unix

File encryption in Unix | UNIX AND NOT ONLY

Due to the transfer of all his goodness to another server, he was puzzled by backing up data to a remote server. But somehow I don’t really trust to keep my backs in clear text, so I decided to encrypt the data before sending it to a remote server.
And so to encrypt the file I decided to use openssl

Encrypt the file with the command
lifestar# openssl enc -e -aes-256-cbc -k password -in filename -out filename You can decrypt this file like this

lifestar# openssl enc -d -aes-256-cbc -k password -in filename -out new filename

April 23, 2016 by Blog

Mail server on CentOS | UNIX AND NOT ONLY

In addition to the article on configuring the mail server on FreeBSD, I decided to write how to configure the same, but on CentOS 6.

Connect the Remi and Epel repository

rpm --import https://fedoraproject.org/static/0608B895.txt rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm yum install yum-priorities rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi

rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

Let’s bring the file/etc/yum.repos.d/epel.repo to this type

[epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 priority=10 gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
and the file /etc/yum.repos.d/remi.repo to this type:

[remi] name=Les RPM de remi pour Enterprise Linux $releasever - $basearch #baseurl=http://rpms.famillecollet.com/enterprise/$releasever/remi/$basearch/ mirrorlist=http://rpms.famillecollet.com/enterprise/$releasever/remi/mirror enabled=1 priority=10 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

failovermethod=priority

[remi-test] name=Les RPM de remi en test pour Enterprise Linux $releasever – $basearch #baseurl=http://rpms.famillecollet.com/enterprise/$releasever/test/$basearch/ mirrorlist=http://rpms.famillecollet.com/enterprise/$releasever/test/mirror enabled=0 gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

Put MySQL, add it to the load and start:

yum install mysql mysql-server chkconfig --levels 235 mysqld on

/etc/init.d/mysqld start

Set the password for root in MySQL with the following command:

mysql_secure_installation

Install nginx (yes, as last time we will do without the heavy Apache and do everything on NGINX + PHP-FPM), add to startup and start
yum install nginx chkconfig --levels 235 nginx on

/etc/init.d/nginx start

We install PHP-FPM and the necessary PHP modules:

yum --enablerepo=remi,remi-test install php php-fpm php-common php-pear php-pdo php-mysql php-pgsql php-pecl-memcache php-gd php-mbstring php-mcrypt php-xml php-pear-DB php-posix

Let’s bring the /etc/php-fpm.conf file to this form:

[global] pid = /var/run/php-fpm/php-fpm.pid error_log = /var/log/php-fpm/error.log

include=/etc/php-fpm.d/*.conf

And the file /etc/php-fpm.d/www.conf to this:

[www] listen = /tmp/php-fpm.sock user = apache group = apache pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 slowlog = /var/log/php-fpm/www-slow.log php_admin_value[error_log] = /var/log/php-fpm/www-error.log

php_admin_value[memory_limit] = 128M

Setting up nginx. To do this, bring the /etc/nginx/nginx.conf file to this form:

user apache;
worker_processes 2;

error_log /var/log/nginx/error.log;

pid /var/run/nginx.pid;

events { use epoll; worker_connections 8192;

}

http { include /etc/nginx/mime.types;

default_type application/octet-stream;

log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘ ‘$status $body_bytes_sent “$http_referer” ‘

‘”$http_user_agent” “$http_x_forwarded_for”‘;

access_log /var/log/nginx/access.log main;

sendfile on; client_body_buffer_size 16K; client_header_buffer_size 1k; client_max_body_size 32M; large_client_header_buffers 2 1k; client_body_timeout 10; client_header_timeout 10; keepalive_timeout 5 5; send_timeout 10; reset_timedout_connection on; server_tokens off;

gzip on;

# PHP-FPM

upstream php-fpm { server unix:/tmp/php-fpm.sock;

}

# Virtual hosts

include /etc/nginx/conf.d/*.conf;

}

and create virtual host files:
1) For Vexim (/etc/nginx/conf.d/exim.lifestar.cf.conf), the file looks like this:

server { listen 80; server_name exim.lifestar.cf; access_log /var/log/nginx/exim-access.log; error_log /var/log/nginx/exim-error.log; root /usr/share/vexim2/vexim; index index.php;

charset utf-8;

location = /favicon.ico { log_not_found off; access_log off;

}

location = /robots.txt { allow all; log_not_found off; access_log off;

}

location ~ .php$ { fastcgi_pass php-fpm; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params;

