tag:blogger.com,1999:blog-15283349884659982272024-02-08T11:28:12.329-08:00everything about networkhow computer gadget workhttp://www.blogger.com/profile/09956983139997755746noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-1528334988465998227.post-87177435656946678702009-06-16T20:24:00.000-07:002009-06-16T20:27:29.680-07:00OSI Seven Layer<div style="text-align: justify;">Virtually all networks in use today are based in some fashion on the Open Systems Interconnection (OSI) standard. OSI was developed in 1984 by the International Organization for Standardization (ISO), a global federation of national standards organizations representing approximately 130 countries.<br /><br />The core of this standard is the OSI Reference Model, a set of seven layers that define the different stages that data must go through to travel from one device to another over a network. In this article, you'll find out all about the OSI standard.<br /><br />The Layers<br /><br />Think of the seven layers as the assembly line in the computer. At each layer, certain things happen to the data that prepare it for the next layer. The seven layers, which separate into two sets, are:<br /><br /> * Application Set<br /><br /> o Layer 7: Application - This is the layer that actually interacts with the operating system or application whenever the user chooses to transfer files, read messages or perform other network-related activities.<br /><br /> o Layer 6: Presentation - Layer 6 takes the data provided by the Application layer and converts it into a standard format that the other layers can understand.<br /><br /> o Layer 5: Session - Layer 5 establishes, maintains and ends communication with the receiving device.<br /><br /> * Transport Set<br /><br /> o Layer 4: Transport - This layer maintains flow control of data and provides for error checking and recovery of data between the devices. Flow control means that the Transport layer looks to see if data is coming from more than one application and integrates each application's data into a single stream for the physical network.<br /><br /> o Layer 3: Network - The way that the data will be sent to the recipient device is determined in this layer. Logical protocols, routing and addressing are handled here.<br /><br /> o Layer 2: Data - In this layer, the appropriate physical protocol is assigned to the data. Also, the type of network and the packet sequencing is defined.<br /><br /> o Layer 1: Physical - This is the level of the actual hardware. It defines the physical characteristics of the network such as connections, voltage levels and timing.<br /><br />Protocol Stacks<br />A protocol stack is a group of protocols that all work together to allow software or hardware to perform a function. The TCP/IP protocol stack is a good example. It uses four layers that map to the OSI model as follows:<br /><br /> * Layer 1: Network Interface - This layer combines the Physical and Data layers and routes the data between devices on the same network. It also manages the exchange of data between the network and other devices.<br /><br /> * Layer 2: Internet - This layer corresponds to the Network layer. The Internet Protocol (IP) uses the IP address, consisting of a Network Identifier and a Host Identifier, to determine the address of the device it is communicating with.<br /><br /> * Layer 3: Transport - Corresponding to the OSI Transport layer, this is the part of the protocol stack where the Transport Control Protocol (TCP) can be found. TCP works by asking another device on the network if it is willing to accept information from the local device.<br /><br /> * Layer 4: Application - Layer 4 combines the Session, Presentation and Application layers of the OSI model. Protocols for specific functions such as e-mail (Simple Mail Transfer Protocol, SMTP) and file transfer (File Transfer Protocol, FTP) reside at this level.<br /><br />As you can see, it is not necessary to develop a separate layer for each and every function outlined in the OSI Reference Model. But developers are able to ensure that a certain level of compatibility is maintained by following the general guidelines provided by the model.<br /><br /></div>how computer gadget workhttp://www.blogger.com/profile/09956983139997755746noreply@blogger.com12tag:blogger.com,1999:blog-1528334988465998227.post-69646862422989529662009-06-11T19:42:00.000-07:002009-06-11T19:47:04.883-07:00Introduction to How Domain Name Servers WorkIf you spend any time on the Internet sending e-mail or browsing the Web, then you use domain name servers without even realizing it. Domain name servers, or DNS, are an incredibly important but completely hidden part of the Internet, and they are fascinating. The DNS system forms one of the largest and most active distributed databases on the planet. Without DNS, the Internet would shut down very quickly.<br /><br />When you use the Web or send an e-mail message, you use a domain name to do it. For example, the URL "http://www.howstuffworks.com" contains the domain name howstuffworks.com. So does the e-mail address "iknow@howstuffworks.com."<br /><br />Human-readable names like "howstuffworks.com" are easy for people to remember, but they don't do machines any good. All of the machines use names called IP addresses to refer to one another. For example, the machine that humans refer to as "www.howstuffworks.com" has the IP address 70.42.251.42. Every time you use a domain name, you use the Internet's domain name servers (DNS) to translate the human-readable domain name into the machine-readable IP address. During a day of browsing and e-mailing, you might access the domain name servers hundreds of times!<br /><br />In this article, we'll take a look at the DNS system so you can understand how it works and appreciate its amazing capabilities.<br /><br />DNS Servers and IP Addresses<br /><br />Domain name servers translate domain names to IP addresses. That sounds like a simple task, and it would be -- except for five things:<br /><br /> * There are billions of IP addresses currently in use, and most machines have a human-readable name as well.<br /> * There are many billions of DNS requests made every day. A single person can easily make a hundred or more DNS requests a day, and there are hundreds of millions of people and machines using the Internet daily.<br /> * Domain names and IP addresses change daily.<br /> * New domain names get created daily.<br /> * Millions of people do the work to change and add domain names and IP addresses every day.<br /><br />The DNS system is a database, and no other database on the planet gets this many requests. No other database on the planet has millions of people changing it every day, either. That is what makes the DNS system so unique.<br /><br />IP Addresses<br />To keep all of the machines on the Internet straight, each machine is assigned a unique address called an IP address. IP stands for Internet protocol, and these addresses are 32-bit numbers normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this:<br /><br /> 70.42.251.42<br /><br />The four numbers in an IP address are called octets because they can have values between 0 and 255 (28 possibilities per octet).<br /><br />Every machine on the Internet has its own IP address. A server has a static IP address that does not change very often. A home machine that is dialing up through a modem often has an IP address that is assigned by the ISP when you dial in. That IP address is unique for your session and may be different the next time you dial in. In this way, an ISP only needs one IP address for each modem it supports, rather than for every customer.<br /><br />If you are working on a Windows machine, you can view your current IP address with the command WINIPCFG.EXE (IPCONFIG.EXE for Windows 2000/XP). On a UNIX machine, type nslookup along with a machine name (such as "nslookup www.howstuffworks.com") to display the IP address of the machine (use the command hostname to learn the name of your machine).<br /><br />For more information on IP addresses, see IANA.<br /><br />As far as the Internet's machines are concerned, an IP address is all that you need to talk to a server. For example, you can type in your browser the URL http://70.42.251.42 and you will arrive at the machine that contains the Web server for HowStuffWorks. Domain names are strictly a human convenience.