virus/spam/etc filter for their Exchange environment. It’s not a bad idea, especially if you load balance between two or three very thin Linux boxes. Theoretically, you could also use it for cheap mail retention for DR purposes.

If you are not using virtual users/domains, you probably want to use procmail and an individual template .procmailrc (per user).

Postfix, Dovecot, PostfixAdmin, Spamassassin on MySQL and CentOS 5.5

First, let’s handle the boring dependencies. Make sure you’re running as root.

# yum install httpd mysql php php-mysql wget

Set up SQL

# mysql_install_db –user=mysql
# mysql_secure_installation
# service mysql start
# mysql -p

You should now be staring at an SQL prompt. The following should be all of the necessary SQL commands for the entire HOWTO.

mysql> CREATE DATABASE postfix;
mysql> CREATE USER postfix@localhost IDENTIFIED BY ‘your_password';
mysql> GRANT ALL PRIVILEGES ON postfix.* TO postfix;
mysql> grant SELECT ON postfix.* to ‘dovecot’@’localhost’ IDENTIFIED by ‘dovecot_password';
mysql> grant SELECT, RELOAD, LOCK TABLES ON *.* to ‘backup’@’localhost’ IDENTIFIED by ‘backup';
mysql> flush privileges;
mysql> exit

I’d really recommend writing a SQL backup script, and tossing it in your crontab. It’s optional, but a bloody good idea.

# env EDITOR=nano crontab -e

You might want to tune your Apache HTTPD configuration.

# nano /etc/httpd/conf/httpd.conf
# service httpd restart

Grab a copy of PostfixAdmin

# wget http://sourceforge.net/projects/postfixadmin/files/postfixadmin/postfixadmin-2.3.3/postfixadmin-2.3.3.tar.gz/download
# tar -zxvf postfixadmin-2.3.3.tar.gz
# mv postfixadmin-2.3.3.tar.gz postfixadmin
# mv postfixadmin /var/www/html/
# cd /var/www/html/postfixadmin
# nano config.inc.php

Follow the steps in config.inc.php to complete configuration. Basically, you’ll need to fill in some database information and create a password for adding administrators to PostfixAdmin. You want to point your web browser at http://www.yourdomain.tdl/postfixadmin/setup.php

It’ll display a checklist. Make sure all of your checks are good and it should make the necessary structure changes to the SQL database. Be sure to log in PostfixAdmin and make sure everything is happy. Otherwise you will be sad. Toss in some info, test email addresses and whatnot.

Enable CentOS Plus repo, then install postfix. The standard CentOS 5.5 repo doesn’t include the version of Postfix with SQL support. Why, I have no bloody clue. You want postfix 2.3.x. Be sure to exclude postfix from the updates and regular base repo. I snagged the version of PHP5 from the CentOS Testing repo as well, lot of webapps want it. I configured both additional repositories to only snag the packages I want.

Run postconf to see what is being supported.

# postconf -m
# postconf -a

If it doesn’t list MySQL on the first command and dovecot on the second, you have the wrong version of postfix. You probably messed up your repo hacking. Let’s ignore postifx for a moment, and move on into the realm of insanity. Here there be dragons.

Now, to snag dovecot. This is going to be ugly.

# rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
( or for x86_64, use http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm )
# rpm –import http://apt.sw.be/RPM-GPG-KEY.dag.txt
# yum install dovecot

You should have gotten dovecot 1.0.13. Recheck your repo config if you didn’t. For the love of the odd gods, do NOT use the standard CentOS repository for dovecot, which would be 1.0.7 or whatnot. It’s broken. Yes, do not ask me why anyone would keep a royally screwed up version in the main repository of a distribution known for testing and stability. I have no bloody clue.

# mkdir -p /var/vmail
# chmod 770 /var/vmail
# useradd -r -u 101 -g mail -d /var/vmail -s /sbin/nologin -c “Virtual mailbox” vmail
# chown vmail.mail /var/vmail
# cd /etc
# cp dovecot.conf dovecot.conf.original
# echo “” > dovecot.conf
# nano dovecot.conf

# ————————————
# START OF DOVECOT CONFIGURATION
# ————————————
mail_location = maildir:/var/vmail/%d/%u
first_valid_uid = 101
last_valid_uid = 101
maildir_copy_with_hardlinks = yes
protocol imap {
mail_plugins = quota imap_quota
imap_client_workarounds = outlook-idle delay-newmail
}
protocol pop3 {
mail_plugins = quota
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = postmaster@example.com
mail_plugins = quota
log_path = /var/log/dovecot-deliver.log
info_log_path = /var/log/dovecot-deliver.log
}
auth default {
# Having “login” also as a mechanism make sure outlook can use the auth smtpd as well
# http://wiki.dovecot.org/Authentication/Mechanisms
mechanisms = plain login
passdb sql {
args = /etc/dovecot/sql.conf
}
userdb sql {
args = /etc/dovecot/sql.conf
}
userdb prefetch {
}
user = nobody
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = vmail
group = mail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = mail
}
}
}
dict {
}
plugin {
# quota = maildir:storage=10240:messages=1000
# acl = vfile:/etc/dovecot/acls
trash = /etc/dovecot/trash.conf
}
#—————————————
# END OF CONFIGURATION – Dovecot
#—————————————

Save it and get back to the command prompt. We still need to connect up to the SQL database that PostfixAdmin set up for us. Remember the dovecot password from that MySQL query earlier?