}

location ~ /.ht { deny all; } }

2) For Roundcube file ( /etc/nginx/conf.d/mail.lifestar.cf.conf ) looks that:

server { listen 80; server_name mail.lifestar.cf; access_log /var/log/nginx/mail-access.log; error_log /var/log/nginx/mail-error.log; root /usr/share/roundcubemail; index index.php;

charset utf-8;

location = /favicon.ico { log_not_found off; access_log off;

}

location = /robots.txt { allow all; log_not_found off; access_log off;

}

location ~ .php$ { fastcgi_pass php-fpm; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params;

}

location ~ /.ht { deny all; } }

and restart nginx:

/etc/init.d/nginx restart

Install Exim,Dovecot and other software:

yum install -y exim exim-mysql dovecot dovecot-mysql clamd clamav spamassassin

Downloading and extract Vexim
cd /usr/share/ wget http://silverwraith.com/vexim/vexim2.2.1.tar.gz tar zxvf vexim2.2.1.tar.gz

chown -R root:root vexim2/

Copy configs from Vexim to the directory with Exim

mv /etc/exim/exim.conf /etc/exim/exim.conf.bak cp /usr/share/vexim2/docs/configure /etc/exim/exim.conf

cp /usr/share/vexim2/docs/vexim-* /etc/exim/

Adding a Vexim user

useradd vexim -u 90 -d /usr/local/mail -s /sbin/nologin -m

Installing the database for Vexim

perl /usr/share/vexim2/setup/create_db.pl --act=newdb --dbtype=mysql --uid=93 –gid=93 --mailstore=/usr/local/mail

Edit file

/usr/share/vexim2/vexim/config/variables.php

and edit access to the database

$sqldb = "vexim"; имя БД $sqluser = "vexim"; login

$sqlpass = "PASSWORD"; password set early

Disable and remove Postfix, which is already on CentOS 6 by default.

alternatives --config mta chkconfig --level 123456 postfix off service postfix stop

yum remove postfix -y

Disable SELINUX:
echo 'SELNIUX=disabled' >> /etc/selinux/config

Adding services to autostart
chkconfig --level 35 clamav on chkconfig --level 35 spamassasin on chkconfig --level 35 exim on

chkconfig --level 35 dovecot on

Set permissions:

usermod -a -G exim clamav chmod -Rf g+w /var/spool/exim chmod -Rf g+s /var/spool/exim chown exim:exim -R /usr/local/mail

chown exim:exim -R /var/spool/exim

Editing paths in config Exim:

cd /etc/exim/ sed -i.bak -e ‘s//usr/local/etc//etc/g’ exim.conf

sed -i.bak -e ‘s/MAILMAN_USER=mailnull/MAILMAN_USER=exim/g’ -e ‘s/MAILMAN_GROUP=mail/MAILMAN_GROUP=exim/g’ exim.conf

We find a string in the config exim: MY_IP = CHANGE and our your IP

MY_IP = 46.38.63.5

Find: trusted_users = avleen:www

d change on apache . Remains:

trusted_users = apache
Change the user from which the exim will be launched, change the lines

exim_user = mailnull
exim_group = mail

on
exim_user = exim
exim_group = exim

We find a timed string responsible for connecting to the MySQL server, decompose it and put our password there:
hide mysql_servers = localhost::(/tmp/mysql.sock)/vexim/vexim/PASSWORD

Find the system _ aliases: section and change the lines in it

user = mailnull
group = mail on

user = exim
group = exim

And run:
service exim start

Setting up Dovecot:
Let’s bring the config /etc/dovecot/dovecot.conf to this type:

base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 93 listen = * login_greeting = Dovecot ready man. login_log_format_elements = user=< %u> method=%m rip=%r lip=%l %c mail_location = maildir:~/Maildir

log_path =/var/log/dovecot

# Log file to use for informational and debug messages. # Default is the same as log_path.

#info_log_path =

# Prefix for each line written to log file. % codes are in strftime(3) # format.

log_timestamp = “%b %d %H:%M:%S ”

passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocols = imap pop3 service auth { unix_listener auth-master { group = exim mode = 0660 user = exim } user = root } service imap-login { chroot = client_limit = 256 process_limit = 128 process_min_avail = 3 service_count = 1 vsz_limit = 64 M } service pop3-login { chroot = client_limit = 256 process_limit = 128 process_min_avail = 3 service_count = 1 vsz_limit = 64 M } ssl = no userdb { driver = passwd } userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_plugins = quota imap_quota } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv }

We configure the connection to MySQL in the file /etc/dovecot/dovecot-mysql.conf
driver = mysql connect = host=/var/lib/mysql/mysql.sock user=vexim password=PASSWORD dbname=vexim default_pass_scheme = MD5-CRYPT password_query = SELECT crypt as `password` FROM users,domains WHERE users.username = '%u' AND users.enabled = '1' AND users.type = 'local' and domains.enabled = '1' and domains.domain_id = users.domain_id

user_query = SELECT pop as home, uid, gid FROM users WHERE username = '%u'

And we run everything:

/etc/init.d/dovecot start /etc/init.d/clamav start

/etc/init.d/spamassassin start

Install roundcube

cd /usr/share wget http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.8.1/roundcubemail-0.8.1.tar.gz

tar zxvf roundcubemail-0.8.1.tar.gz

mv roundcubemail-0.8.1 roundcubemail chown -R apache:apache roundcubemail/

chmod -R 777 roundcubemail/temp/ roundcubemail/logs/

Create database

mysql -p Enter password: ( enter password for root MySQL )

Welcome to the MySQL monitor. Commands end with ; or g.

February 17, 2016 by Blog

FreeBSD. Setup a mail server based on Exim + Dovecot + SpamAssassin + Clamav with Vexim + RoundCube web UI | [email protected]

We put nginx
lifestar# cd /usr/ports/www/nginx
lifestar# make install clean

add to/etc/rc.conf:
nginx_enable="YES"

Put MySQL
lifestar# cd /usr/ports/databases/mysql51-server
lifestar# make install clean

add to/etc/rc.conf:
mysql_enable="YES"
Launch MySQL

lifestar# /usr/local/etc/rc.d/mysql-server start

Set the password for root in MySQL (in parentheses, the password itself)
lifestar# mysqladmin -u root password 'password'

Install PHP (note [*] FPM Build FPM version)
lifestar# cd /usr/ports/lang/php5
lifestar# make install clean

add to/etc/rc.conf:
php_fpm_enable="YES"

Let’s bring the file/usr/local/etc/php-fpm.conf to such a view:

[global] pid = run/php-fpm.pid error_log = /var/log/php-fpm.log events.mechanism = kqueue

include=/usr/local/etc/php-fpm.d/*.conf

We create a directory in which pool descriptions for PHP-FPM will lie (someone may be useful if there are more than one users for sites):

lifestar# mkdir -p/usr/local/etc/php-fpm.d/ and describe the pool
lifestar# ee /usr/local/etc/php-fpm.d/www.conf

[www] user = www group = www listen = /tmp/php-fpm.sock listen.backlog = -1 pm = dynamic pm.max_children = 2 pm.start_servers = 1 pm.min_spare_servers = 1 pm.max_spare_servers = 2 pm.max_requests = 500 php_admin_value[error_log] = /var/log/fpm-php.www.log

php_admin_value[memory_limit] = 128M

We run PHP-FPM:
lifestar# /usr/local/etc/php-fpm start

Put Vexim (note MySQL):
lifestar# cd /usr/ports/mail/vexim/
lifestar# make install clean

We install the module p5-DBD-mysql51
lifestar# cd /usr/ports/databases/p5-DBD-mysql51/
lifestar# make

lifestar# make install clean

Run the script:
perl /usr/local/share/vexim/create_db.pl --act=newdb --dbtype=mysql -uid=110 --gid=110 --mailstore=/usr/local/mail
lifestar# Please enter the username of the mysql superuser: root Please enter the password of the mysql superuser: Please enter the name of your NEW database: vexim -------------------------------------------------- Database: vexim will be created --------------------------------------------------

Is this correct? (Y = continue / anykey = exit ): Y

Please enter a password for the 'vexim' database user: Confirm password: Please enter a password for the 'siteadmin' user: Confirm password: The user 'siteadmin' has been added with the password

Database created successfully!

Create a directory with virtual hosts for nginx

lifestar# mkdir -p /usr/local/etc/nginx/vhosts

Let’s bring /usr/local/etc/nginx/nginx.conf to this form:

worker_processes 2;

events { use kqueue; worker_connections 2048;

}

http { include mime.types; default_type application/octet-stream; sendfile on; client_body_buffer_size 16K; client_header_buffer_size 1k; client_max_body_size 32M; large_client_header_buffers 2 1k; client_body_timeout 10; client_header_timeout 10; keepalive_timeout 5 5; send_timeout 10; reset_timedout_connection on; server_tokens off;

gzip on;