<br /><br />Domain Names<br /><br />If we had to remember the IP addresses of all of the Web sites we visit every day, we would all go nuts. Human beings just are not that good at remembering strings of numbers. We are good at remembering words, however, and that is where domain names come in. You probably have hundreds of domain names stored in your head. For example:<br /><br /> * www.howstuffworks.com - a typical name<br /> * www.yahoo.com - the world's best-known name<br /> * www.mit.edu - a popular EDU name<br /> * encarta.msn.com - a Web server that does not start with www<br /> * www.bbc.co.uk - a name using four parts rather than three<br /> * ftp.microsoft.com - an FTP server rather than a Web server<br /><br />The COM, EDU and UK portions of these domain names are called the top-level domain or first-level domain. There are several hundred top-level domain names, including COM, EDU, GOV, MIL, NET, ORG and INT, as well as unique two-letter combinations for every country.<br /><br />Within every top-level domain there is a huge list of second-level domains. For example, in the COM first-level domain, you've got:<br /><br /> * howstuffworks<br /> * yahoo<br /> * msn<br /> * microsoft<br /> * plus millions of others...<br /><br />Every name in the COM top-level domain must be unique, but there can be duplication across domains. For example, howstuffworks.com and howstuffworks.org are completely different machines.<br /><br />In the case of bbc.co.uk, it is a third-level domain. Up to 127 levels are possible, although more than four is rare.<br /><br />The left-most word, such as www or encarta, is the host name. It specifies the name of a specific machine (with a specific IP address) in a domain. A given domain can potentially contain millions of host names as long as they are all unique within that domain.<br /><br />Because all of the names in a given domain need to be unique, there has to be a single entity that controls the list and makes sure no duplicates arise. For example, the COM domain cannot contain any duplicate names, and a company called Network Solutions is in charge of maintaining this list. When you register a domain name, it goes through one of several dozen registrars who work with Network Solutions to add names to the list. Network Solutions, in turn, keeps a central database known as the whois database that contains information about the owner and name servers for each domain. If you go to the whois form, you can find information about any domain currently in existence.<br /><br />While it is important to have a central authority keeping track of the database of names in the COM (and other) top-level domain, you would not want to centralize the database of all of the information in the COM domain. For example, Microsoft has hundreds of thousands of IP addresses and host names. Microsoft wants to maintain its own domain name server for the microsoft.com domain. Similarly, Great Britain probably wants to administrate the uk top-level domain, and Australia probably wants to administrate the au domain, and so on. For this reason, the DNS system is a distributed database. Microsoft is completely responsible for dealing with the name server for microsoft.com -- it maintains the machines that implement its part of the DNS system, and Microsoft can change the database for its domain whenever it wants to because it owns its domain name servers.<br /><br />Every domain has a domain name server somewhere that handles its requests, and there is a person maintaining the records in that DNS. This is one of the most amazing parts of the DNS system -- it is completely distributed throughout the world on millions of machines administered by millions of people, yet it behaves like a single, integrated database!<br /><br />The Distributed System<br />Name servers do two things all day long:<br /><br /> * They accept requests from programs to convert domain names into IP addresses.<br /> * They accept requests from other name servers to convert domain names into IP addresses.<br /><br />When a request comes in, the name server can do one of four things with it:<br /><br /> * It can answer the request with an IP address because it already knows the IP address for the domain.<br /> * It can contact another name server and try to find the IP address for the name requested. It may have to do this multiple times.<br /> * It can say, "I don't know the IP address for the domain you requested, but here's the IP address for a name server that knows more than I do."<br /> * It can return an error message because the requested domain name is invalid or does not exist.<br /><br />When you type a URL into your browser, the browser's first step is to convert the domain name and host name into an IP address so that the browser can go request a Web page from the machine at that IP address (see How Web Servers Work for details on the whole process). To do this conversion, the browser has a conversation with a name server.<br /><br />When you set up your machine on the Internet, you (or the software that you installed to connect to your ISP) had to tell your machine what name server it should use for converting domain names to IP addresses. On some systems, the DNS is dynamically fed to the machine when you connect to the ISP, and on other machines it is hard-wired. If you are working on a Windows 95/98/ME machine, you can view your current name server with the command WINIPCFG.EXE (IPCONFIG for Windows 2000/XP). On a UNIX machine, type nslookup along with your machine name. Any program on your machine that needs to talk to a name server to resolve a domain name knows what name server to talk to because it can get the IP address of your machine's name server from the operating system.<br /><br />The browser therefore contacts its name server and says, "I need for you to convert a domain name to an IP address for me." For example, if you type "www.howstuffworks.com" into your browser, the browser needs to convert that URL into an IP address. The browser will hand "www.howstuffworks.com" to its default name server and ask it to convert it.<br /><br />The name server may already know the IP address for www.howstuffworks.com. That would be the case if another request to resolve www.howstuffworks.com came in recently (name servers cache IP addresses to speed things up). In that case, the name server can return the IP address immediately. Let's assume, however, that the name server has to start from scratch.<br /><br />A name server would start its search for an IP address by contacting one of the root name servers. The root servers know the IP address for all of the name servers that handle the top-level domains. Your name server would ask the root for www.howstuffworks.com, and the root would say (assuming no caching), "I don't know the IP address for www.howstuffworks.com, but here's the IP address for the COM name server." Obviously, these root servers are vital to this whole process, so:<br /><br /> * There are many of them scattered all over the planet.<br /> * Every name server has a list of all of the known root servers. It contacts the first root server in the list, and if that doesn't work it contacts the next one in the list, and so on.<br /><br />Here is a typical list of root servers held by a typical name server:<br /><br />; This file holds the information on root name servers<br />; needed to initialize cache of Internet domain name<br />; servers (e.g. reference this file in the<br />; "cache . " configuration file of BIND domain<br />: name servers).<br />;<br />; This file is made available by InterNIC registration<br />; services under anonymous FTP as<br />; file /domain/named.root<br />; on server FTP.RS.INTERNIC.NET<br />; -OR- under Gopher at RS.INTERNIC.NET<br />; under menu InterNIC Registration Services (NSI)<br />; submenu InterNIC Registration Archives<br />; file named.root<br />;<br />; last update: Aug 22, 1997<br />; related version of root zone: 1997082200<br />;<br />;<br />; formerly NS.INTERNIC.NET<br />;<br />. 3600000 IN NS A.ROOT-SERVERS.NET.<br />A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4<br />;<br />; formerly NS1.ISI.EDU<br />;<br />. 3600000 NS B.ROOT-SERVERS.NET.<br />B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107<br />;<br />; formerly C.PSI.NET<br />;<br />. 3600000 NS C.ROOT-SERVERS.NET.