# nano /etc/dovecot/sql.conf

#—————————————
# START OF CONFIGURATION – SQL.CONF
#—————————————
driver = mysql
connect = host=localhost dbname=postfix user=dovecot password=DOVECOT_SQL_password
user_query = SELECT concat(‘/var/vmail/’, maildir) as home, concat(‘maildir:/var/vmail/’, maildir) as mail, 101 AS uid, 12 AS gid, concat(‘maildir:storage=’, quota) AS quota FROM mailbox WHERE username = ‘%u’ AND active = ‘1’
password_query = SELECT username as user, password, concat(‘/var/vmail/’, maildir) as userdb_home, concat(‘maildir:/var/vmail/’, maildir) as userdb_mail, 101 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = ‘%u’ AND active = ‘1’

#—————————————
# Config Notes:
# Note, query needs to be on ONE line
# Your web browser and paste will wrap it.
#—————————————
# END OF CONFIGURATION
#—————————————

# nano /etc/dovecot/trash.conf

Paste in the folders you want created automatically
Example:

1 Spam
2 Trash

# cd /etc/postfix
# nano master.cf

Paste the following (yes, intended on the third line)

# Dovecot LDA
dovecot unix – n n – – pipe
flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}

# cp main.cf main.cf.original
# echo “” > main.cf
# nano main.cf

Paste all of the following into main.cf

#—————————————
# START OF CONFIGURATION – postfix
#—————————————
# Local Settings
myhostname = mail.example.tld # Change this, dude.
inet_interfaces = localhost, $myhostname
mynetworks = $config_directory/mynetworks
mydestination = localhost.$mydomain, localhost, $myhostname
#uncomment if you need relay_domains… do not list domains in both relay and virtual
#relay_domains = proxy:mysql:$config_directory/mysql_relay_domains_maps.cf
# Virtual domain start
virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_minimum_uid = 101
virtual_uid_maps = static:101
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
#—————————————
# END OF CONFIGURATION – Postfix
#—————————————

Save. Restart dovecot and postfix. Attempt to send mail back and forth. If it doesn’t work, go to /var/log/maillog and start reading.

If it works, and only once it works, we start on spamassassin.

# yum install spamassassin
# sa-update
# spamassassin –lint

If you get an error, then do the following:
– # rpm -q perl-Net-DNS perl-NetAddr-IP perl perl-IO-Socket-INET6
– # rpm -qi perl-IO-Socket-INET6
– # yum remove perl-IO-Socket-INET6
– # spamassassin –lint

If you didn’t get an error, start back here.

# adduser spamfilter -s /sbin/nologin
# nano /etc/postfix/master.cf

Add to bottom:

spamfilter unix – n n – – pipe
flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter -f ${sender} — ${recipient}

Change from near top

smtp inet n – n – – smtpd
-o content_filter=spamfilter:dummy

# nano /usr/local/bin/spamfilter

Past in the following

#!/bin/bash

/usr/bin/spamc | /usr/sbin/sendmail.postfix -i “$@”

exit $?

# chown spamfilter /usr/local/bin/spamfilter
# chmod 755 /usr/local/bin/spamfilter
# postfix reload

You can generate a config file from SA Configuration Generator. The output goes to /etc/mail/spamassassin/local.cf

 

Edit:

mysql_relay_domains_maps.cf
user            = #SQL user
password        = #SQL password
hosts           = localhost
dbname          = # database name
query           = SELECT domain FROM domain WHERE domain=’%s’ and backupmx = ‘1’

mysql_virtual_alias_maps.cf
user            = #SQL user
password        = #SQL password
hosts           = localhost
dbname          = # database name
query           = SELECT goto FROM alias WHERE address=’%s’ AND active = ‘1’

mysql_virtual_domains_maps.cf
user            = #SQL user
password        = #SQL password
hosts           = localhost
dbname          = # database name
query           = SELECT domain FROM domain WHERE domain=’%s’
#optional query to use when relaying for backup MX
#query           = SELECT domain FROM domain WHERE domain=’%s’ AND backupmx = ‘0’ AND active = ‘1’

mysql_virtual_mailbox_limit_maps.cf
user            = #SQL user
password        = #SQL password
hosts           = localhost
dbname          = # database name

query           = SELECT quota FROM mailbox WHERE username=’%s’ AND active = ‘1’

mysql_virtual_mailbox_maps.cf
user            = #SQL user
password        = #SQL password
hosts           = localhost
dbname          = # database name

#query          = SELECT CONCAT(domain,’/’,maildir) FROM mailbox WHERE username=’%s’ AND active = ‘1’
query           = SELECT maildir FROM mailbox WHERE username=’%s’ AND active = ‘1