# Close calls to IP address server { listen 80 default_server; server_name _; return 444;

}

# PHP-FPM upstream php-fpm { server unix:/tmp/php-fpm.sock;

}

# We will include files with virtual hosts include /usr/local/etc/nginx/vhosts/*; }

Making a virtual host in nginx for Vexim

lifestar# ee /usr/local/etc/nginx/vhosts/exim.lifestar.cf

server { listen 80; server_name exim.lifestar.cf; access_log /var/log/nginx/exim-access.log; error_log /var/log/nginx/exim-error.log; root /usr/local/www/vexim; index index.php;

charset utf-8;

location ~ .php$ { fastcgi_pass php-fpm; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /usr/local/etc/nginx/fastcgi_params;

}

location ~ /.ht { deny all; } }

Editing the Vexim config
lifestar# ee /usr/local/www/vexim/config/variables.php "; and enter the data you entered earlier to connect to the database. Create a group and user exim:
lifestar# pw groupadd vexim -g 90
lifestar# pw useradd vexim -u 90 -g vexim -d /usr/local/mail -m -s /nonexistant

Install Exim (mark the SA-EXIM option for SpamAssasin) :
lifestar# cd /usr/ports/mail/exim && make install clean Add in /etc/rc.conf:


exim_enable="YES"

We copy and edit the configuration
lifestar# cd /usr/local/etc/exim/ lifestar# cp /usr/local/share/doc/vexim/docs/*.conf ./ lifestar# cp /usr/local/share/doc/vexim/docs/configure ./

lifestar# ee /usr/local/etc/exim/configure

We find the line:

MY _ IP = CHANGE describe your ip

MY_IP = 46.38.63.5/code> Find: trusted_users = avleen:www
and remove avleen. It remains:

trusted_users = www exim_user = mailnull exim_group = mail

never_users = root

We find a timed string responsible for connecting to the MySQL server, decompose it and put our password there:

hide mysql_servers = localhost::(/tmp/mysql.sock)/vexim/vexim/vexim

Let’s unwind:

AINS = SELECT DISTINCT domain FROM domains WHERE type = 'relay' AND domain = '${quote_mysql:$domain}' ALIAS_DOMAINS = SELECT DISTINCT alias FROM domainalias WHERE alias = '${quote_mysql:$domain}'timeout_frozen_after = 2d

log_selector = +subject

We change the path to the ClamAV antivirus: Find:

av_scanner = clamd:/var/run/clamav/clamd и меняем на av_scanner = clamd:/var/run/clamav/clamd.sock

Add to/etc/rc.conf
spamd _ enable = "YES" and run
exim# /usr/local/etc/rc.d/sa-spamd start

We put ClamAV:
lifestar# cd /usr/ports/security/clamav && make install clean Add to/etc/rc.conf:

clamav_freshclam_enable="YES"
clamav_clamd_enable="YES"

and launch
lifestar# /usr/local/etc/rc.d/clamav-clamd start Start updating ClamAV databases

lifestar# /usr/local/etc/rc.d/clamav-freshclam start

Add in /etc/rc.conf
exim_enable="YES"

Install Dovecot:
lifestar# cd /usr/ports/mail/dovecot && make install clean Settings are stored in a file /usr/local/etc/dovecot.conf

We bring the config to this type

base_dir = /var/run/dovecot/ protocols = imap pop3 imaps pop3s protocol imap { listen=*:143 } protocol pop3 { listen=*:110 } disable_plaintext_auth = no log_path =/var/log/dovecot log_timestamp = "%b %d %H:%M:%S " syslog_facility = mail ssl = no ssl_parameters_regenerate = 0 mail_location = maildir:~/Maildir mail_privileged_group = mail mail_debug = yes mail_log_prefix = "%Us(%u): " dotlock_use_excl = yes verbose_proctitle = yes first_valid_uid = 90 first_valid_gid = 90 maildir_copy_with_hardlinks = yes protocol imap { mail_executable = /usr/local/libexec/dovecot/imap imap_client_workarounds = delay-newmail netscape-eoh tb-extra-mailbox-sep

}

protocol pop3 { mail_executable = /usr/local/libexec/dovecot/pop3 pop3_uidl_format = %08Xu%08Xv pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda {

postmaster_address = [email protected]

sendmail_path = /usr/sbin/sendmail } auth_username_format = %Lu auth_verbose = yes auth_debug = yes auth default { ssl_require_client_cert=no ssl_username_from_cert=no mechanisms = plain login passdb pam { args = session=yes dovecot } passdb sql { args = /usr/local/etc/dovecot-sql.conf } userdb passwd { args = blocking=yes } userdb sql { args = /usr/local/etc/dovecot-sql.conf } user = root socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 } client { path = /var/run/dovecot/auth-client mode = 0660 } } } dict { } plugin {