<br />C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12<br />;<br />; formerly TERP.UMD.EDU<br />;<br />. 3600000 NS D.ROOT-SERVERS.NET.<br />D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90<br />;<br />; formerly NS.NASA.GOV<br />;<br />. 3600000 NS E.ROOT-SERVERS.NET.<br />E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10<br />;<br />; formerly NS.ISC.ORG<br />;<br />. 3600000 NS F.ROOT-SERVERS.NET.<br />F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241<br />;<br />; formerly NS.NIC.DDN.MIL<br />;<br />. 3600000 NS G.ROOT-SERVERS.NET.<br />G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4<br />;<br />; formerly AOS.ARL.ARMY.MIL<br />;<br />. 3600000 NS H.ROOT-SERVERS.NET.<br />H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53<br />;<br />; formerly NIC.NORDU.NET<br />;<br />. 3600000 NS I.ROOT-SERVERS.NET.<br />I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17<br />;<br />; temporarily housed at NSI (InterNIC)<br />;<br />. 3600000 NS J.ROOT-SERVERS.NET.<br />J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10<br />;<br />; housed in LINX, operated by RIPE NCC<br />;<br />. 3600000 NS K.ROOT-SERVERS.NET.<br />K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129<br />;<br />; temporarily housed at ISI (IANA)<br />;<br />. 3600000 NS L.ROOT-SERVERS.NET.<br />L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12<br />;<br />; housed in Japan, operated by WIDE<br />;<br />. 3600000 NS M.ROOT-SERVERS.NET.<br />M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33<br />; End of File<br /><br />The formatting is a little odd, but basically it shows you that the list contains the actual IP addresses of 13 different root servers.<br /><br />The root server knows the IP addresses of the name servers handling the several hundred top-level domains. It returns to your name server the IP address for a name server for the COM domain. Your name server then sends a query to the COM name server asking it if it knows the IP address for www.howstuffworks.com. The name server for the COM domain knows the IP addresses for the name servers handling the HOWSTUFFWORKS.COM domain, so it returns those. Your name server then contacts the name server for HOWSTUFFWORKS.COM and asks if it knows the IP address for www.howstuffworks.com. It does, so it returns the IP address to your name server, which returns it to the browser, which can then contact the server for www.howstuffworks.com to get a Web page.<br /><br />One of the keys to making this work is redundancy. There are multiple name servers at every level, so if one fails, there are others to handle the requests. There are, for example, three different machines running name servers for HOWSTUFFWORKS.COM requests. All three would have to fail for there to be a problem.<br /><br />The other key is caching. Once a name server resolves a request, it caches all of the IP addresses it receives. Once it has made a request to a root server for any COM domain, it knows the IP address for a name server handling the COM domain, so it doesn't have to bug the root servers again for that information. Name servers can do this for every request, and this caching helps to keep things from bogging down.<br /><br />Name servers do not cache forever, though. The caching has a component, called the Time To Live (TTL), that controls how long a server will cache a piece of information. When the server receives an IP address, it receives the TTL with it. The name server will cache the IP address for that period of time (ranging from minutes to days) and then discard it. The TTL allows changes in name servers to propagate. Not all name servers respect the TTL they receive, however. When HowStuffWorks moved its machines over to new servers, it took three weeks for the transition to propagate throughout the Web. We put a little tag that said "new server" in the upper left corner of the home page so people could tell whether they were seeing the new or the old server during the transition.<br /><br />Creating a New Domain Name<br />When someone wants to create a new domain, he or she has to do two things:<br /><br /> * Find a name server for the domain name to live on.<br /> * Register the domain name.<br /><br />Technically, there does not need to be a machine in the domain -- there just needs to be a name server that can handle the requests for the domain name.<br /><br />There are two ways to get a name server for a domain:<br /><br /> * You can create and administer it yourself.<br /> * You can pay an ISP or hosting company to handle it for you.<br /><br />Most larger companies have their own domain name servers. Most smaller companies pay someone.<br /><br />The history of HowStuffWorks is typical. When howstuffworks.com was first created, it began as a parked domain. This domain lived with a company called www.webhosting.com. Webhosting.com maintained the name server and also maintained a machine that created the single "under construction" page for the domain.<br /><br />To create a domain, you fill out a form with a company that does domain name registration (examples: register.com, verio.com, networksolutions.com). They create an "under construction page," create an entry in their name server, and submit the form's data into the whois database. Twice a day, the COM, ORG, NET, etc. name servers get updates with the newest IP address information. At that point, a domain exists and people can go see the "under construction" page.<br /><br />HowStuffWorks then started publishing content under the domain www.howstuffworks.com. We set up a hosting account with Tabnet (now part of Verio, Inc.), and Tabnet ran the DNS for HowStuffWorks as well as the machine that hosted the HowStuffWorks Web pages. This type of machine is called a virtual Web hosting machine and is capable of hosting multiple domains simultaneously. Five-hundred or so different domains all shared the same processor.<br /><br />As HowStuffWorks became more popular, it outgrew the virtual hosting machine and needed its own server. At that point, we started maintaining our own machines dedicated to HowStuffWorks, and began administering our own DNS. We currently have four servers:<br /><br /> * AUTH-NS1.HOWSTUFFWORKS.COM 70.42.150.19<br /> * AUTH-NS2.HOWSTUFFWORKS.COM 70.42.150.20<br /> * AUTH-NS3.HOWSTUFFWORKS.COM 70.42.251.19<br /> * AUTH-NS4.HOWSTUFFWORKS.COM 70.42.251.20<br /><br />Our primary DNS is auth-ns1.howstuffworks.com. Any changes we make to it propagate automatically to the secondary, which is also maintained by our ISP.<br /><br />All of these machines run name server software called BIND. BIND knows about all of the machines in our domain through a text file on the main server that looks like this:<br /><br /> @ NS auth-ns1.howstuffworks.com.<br /> @ NS auth-ns2.howstuffworks.com.<br /> @ MX 10 mail<br /><br /> mail A 209.170.137.42<br /><br /> vip1 A 216.183.103.150<br /> www CNAME vip1<br /><br />Decoding this file from the top, you can see that:<br /><br /> * The first two lines point to the primary and secondary name servers.<br /><br /> * The next line is called the MX record. When you send e-mail to anyone at howstuffworks.com, the piece of software sending the e-mail contacts the name server to get the MX record so it knows where the SMTP server for HowStuffWorks is (see How E-mail Works for details). Many larger systems have multiple machines handling incoming e-mail, and therefore multiple MX records.<br /><br /> * The next line points to the machine that will handle a request to mail.howstuffworks.com.<br /><br /> * The next line points to the IP address that will handle a request to oak.howstuffworks.com.<br /><br /> * The next line points to the IP address that will handle a request to howstuffworks.com (no host name).<br /><br />You can see from this file that there are several physical machines at separate IP addresses that make up the HowStuffWorks server infrastructure. There are aliases for hosts like mail and www. There can be aliases for anything. For example, there could be an entry in this file for scoobydoo.howstuffworks.com, and it could point to the physical machine called walnut. There could be an alias for yahoo.howstuffworks.com, and it could point to yahoo. There really is no limit to it. We could also create multiple name servers and segment our domain.<br /><br />As you can see from this description, DNS is a rather amazing distributed database. It handles billions of requests for billions of names every day through a network of millions of name servers administered by millions of people. Every time you send an e-mail message or view a URL, you are making requests to multiple name servers scattered all over the globe. What's amazing is that the process is usually completely invisible and extremely reliable!how computer gadget workhttp://www.blogger.com/profile/09956983139997755746noreply@blogger.com4tag:blogger.com,1999:blog-1528334988465998227.post-30834346851302740972009-05-13T07:47:00.000-07:002009-05-13T07:51:52.783-07:00Build mail server with strenght spam assassin rulesOS: CENTOS 5, CENTOS 5.1<br />ARCH: i386 [Notes for 64 bit will be added soon]<br /><br />Objective of this document:<br />Few years ago, I was looking for a better alternative to sendmail. I came accross qmail. While looking for a guide, I stumbled upon qmailrocks.org guide. I simply loved the way it was arranged and how easy it was to follow. By the time of this writing I have setup countless mail servers on qmail using this (QMR) guide. However, for past couple of years, I am seeing that it is not being updated any more. The software provided by the qmailrocks.tar.gz package are now outdated. Newer software have few changes in their configuration. So I decided to follow the original QMR guide, but tried to use the latest software in each step from the original websites, respectively. And eventually I ended up with this howto. I hope it would be helpful to the qmail lovers all over the world.<br /><br />Qmail Rocks Home page: http://www.qmailrocks.org . Most of this document is based on original QMR guide.<br /><br /><br />Here is what I have added in the original QMR guide:<br />- Installation of Perl Modules<br />- Antispam tools (Razor, DCC, RBL SMTPD , Grey listing)<br />- Qmail Mail MRTG graphs for SPAM and Viruses<br /><br />Here is what I have removed from the QMR guide:<br />- qmail analog / reporting tools (in the last steps of original QMR guide), because they are no longer compatible with the latest version of qmailscanner.<br /><br /><br /><br />Scenario:<br /><br />The following howto / tutorial was created using a live deployment, still in production!<br />However, the IPs, hostnames and passwords are changed to protect privacy.<br /><br />Hostname: www.example.com<br />IP: 192.168.0.200<br /><br />Note on installation software directories:<br />Whatever is unzipped / untarred from the QMR package, will be in /downloads/qmailrocks directory.<br /><br />Whatever new software I will download/use, will be placed in /downloads/qmailnew directory.<br /><br />Step: Upgrade OS:<br /><br />First of all it is absolutely necessary for you to upgrade your OS upto the latest version.<br /><br /><br />[root@www ~]# yum upgrade<br />Loading "installonlyn" plugin<br /><br />Dependencies Resolved<br /><br />=============================================================================<br />Package Arch Version Repository Size<br />=============================================================================<br />Installing:<br />kernel i686 2.6.18-53.1.14.el5 updates 13 M<br />Updating:<br />kernel-headers i386 2.6.18-53.1.14.el5 updates 786 k<br /><br />Transaction Summary<br />=============================================================================<br />Install 1 Package(s)<br />Update 1 Package(s)<br />Remove 0 Package(s)<br /><br /><br />Total download size: 14 M<br />Is this ok [y/N]: y<br />Downloading Packages:<br />(1/2): kernel-headers-2.6.18-53.1.14.el5.i386.rpm 786 kB 00:01<br />(2/2): kernel-2.6.18-53.1.14.el5.i686.rpm 13 MB 00:33<br />Running Transaction Test<br />Finished Transaction Test<br />Transaction Test Succeeded<br />Running Transaction<br />Installing: kernel ######################### [1/3]<br />Updating : kernel-headers ######################### [2/3]<br />Cleanup : kernel-headers ######################### [3/3]<br /><br />Installed: kernel.i686 0:2.6.18-53.1.14.el5<br />Updated: kernel-headers.i386 0:2.6.18-53.1.14.el5<br />Complete!<br /><br /><br /><br />After upgrading the kernel, it is better, to re-install grub / boot loader. I have experienced a few times that once the system is rebooted after a kernel upgrade, it doesn't come online. But this is a rare case. Still, there is no harm in re-installing grub to be on the safe side.<br /><br /><br />[root@www ~]# grub-install /dev/hda<br />Installation finished. No error reported.<br />This is the contents of the device map /boot/grub/device.map.<br />Check if this is correct or not. If any of the lines is incorrect,<br />fix it and re-run the script `grub-install'.<br /><br /># this device map was generated by anaconda<br />(hd0) /dev/hda<br /><br /><br />Then do a "sync" and "reboot" the system.<br /><br />[root@www ~]# sync<br /><br />[root@www ~]# reboot<br /><br />Step: SSH key based authentication<br />-----------------------------------<br /><br />This is not directly related to qmail, but I always set this up, whenever I am setting up a new server. This SSH key based authentication, "greatly" enhances the security of the server.<br /><br />I already have my keys generated on my home, which are being used on many servers. So I just need to copy my id_dsa.pub to the home directory of user kamran on the new server.<br /><br />On my home computer:-<br /><br />### WARNING: Use the following to generate keys ONLY if you don't have keys already. Make SURE to backup your current id_dsa and id_dsa.pub files before doing it.:-<br /><br />#### ~]$ ssh-keygen -t dsa # generate keys ONLY if you don't have keys already. Make SURE to backup your current id_dsa and id_dsa.pub files before doing it.<br /><br />~]$ scp .ssh/id_dsa.pub kamran@192.168.0.200This e-mail address is being protected from spambots, you need JavaScript enabled to view it :/home/kamran/<br /><br /><br />On my new qmail server:-<br /><br />Log on as user kamran. And then:<br /><br />~]$ ssh localhost # just a lazy way to create .ssh directories in /home/kamran ! # not needed if already exists.<br /><br />I have this pub key arrived from my home computer on this server in /home/kamran. Copy it to the /home/kamran/.ssh/authorized_keys file.<br /><br />~]$ cat id_dsa.pub >> .ssh/authorized_keys<br /><br />~]$ chmod 600 .ssh/authorized_keys # Important. Otherwise SSH server will not let you use this file.<br /><br />~]$ rm id_dsa.pub<br /><br /><br /><br />Next, Login as root and setup SSH server to allow ONLY key based authentication. Tighten it a bit too. Disable RootLogin, and Password authentication.<br /><br />vi /etc/ssh/sshd_config<br /><br />Protocol 2<br />SyslogFacility AUTHPRIV<br />LoginGraceTime 2m<br />PermitRootLogin no<br />StrictModes yes<br />MaxAuthTries 6<br /><br />PubkeyAuthentication yes<br />AuthorizedKeysFile .ssh/authorized_keys<br /><br />PasswordAuthentication no<br />ChallengeResponseAuthentication no<br /><br />GSSAPIAuthentication yes<br />GSSAPICleanupCredentials yes<br /><br />PermitRootLogin no<br />UsePAM yes<br /><br />AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES<br />AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT<br />AcceptEnv LC_IDENTIFICATION LC_ALL<br />X11Forwarding no<br />MaxStartups 5<br /><br />Subsystem sftp /usr/libexec/openssh/sftp-server<br /><br /><br />Restart sshd service:-<br /><br />service sshd restart<br /><br /><br />Step: Setup / verify name resolution and IP , etc:<br />---------------------------------------------------<br /><br />cat /etc/hosts<br /><br />127.0.0.1 localhost.localdomain localhost<br />::1 localhost6.localdomain6 localhost6<br />192.168.0.200 www.example.com www<br /><br /><br /><br /><br />cat /etc/resolv.conf<br /><br />domain example.com<br />nameserver 72.51.32.92<br />nameserver 72.51.32.76<br />options rotate<br /><br /><br />cat /etc/sysconfig/network<br /><br />NETWORKING=yes<br />HOSTNAME=www.example.com<br />DOMAIN=example.com<br />GATEWAYDEV=eth0<br /><br /><br />cat /etc/sysconfig/network-scripts/ifcfg-eth0<br />#/etc/sysconfig/network-scripts/ifcfg-eth0<br />DEVICE=eth0<br />ONBOOT=yes<br />BOOTPROTO=static<br />IPADDR=192.168.0.200<br />NETMASK=255.255.255.0<br /><br /><br /><br />Step: Install Software Prerequisites:<br />--------------------------------------<br /><br />1. httpd, httpd-devel, apr<br />2. php, php-imap, php-mysql, php-gd, php-pear, php-zlib, php-mbstring, php-xml,<br />3. perl, perl-libwww-perl, perl-Digest-SHA1, perl-Digest-HMAC, perl-Net-DNS, perl-HTML-Tagset, perl-HTML-Parser<br />perl-Time-HiRes, perl-TimeDate, perl-suidperl, perl-DateManip<br />4. gcc, gcc-c++, libtool-ltdl, libtool-ltdl-devel<br />5. mysql-server, mysql-devel, postgresql-devel<br />6. openssl, openssl-devel, openldap-servers<br />7. wget<br />8. patch, patchutils<br />9. pcre-devel<br />10. gdbm-devel<br />11. db4, db4-devel<br />12. fam fam-devel gamin-devel<br />13. net-snmp + net-snmp-utils + net-snmp-libs<br />14. mrtg<br />15. spamassassin, expect, zlib-devel<br /><br /><br />yum -y install net-snmp net-snmp-utils net-snmp-libs mrtg \<br />httpd httpd-devel php php-imap php-mysql php-gd php-pear php-zlib php-mbstring php-xml \<br />gcc gcc-c++ gdbm-devel pcre-devel libtool-ltdl libtool-ltdl-devel \<br />mysql-server mysql-devel db4 db4-devel postgresql-devel \<br />openssl openssl-devel openldap-servers \<br />perl perl-libwww-perl perl-Digest-SHA1 perl-Digest-HMAC perl-Net-DNS perl-HTML-Tagset perl-HTML-Parser perl-Time-HiRes perl-TimeDate perl-suidperl perl-DateManip \<br />spamassassin expect zlib-devel \<br />fam fam-devel gamin-devel patch patchutils<br /><br /><br /><br />Step: Install necessary perl modules:<br />-------------------------------------<br /><br />You can run the following script from the QMR package to check existance / list of installed perl modules.<br /><br />/downloads/qmailrocks/scripts/util/check_perlmods.script<br /><br /><br />The technique used in this script is:-<br /><br />perldoc -l Time::HiRes<br /><br /><br />You can also use the following technique:-<br /><br />First, are you sure that the module isn’t already on your system? Try:-<br /><br />perl -MTime::HiRes -e 1<br /><br /><br /><br /><br />perl -MCPAN -e "install Bundle::CPAN"<br />perl -MCPAN -e "reload"<br /><br />perl -MCPAN -e "install Digest::SHA1"<br />perl -MCPAN -e "install Digest::HMAC"<br />perl -MCPAN -e "install HTML::Tagset"<br />perl -MCPAN -e "install HTML::Parser"<br />perl -MCPAN -e "install Parse::Syslog"<br />perl -MCPAN -e "install Statistics::Distributions"<br />perl -MCPAN -e "install ClamAV::Client"<br />perl -MCPAN -e "install Mail::SpamAssassin"<br />perl -MCPAN -e "install Mail::SPF::Query"<br />perl -MCPAN -e "install IP::Country::Fast"<br />perl -MCPAN -e "install MIME::Base64"<br />perl -MCPAN -e "install Getopt::Long"<br />perl -MCPAN -e "install URI::Escape"<br />perl -MCPAN -e "install Mail::SPF"<br /><br />perl -MCPAN -e "install IO::Zlib"<br />perl -MCPAN -e "install Test::Harness"<br />perl -MCPAN -e "install Test::Simple"<br />perl -MCPAN -e "install Mail::DKIM"<br />perl -MCPAN -e "install Mail::DomainKeys"<br />perl -MCPAN -e "install Crypt::OpenSSL::Bignum"<br />perl -MCPAN -e "install IO::Socket::INET6"<br />perl -MCPAN -e "install IO::Socket::SSL"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::DCC"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::Razor2"<br />perl -MCPAN -e "install Socket6"<br />perl -MCPAN -e "install Date::Manip"<br />perl -MCPAN -e "install DB_File"<br /><br />perl -MCPAN -e "install Archive::Tar"<br />perl -MCPAN -e "install IO::Socket::INET6"<br />perl -MCPAN -e "install IO::Socket::SSL"<br />perl -MCPAN -e "install Net::Ident"<br /><br /><br /><br />perl -MCPAN -e "install Time::HiRes" # problem (done manually)<br />perl -MCPAN -e "install Archive::Tar" # ------------------------> problem (done manually)<br />perl -MCPAN -e "install Net::Ident" # --------------------------> problem (done manually)<br />perl -MCPAN -e "install Razor2::Client::Agent" # will be installed with Razor software<br />perl -MCPAN -e "install File::Copy" # problem<br /><br /><br /><br />If you are getting the following error in your CRON mails,<br /><br />Subroutine main::AF_INET6 redefined at /usr/lib/perl5/5.8.8/Exporter.pm line 65.<br />at /usr/bin/mrtg line 97<br /><br />OR,<br /><br />if you get the same error while running "env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg", then install the following:-<br /><br /><br />mkdir /downloads/qmailnew<br /><br /><br />cd /downloads/qmailnew<br />wget http://search.cpan.org/CPAN/authors/id/J/JG/JGMYERS/Encode-Detect-1.00.tar.gz<br />tar xzf Encode-Detect-1.00.tar.gz<br />cd Encode-Detect-1.00<br />perl Makefile.PL && make && make install<br /><br /><br />cd /downloads/qmailnew<br />wget http://search.cpan.org/CPAN/authors/id/J/JH/JHI/Time-HiRes-1.9715.tar.gz<br />tar xzf Time-HiRes-1.9715.tar.gz<br />cd Time-HiRes-1.9715<br />perl Makefile.PL && make && make install<br /><br /><br />cd /downloads/qmailnew<br />wget http://search.cpan.org/CPAN/authors/id/O/OL/OLAF/Net-DNS-0.63.tar.gz<br />tar xzf Net-DNS-0.63.tar.gz<br />cd Net-DNS-0.63<br />perl Makefile.PL && make && make install<br /><br /><br />cd /downloads/qmailnew<br />wget http://search.cpan.org/CPAN/authors/id/J/JP/JPC/Net-Ident-1.20.tar.gz<br />tar xzf Net-Ident-1.20.tar.gz<br />cd Net-Ident-1.20<br />perl Makefile.PL && make && make install<br /><br /><br />cd /downloads/qmailnew<br />wget http://search.cpan.org/CPAN/authors/id/K/KA/KANE/Archive-Tar-1.38.tar.gz<br />tar xzf Archive-Tar-1.38.tar.gz<br />cd Archive-Tar-1.38<br />perl Makefile.PL && make && make install<br /><br />cd /downloads/qmailnew<br />wget http://search.cpan.org/CPAN/authors/id/G/GO/GOZER/mod_perl-2.0.4.tar.gz<br />tar xzf mod_perl-2.0.4.tar.gz<br />cd mod_perl-2.0.4<br />perl Makefile.PL && make && make install<br /><br /><br /><br />Specify apxs path by finding through:<br /><br />rpm -ql httpd-devel | grep -i apxs<br />/usr/sbin/apxs<br /><br /><br /><br />perl -MCPAN -e "install Razor2::Client::Agent" # will be installed with Razor software<br />perl -MCPAN -e "install File::Copy" # problem<br /><br /><br /><br />perl-Time-HiRes may not get installed. Install that through CPAN/manually.<br /><br /><br /><br /><br />Step: Setup and harden Apache, Generate SSL certificate for apache:<br />-------------------------------------------------------------------<br /><br />cd /etc/httpd/conf.d<br /><br />mv manual.conf manual.conf.disabled<br />mv proxy_ajp.conf proxy_ajp.conf.disabled<br />mv python.conf python.conf.disabled<br />mv squid.conf squid.conf.disabled<br />mv welcome.conf welcome.conf.disabled<br /><br /><br />vi /etc/httpd/conf/httpd.conf<br /><br />( Unload un-neccessary modules )<br /><br />##LoadModule ldap_module modules/mod_ldap.so<br />##LoadModule authnz_ldap_module modules/mod_authnz_ldap.so<br />##LoadModule dav_module modules/mod_dav.so<br />##LoadModule dav_fs_module modules/mod_dav_fs.so<br />##LoadModule speling_module modules/mod_speling.so<br />##LoadModule userdir_module modules/mod_userdir.so<br />##LoadModule proxy_module modules/mod_proxy.so<br />##LoadModule proxy_balancer_module modules/mod_proxy_balancer.so<br />##LoadModule proxy_ftp_module modules/mod_proxy_ftp.so<br />##LoadModule proxy_http_module modules/mod_proxy_http.so<br />##LoadModule proxy_connect_module modules/mod_proxy_connect.so<br /><br /><br /><br />User apache<br />Group apache<br /><br />ServerAdmin webmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it<br /><br />ServerName www.example.com:80<br />ServerSignature Off<br /><br />UseCanonicalName Off<br /><br />DocumentRoot "/var/www/html"<br /><br />DirectoryIndex index.html index.php index.html.var<br /><br />AccessFileName .htaccess<br /><br /><files><br />Order allow,deny<br />Deny from all<br /></files><br /><br /><br />ServerSignature Off<br /><br /># Comment out the following ( MUST )<br />## AddDefaultCharset UTF-8<br /><br /><br />AddCharset ISO-8859-1 .iso8859-1 .latin1<br />AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen<br />AddCharset ISO-8859-3 .iso8859-3 .latin3<br />AddCharset ISO-8859-4 .iso8859-4 .latin4<br />AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru<br />AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb<br />AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk<br />AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb<br />AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk<br />AddCharset ISO-2022-JP .iso2022-jp .jis<br />AddCharset ISO-2022-KR .iso2022-kr .kis<br />AddCharset ISO-2022-CN .iso2022-cn .cis<br />AddCharset Big5 .Big5 .big5<br /><br />AddCharset WINDOWS-1251 .cp-1251 .win-1251<br />AddCharset CP866 .cp866<br />AddCharset KOI8-r .koi8-r .koi8-ru<br />AddCharset