}

We configure the connection to MySQL in the file dovecot-sql.conf

lifestar# ee /usr/local/etc/dovecot-sql.conf

driver = mysql connect = host=/tmp/mysql.sock user=vexim password=PASSWORD dbname=vexim default_pass_scheme = MD5-CRYPT password_query = SELECT crypt as `password` FROM users,domains WHERE users.username = '%u' AND users.enabled = '1' AND users.type = 'local' and domains.enabled = '1' and domains.domain_id = users.domain_id

user_query = SELECT pop as home, uid, gid FROM users WHERE username = '%u'

Add an entry to/etc/rc.conf:
dovecot_enable="YES"
Launch Dovecot:

lifestar# /usr/local/etc/rc.d/dovecot start

Put RoundCube (select MySQL):

lifestar# cd /usr/ports/mail/roundcube/
lifestar# make install clean

And then the commands in order:

lifestar#cd /usr/local/www/roundcube
lifestar# chmod 777 logs/

lifestar# chmod 777 temp/

Create database

lifestar# mysql -p Enter password: Welcome to the MySQL monitor. Commands end with ; or g. mysql> CREATE DATABASE roundcubemail DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;

Query OK, 1 row affected (0.01 sec)

mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY ‘password’;
Query OK, 0 rows affected (0.00 sec)

mysql> quit
Bye

lifestar# cd /usr/local/www/roundcube/
lifestar# mysql -p roundcubemail < SQL/mysql.initial.sql

lifestar# cp config/db.inc.php.dist config/db.inc.php
lifestar# ee config/db.inc.php Edit the configuration file/usr/local/www/roundcube/config/db.inc.php, which is responsible for connecting to the database:
$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';

Edit the main.inc.php file containing the basic settings:
lifestar# ee config/main.inc.php

$rcmail_config[‘default_host’] = ‘localhost’; #Host with mail server
$rcmail_config[‘username_domain’] = ‘ mydomain.ru’; #Domain automatically added to username $rcmail_config[‘mail_domain’] = ‘mydomain.ru’; #Mail domain
$rcmail_config[‘default_port’] = 143; #Port IMAP
$rcmail_config[‘imap_auth_type’] = null; #Authorization type IMAP
$rcmail_config[‘smtp_server’] = ‘localhost’; #SMTP server
$rcmail_config[‘smtp_user’] = ‘%u’; $rcmail_config[‘smtp_pass’] = ‘%p’; $rcmail_config[‘smtp_auth_type’] = ‘CRAM-MD5’; #Authorization type SMTP
$rcmail_config[‘create_default_folders’] = TRUE; #By first login making default mail folders (Inbox, Outbox, Trash etc)
$rcmail_config[‘language’] = en_EN; #Localization

And add a virtual host to nginx for Roundcube

lifestar# ee /usr/local/etc/nginx/vhosts/mail.lifestar.cf

server { listen 80; server_name mail.lifestar.cf; access_log /var/log/nginx/mail-access.log; error_log /var/log/nginx/mail-error.log; root /usr/local/www/roundcube; index index.php;

charset utf-8;

location ~ .php$ { fastcgi_pass php-fpm; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /usr/local/etc/nginx/fastcgi_params;

}

location ~ /.ht { deny all; } }

Restart PHP-FPM and NGINX
lifestar# /usr/local/etc/rc.d/nginx restart && usr/local/etc/rc.d/php-fpm restart

Roundcube is now available at http://mail.lifestar.cf and Vexim by http://exim.lifestar.cf

We go to the address http://exim.lifestar.cf We log in under siteadmin and the password that we set earlier

Click Add local domain

We spell out the domain, the administrator name (by default postmaster, you can change to any, the postmaster @ domain box will also be created, and let’s create, for example, admin) write out the password (for example pass) repeat the password

note antispam and antivirus (optional) and press Submit

We have a mail account admin@domain with a password pass

To create another mailbox for the created domain, let’s log in under the login of the domain administrator, in our case – admin

Жмем Add, delete and manage POP/IMAP accounts
Then Add User Write the name (any, it’s just for displaying in the list of users) login (for example user) twice password (for example userpass) Has domain admin privileges? – note, we want to make the user also domain admin And press Submit.

We have a user@domain email account with a userpass password

Now you can go to the roundcube using the http://mail.lifestar.cf link under the user@domain login and userpass password

November 10, 2015 by Blog