KOI8-ru .koi8-uk .ua<br />AddCharset ISO-10646-UCS-2 .ucs2<br />AddCharset ISO-10646-UCS-4 .ucs4<br />AddCharset UTF-8 .utf8<br /><br />AddCharset GB2312 .gb2312 .gb<br />AddCharset utf-7 .utf7<br />AddCharset utf-8 .utf8<br />AddCharset big5 .big5 .b5<br />AddCharset EUC-TW .euc-tw<br />AddCharset EUC-JP .euc-jp<br />AddCharset EUC-KR .euc-kr<br />AddCharset shift_jis .sjis<br /><br /><br /><br />## AddDefaultCharset UTF-8<br /><br /><br /><br />NameVirtualHost *:80<br /><br /><virtualhost><br />ServerAdmin webmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it<br />DocumentRoot /var/www/vhosts/example.com/httpdocs<br />ServerName www.example.com<br />ErrorLog /var/www/vhosts/example.com/logs/error_log<br />CustomLog /var/www/vhosts/example.com/logs/access_log common<br /># on the OS, you need:-<br /># mkdir /var/www/vhosts/example.com/{httpdocs,logs} -p<br /># chown apache:apache /var/www/vhosts/example.com -R<br /># useradd -g users -s /sbin/nologin -d /var/www/vhosts/example.com/ examplecom<br /># passwd examplecom<br /># chown examplecom:apache /var/www/vhosts/example.com/httpdocs -R<br /># chmod 0750 /var/www/vhosts/example.com<br /># chmod 2750 /var/www/vhosts/example.com/httpdocs<br /><br /></virtualhost><br /><br /><br />service httpd restart<br /><br /><br />Step: Transfer web content from your old server to new one [optional]:<br />----------------------------------------------------------------------<br /><br />Time to transfer web content from old server to our new server.<br /><br />Login to new example server, as root and go in the parent directory of the document root of example.com. In my case the document root is /var/www/vhosts/example.com/httpdocs. So I would go in /var/www/vhosts/example.com .<br /><br />Start lftp from this new server's command prompt, and connect to remote old server.<br /><br />Type mirror on the commmand prompt and press enter. Let the magic happen.<br /><br /><br />[root@www example.com]# lftp -u example www.oldserver.com<br />Password:<br /><br />lftp example@www.oldserver.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :~> ls<br />drwxr-xr-x 5 example psacln 4096 Nov 12 14:30 anon_ftp<br />drwxr-xr-x 2 example psacln 4096 Nov 12 14:30 bin<br />drwxr-xr-x 3 example psacln 4096 Jul 22 2006 cgi-bin<br />drwxr-xr-x 2 example psacln 4096 Mar 29 15:08 conf<br />drwxr-xr-x 2 example psacln 4096 Jul 22 2006 error_docs<br />drwxr-xr-x 16 example psacln 4096 May 6 07:27 httpdocs<br />drwxr-xr-x 7 example psacln 4096 Nov 12 21:04 httpsdocs<br />drwxr-xr-x 2 example psacln 4096 Mar 29 15:08 pd<br />drwxr-xr-x 2 example psacln 4096 Jul 22 2006 private<br />dr-xr-xr-x 7 example psacln 4096 Nov 12 14:30 statistics<br />drwxr-xr-x 2 example psacln 4096 Nov 12 14:30 subdomains<br />drwxr-xr-x 2 example psacln 4096 Nov 12 14:30 web_users<br /><br />lftp example@www.oldserver.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :/> mirror<br /><br />...<br />`squid3.avi' at 51904512 (30%) 963.6K/s eta:2m [Receiving data]<br /><br /><br /><br />Step: Setup Time Zone for new server:<br />-------------------------------------<br /><br />Local Time<br /><br />[root@www example.com]# cat /etc/localtime<br />TZif2UTCTZif2UTC<br />UTC0<br /><br />[root@www example.com]# rm /etc/localtime<br />rm: remove regular file `/etc/localtime'? y<br /><br />[root@www example.com]# ln -s /usr/share/zoneinfo/Asia/Karachi /etc/localtime<br /><br />[root@www example.com]# cat /etc/localtime<br />FPLMTISTKARTPKSTPKTTZif2 ~ 2 t ? O 0< e =" ("> MX[hFT`<br />PKT-5<br /><br /><br />Step: Shutdown unnecessary services:<br />------------------------------------<br /><br /><br />service sendmail stop<br />chkconfig --level 35 sendmail off<br /><br />service cups stop<br />chkconfig --level 35 cups off<br /><br />nmap localhost<br /><br />PORT STATE SERVICE<br />22/tcp open ssh<br />80/tcp open http<br />225/tcp open unknown<br />443/tcp open https<br /><br />[root@www ~]# netstat -antp | grep 225<br />tcp 0 0 0.0.0.0:225 0.0.0.0:* LISTEN 1972/sbadm<br /><br />[root@www ~]# chkconfig --level 35 sbadm off<br /><br />[root@www ~]# service sbadm stop<br /><br />[root@www ~]# nmap localhost<br /><br />PORT STATE SERVICE<br />22/tcp open ssh<br />80/tcp open http<br />443/tcp open https<br /><br />[root@www ~]# netstat -antp | grep LISTEN<br />tcp 0 0 0.0.0.0:40147 0.0.0.0:* LISTEN 2131/perl<br />tcp 0 0 :::80 :::* LISTEN 1985/httpd<br />tcp 0 0 :::22 :::* LISTEN 1926/sshd<br />tcp 0 0 :::443 :::* LISTEN 1985/httpd<br /><br /><br />40147 is webmin . And I NEVER want it on my server.<br /><br />[root@www ~]# /etc/rc.d/init.d/webmin stop<br />Stopping Webmin server in /usr/local/webmin-1.330<br /><br />[root@www ~]# rm -fr /usr/local/webmin-1.330<br /><br />[root@www ~]# netstat -antp | grep LISTEN<br />tcp 0 0 :::80 :::* LISTEN 1985/httpd<br />tcp 0 0 :::22 :::* LISTEN 1926/sshd<br />tcp 0 0 :::443 :::* LISTEN 1985/httpd<br /><br /><br />chkconfig --level 35 sendmail off<br />chkconfig --level 35 cups off<br />chkconfig --level 35 firstboot off<br />chkconfig --level 35 bluetooth off<br />chkconfig --level 35 ip6tables off<br />chkconfig --level 35 pcscd off<br />chkconfig --level 35 sbadm off<br />chkconfig --level 35 setroubleshoot off<br />chkconfig --level 35 webmin off<br /><br /><br /><br />Step: Setup and Secure MySQL:<br />-----------------------------<br /><br />chkconfig --level 35 mysqld on<br />service mysqld start<br /><br />/usr/bin/mysqladmin -u root password 'secretpassword'<br /><br />/usr/bin/mysqladmin -u root -h www.example.com password 'secretpassword'<br /><br />mysql -u root -D mysql -p<br /><br />mysql> select user,password from user;<br />+------+------------------+<br />| user | password |<br />+------+------------------+<br />| root | 09ac555e5b93c437 |<br />| root | 09ac555e5b93c437 |<br />| | |<br />| | |<br />+------+------------------+<br />4 rows in set (0.00 sec)<br /><br /><br />We need to delete these two lines with balnk user names to further tighten the security.<br /><br /><br />mysql> delete from user where user="";<br />Query OK, 2 rows affected (0.00 sec)<br /><br />mysql> commit;<br />Query OK, 0 rows affected (0.00 sec)<br /><br />mysql> flush privileges;<br />Query OK, 0 rows affected (0.00 sec)<br /><br /><br /><br />Step: Setup FTP (VSFTPD) :<br /><br /><br />useradd -g users -s /sbin/nologin -d /var/www/vhosts/example.com/ examplecom<br />passwd examplecom<br /><br /><br />[root@www httpd]# vi /etc/vsftpd/vsftpd.conf<br /><br />anonymous_enable=NO<br />local_enable=YES<br />write_enable=YES<br />local_umask=022<br />anon_upload_enable=NO<br />anon_mkdir_write_enable=NO<br />dirmessage_enable=YES<br />xferlog_enable=YES<br />connect_from_port_20=YES<br />xferlog_file=/var/log/vsftpd.log<br />xferlog_std_format=YES<br />nopriv_user=nobody<br />ftpd_banner=Welcome to blah FTP service at example.com . You are being watched.<br />chroot_local_user=YES<br />listen=YES<br />pam_service_name=vsftpd<br />userlist_enable=YES<br />tcp_wrappers=YES<br /><br /><br />chkconfig --level 35 vsftpd on<br /><br />[root@www conf.d]# service vsftpd restart<br />Shutting down vsftpd: [ OK ]<br />Starting vsftpd for vsftpd: [ OK ]<br /><br />[root@www conf.d]# ps aux | grep -i vsftpd<br />root 6459 0.0 0.0 5056 508 ? Ss 11:37 0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf<br />root 6462 0.0 0.0 4096 584 pts/0 R+ 11:37 0:00 grep -i vsftpd<br /><br /><br />Step: Setup SNMP and MRTG:<br />--------------------------<br />yum -y install net-snmp net-snmp-utils net-snmp-libs<br /><br /><br />vi /etc/snmp/snmpd.conf<br /><br />com2sec notConfigUser default secretsnmp<br />group notConfigGroup v1 notConfigUser<br />view roview included .1<br />access notConfigGroup "" any noauth exact roview rwview none<br />syslocation SomewhereinUS<br />syscontact Root <><br />disk /<br />load 12 14 14<br />pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat<br /><br /><br />service snmpd start<br />chkconfig --level 35 snmpd on<br /><br /><br />MRTG:<br />------<br /><br />yum -y install mrtg<br /><br /><br />cfgmaker --global "Options[_]: growright, bits, unknaszero" --ifref=ip --ifdesc=descr --noreversedns --global "WorkDir: /var/www/mrtg" --output=/etc/mrtg/mrtg.cfg secretsnmp@localhost<br /><br />indexmaker --output=/var/www/mrtg/index.html --title="www.example.com System Graphs" /etc/mrtg/mrtg.cfg<br /><br /><br />env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg<br />env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg<br />env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg<br /><br /><br /># vi /etc/httpd/conf.d/mrtg.conf<br /><br />Alias /mrtg /var/www/mrtg<br /><br /><location><br />Order deny,allow<br />Allow from all<br /></location><br /><br /><br />service httpd restart<br /><br /><br /><br />Add additional graphs:<br /><br />vi /etc/mrtg/mrtg.cfg<br />...<br />...<br /><br />LoadMIBs: /usr/share/snmp/mibs/UCD-SNMP-MIB.txt, /usr/share/snmp/mibs/TCP_MIB.txt, /usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt<br /><br /><br />Target[example_root]:dskPercent.1&dskPercent.1:secretsnmp@localhost<br />MaxBytes[example_root]: 100<br />Title[example_root]: DISK USAGE - /<br />PageTop[example_root]: <h1>DISK Usage in % (/)</h1><br />Unscaled[example_root]: ymwd<br />ShortLegend[example_root]: %<br />YLegend[example_root]: DISK Utilization<br />Legend1[example_root]: /:<br />Legend2[example_root]: /:<br />Legend3[example_root]:<br />Legend4[example_root]:<br />LegendI[example_root]: /:<br />LegendO[example_root]: /:<br />Options[example_root]: growright, unknaszero, gauge,nopercent<br /><br /><br /><br /><br />Target[example_loadavg]: laLoad.2&laLoad.3:secretsnmp@localhost<br />MaxBytes[example_loadavg]: 5000<br />Title[example_loadavg]: Load Average<br />PageTop[example_loadavg]: <h1>Load Average</h1><br />YLegend[example_loadavg]: Load Average<br />ShortLegend[example_loadavg]:<br />Legend1[example_loadavg]: Load average 5 min<br />Legend2[example_loadavg]: Load average 15 min<br />LegendI[example_loadavg]: 5min load avg<br />LegendO[example_loadavg]: 15min load avg<br />Options[example_loadavg]: nopercent,growright,noinfo,gauge, unknaszero<br /><br /><br /><br /><br />Target[example_cpusum]:ssCpuRawUser.0&ssCpuRawUser.0:secretsnmp@localhost + ssCpuRawSystem.0&ssCpuRawSystem.0:secretsnmp@localhost + ssCpuRawNice.0&ssCpuRawNice.0:secretsnmp@localhost<br />MaxBytes[example_cpusum]: 100<br />Title[example_cpusum]: CPU Usage % (User+System+Nice)<br />PageTop[example_cpusum]: <h1>CPU Usage % (User+System+Nice)</h1><br />ShortLegend[example_cpusum]: %<br />YLegend[example_cpusum]: CPU Usage<br />Legend1[example_cpusum]: CPU usage in %<br />Legend2[example_cpusum]:<br />Legend3[example_cpusum]:<br />Legend4[example_cpusum]:<br />LegendI[example_cpusum]: Active<br />LegendO[example_cpusum]:<br />Options[example_cpusum]: growright,nopercent, unknaszero<br /><br /><br /><br /><br />Target[example_memory]: memTotalReal.0&memAvailReal.0:secretsnmp@localhost<br />Options[example_memory]: nopercent,growright,gauge,noinfo, unknaszero<br />Title[example_memory]: Free Memory<br />PageTop[example_memory]: <h1>Free Memory</h1><br />MaxBytes[example_memory]: 2147483648<br />YLegend[example_memory]: bytes<br />ShortLegend[example_memory]: bytes<br />kMG[example_memory]: k,M<br />Legend1[example_memory]: Total Physical Memory<br />Legend2[example_memory]: Free Physical Memory<br />LegendI[example_memory]: Total Memory<br />LegendO[example_memory]: Free Memory<br /><br /><br /># Need to specify the download location of the mysql-load software.<br /><br />Target[example_mysql]: `/usr/local/mrtg-mysql/mrtg-mysql-load -c /usr/local/mrtg-mysql/mysql-load.conf`<br />Options[example_mysql]: perminute, nopercent, integer, growright, unknaszero<br />MaxBytes[example_mysql]: 200<br />AbsMax[example_mysql]: 2000<br />Unscaled[example_mysql]: dwmy<br />Title[example_mysql]: MySQL load analysis<br />PageTop[example_mysql]: <h1>MySQL load Analysis</h1><br />ShortLegend[example_mysql]: q/m<br /><br /><br />Run index maker again:<br /><br />indexmaker --output=/var/www/mrtg/index.html --title="www.example.com System Graphs" /etc/mrtg/mrtg.cfg<br /><br /><br />env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg<br />env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg<br />env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg<br /><br /><br />Step: Setup Webalizer :<br />----------------------<br /><br />WEBALIZER<br /><br />mv /etc/httpd/conf.d/webalizer.conf /etc/httpd/conf.d/webalizer.conf.orig<br /><br />cat >> /etc/httpd/conf.d/webalizer.conf << EOF<br /><br />Alias /usage /var/www/usage<br /><br /><location><br />Order deny,allow<br />Allow from all<br /></location><br />EOF<br /><br />service httpd restart<br /><br /><br /><br />Step: Actual Qmail Mail Server setup:<br />--------------------------------------<br /><br />Step: Create the necessary users and directories:<br />-------------------------------------------------<br />Note: In case you are going to setup multiple machines as Qmail servers in a cluster formation, you will need to create the users and groups with the "same" UIDs and GIDs . This will ensure correct functionality of the Qmail system when the mail directories are mounted on a central NFS mount, or over an ISCSI based IPSAN, etc. Doing so even on the single node setup also help in standardization, and is a good practice.<br /><br />mkdir -p /var/qmail<br />mkdir -p /usr/src/qmail<br /><br /><br />groupadd -g 700 nofiles<br />useradd -u 701 -g nofiles -d /var/qmail/alias -s /sbin/nologin -p '*' alias<br />useradd -u 702 -g nofiles -d /var/qmail -s /sbin/nologin -p '*' qmaild<br />useradd -u 703 -g nofiles -d /var/qmail -s /sbin/nologin -p '*' qmaill<br />useradd -u 704 -g nofiles -d /var/qmail -s /sbin/nologin -p '*' qmailp<br />groupadd -g 701 qmail<br />useradd -u 705 -g qmail -d /var/qmail -s /sbin/nologin -p '*' qmailq<br />useradd -u 706 -g qmail -d /var/qmail -s /sbin/nologin -p '*' qmailr<br />useradd -u 707 -g qmail -d /var/qmail -s /sbin/nologin -p '*' qmails<br />groupadd -g 702 vchkpw<br />useradd -u 708 -g vchkpw -d /home/vpopmail -s /sbin/nologin -p '*' vpopmail<br /><br /><br />mkdir -p /package<br />chmod 1755 /package<br /><br />mkdir -p /var/log/qmail/qmail-send<br />mkdir -p /var/log/qmail/qmail-smtpd<br />mkdir -p /var/log/qmail/qmail-pop3d<br /><br />chown -R qmaill:root /var/log/qmail<br /><br />chmod -R 750 /var/log/qmail<br /><br />mkdir -p /var/qmail/supervise/qmail-smtpd/log<br />mkdir -p /var/qmail/supervise/qmail-send/log<br />mkdir -p /var/qmail/supervise/qmail-pop3d/log<br /><br />chmod +t /var/qmail/supervise/qmail-smtpd<br />chmod +t /var/qmail/supervise/qmail-send<br />chmod +t /var/qmail/supervise/qmail-pop3d<br /><br /><br />##########################################################################<br /><br />From www.lifewithqmail.org :-<br /><br />Note: The qmail bin directory must reside on a filesystem that allows the use of executable and setuid() files. Some OS distributions automatically mount /var with the nosuid or noexec options enabled. On such systems, either these options should be disabled or /var/qmail/bin should reside on another filesystem without these options enabled. The Create directories section describes how to use symbolic links to accomplish the latter. If /var is mounted nosuid, you'll probably see the following error message in the qmail-send logs:<br /><br />delivery : deferral: Sorry,_message_has_wrong_owner._(#4.3.5)<br /><br /><br />###########################################################################<br /><br /><br /><br />For ease of management, all software will be downloaded in /downloads/qmailrocks directory, so lets create that as well.<br /><br />mkdir -p /downloads/qmailrocks<br />mkdir -p /downloads/qmailnew<br /><br />Download the qmailrocks.tar.gz from www.qmailrocks.org in /downloads and untar it at the same location. This will create /downloads/qmailrocks and will have all the QMR files in it. This will help as a source of comparison of various software versions. Current stable release: 2.2.1 - 4/19/2006<br /><br />cd /downloads/<br />wget http://www.qmailrocks.org/downloads/qmailrocks.tar.gz<br />tar xzf qmailrocks.tar.gz<br /><br /><br /><br />####################################################<br /><br />The official Qmail website (http://cr.yp.to/qmail.html) , has the same version available on it which is supplied by QMR. So we will use the ones provided by QMR.<br /><br />cd /usr/src/qmail<br />tar xzf /downloads/qmailrocks/qmail-1.03.tar.gz<br />tar xzf /downloads/qmailrocks/ucspi-tcp-0.88.tar.gz<br /><br /><br />cd /package<br />tar xzf /downloads/qmailrocks/daemontools-0.76.tar.gz<br /><br /><br /># Set up conf-split and conf-spawn (Don't use the figure 255 in the line below):<br /><br />echo 211 > /usr/src/qmail/qmail-1.03/conf-split<br />### echo 255 > /usr/src/qmail/qmail-1.03/conf-spawn ### Don't do it else the JMS patch will fail one Hunk. See below.<br /><br /><br />Step: Time to apply various patches to Qmail-1.03:<br />--------------------------------------------------<br />Get latest combined patch (version 7.05) by jms1 from http://qmail.jms1.net/patches/combined-details.shtml<br /><br />cd /downloads/qmailnew<br />wget http://qmail.jms1.net/patches/qmail-1.03-jms1.7.05.patch<br /><br />This patch already contains the FORCE_TLS patch, so no need to further patch the qmail for forcetls (as it is done in the QMR guide).<br /><br />Note that this combined patch does not contain patch for tarpitting! And we don't need tarpitting as we are not using it.<br /><br /><br />Lets do the actual patching.<br /><br />cd /usr/src/qmail/qmail-1.03/<br />patch < /downloads/qmailnew/qmail-1.03-jms1.7.05.patch<br /><br /><br />Note that one hunk will fail for conf-spawn, "IF" the value in it is 255, as setup by the original QMR guide. The hunk wanted to write 120 to conf-spawn whereas it already has 255. Note the value cannot be "more" than 255. And in some cases it cannot be more than 125.<br /><br /><br />[So I am forgiving this error at the moment and moving on. I do not think it is that serious.]<br /><br />Sine I did not change the value and retained it as 120 in the conf-spawn, the hunk did not fail.<br /><br /><br /><br />Step: Compile Qmail:<br />--------------------<br /><br />Patching done. ( I am not going to use the tarpit patch) .<br /><br />Let's do the actual compilation of Qmail now:<br /><br />cd /usr/src/qmail/qmail-1.03<br /><br />make clean<br />make man && make setup check<br /><br /><br />Alhumdulillah. Qmail compiled successfully.<br /><br /><br /><br />Let's move on.<br /><br />Run the config-fast script.<br /><br />./config-fast www.example.com<br /><br />[root@www qmail-1.03]# ./config-fast www.example.com<br />Your fully qualified host name is www.example.com.<br />Putting www.example.com into control/me...<br />Putting example.com into control/defaultdomain...<br />Putting example.com into control/plusdomain...<br />Putting www.example.com into control/locals...<br />Putting www.example.com into control/rcpthosts...<br />Now qmail will refuse to accept SMTP messages except to www.example.com.<br />Make sure to change rcpthosts if you add hosts to locals or virtualdomains!<br />[root@www qmail-1.03]#<br /><br /><br /><br />#####################################################################################################<br />Important From: http://www.antagonism.org/qmr-faq.shtml<br /><br />7.11 What is the difference between the locals and rcpthosts files in /var/qmail/control?<br /><br />The locals file contains domains which reside locally on the machine. This means accounts listed in locals should have shell accounts on the machine. If you use vpopmail, your locals file should be empty but exist. This problem is prevalent in many qmailrocks installs as the instruction set wrongly instructs users to configure qmail using the "config-fast" shell script. Unless the user desires email accounts for his shell accounts the is not the correct method. The following commands correct this error.<br /><br />If /var/qmail/control/locals exists, run the first command. If not, you may skip to the second command.<br /># rm -f /var/qmail/control/locals<br /># touch /var/qmail/control/locals<br /># chmod 644 /var/qmail/control/locals<br /># chown root.root /var/qmail/control/locals<br /><br />The rcpthosts file contains the domains for which qmail-smtpd will accept email. The rcpthosts file should contain the domain names only. Do not put in email addresses, hostnames or IP addresses into this file.<br />######################################################################################################<br /><br />Though I have read the note above and implemented on a few live servers. I do not agree with it. The reason is that if I do as advised above, in this note, then mails destined for root, postmaster, etc do not get delivered to the mailbox of postmaster. So we won't act upon this advice. I have only copied this text/note here, to warn you.<br /><br /><br /><br />Step: Generate the certificate (QMR guide).<br /><br />make cert<br /><br />[root@www qmail-1.03]# make cert<br />-----<br />Country Name (2 letter code) [GB]:PK<br />State or Province Name (full name) [Berkshire]:Punjab<br />Locality Name (eg, city) [Newbury]:Islamabad<br />Organization Name (eg, company) [My Company Ltd]:example<br />Organizational Unit Name (eg, section) []:www<br />Common Name (eg, your name or your server's hostname) []:www.example.com<br />Email Address []: webmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it<br />chmod 640 /var/qmail/control/servercert.pem<br />chown qmaild.qmail /var/qmail/control/servercert.pem<br />ln -s /var/qmail/control/servercert.pem /var/qmail/control/clientcert.pem<br />[root@www qmail-1.03]#<br /><br /><br />chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem<br /><br /><br /><br /><br />Step: Build ucspi-tcp...<br /><br />cd /usr/src/qmail/ucspi-tcp-0.88/<br /><br /><br />Before we build ucspi, we need to patch it for errno. This patch is included in the QMR package and also mentioned at www.lifewithqmail.org/lwq.html .<br /><br />cd /usr/src/qmail/ucspi-tcp-0.88/<br />patch < /downloads/qmailrocks/patches/ucspi-tcp-0.88.errno.patch<br /><br />make && make setup check<br /><br /><br /><br />Now we build the daemontools....<br /><br /><br />Daemon tools also need to be patched for errno. This patch is included in the QMR package and also mentioned at http://www.lifewithqmail.org/lwq.html#install-daemontools .<br /><br />cd /package/admin/daemontools-0.76/src<br />patch < /downloads/qmailrocks/patches/daemontools-0.76.errno.patch<br />cd /package/admin/daemontools-0.76<br /><br />./package/install<br /><br /><br />You should be able to see svscanboot running:-<br /><br />[root@www daemontools-0.76]# ps aux | grep svscan<br />root 26092 0.0 0.0 2424 1012 ? Ss 12:13 0:00 /bin/sh /command/svscanboot<br />root 26094 0.0 0.0 1664 340 ? S 12:13 0:00 svscan /service<br />root 26097 0.0 0.0 4100 584 pts/0 R+ 12:13 0:00 grep svscan<br /><br /><br /><br /><br />Step: EZMLM:<br />------------<br /><br />You will need the mysql-devel package to be installed on the system before compiling this software.<br /><br />yum install mysql-devel<br /><br /><br />The QMR package provides ezmlm-0.53-idx-0.41.tar.gz . The actual / raw version of this software is ezmlm-0.53 at http://cr.yp.to/ezmlm.html . However an extended version is at http://www.ezmlm.org/ .<br /><br />At the time of this writing, The most recent stable version of ezmlm-idx is 6.0.1, and is available at the link: http://www.ezmlm.org/archive/6.0.1/ . (Even the most recent version in the older stable series is 0.444, which is "newer" than what QMR package provides.) .<br /><br />There is a twist. the documentation from the 6.0.1 INSTALL file tells us to download the actual 0.53 (non-idx) version from http://cr.yp.to /ezmlm.html . Untar both 0.53 and 6.0.1 versions in two separate directories. Then copy / move evereything from 6.0.1 to 0.53 directory. Then patch the 0.53 code with the idx.patch file provided in 6.0.1 . Configure various files. And complile the 0.53 directory.<br /><br />Lets downlaod both.<br /><br />cd /downloads/qmailnew<br />wget http://cr.yp.to/software/ezmlm-0.53.tar.gz<br />## wget http://www.ezmlm.org/archive/5.1.2/ezmlm-idx-5.1.2.tar.gz<br />wget http://www.ezmlm.org/archive/6.0.1/ezmlm-idx-6.0.1.tar.gz<br />tar xzf ezmlm-0.53.tar.gz<br />tar xzf ezmlm-idx-6.0.1.tar.gz<br /><br /><br />cp -r /downloads/qmailnew/ezmlm-idx-6.0.1/* /downloads/qmailnew/ezmlm-0.53/ --reply=yes<br /><br />cd /downloads/qmailnew/ezmlm-0.53<br /><br />patch < idx.patch<br /><br /><br />Configure various config files:<br /><br />vi conf-etc<br />/usr/local/etc/ezmlm<br /><br /><br />vi conf-bin<br />/usr/local/bin/ezmlm<br /><br /><br />vi conf-qmail<br />/var/qmail<br /><br /><br /><br />Edit the conf-sub, and change the storage from standard file location to mysql.<br /><br />vi conf-sub<br />mysql<br /><br />Choose a subscription database support. Available supports are:<br />* std (Default) filesystem<br />* mysql MySQL database<br />* pgsql Postgres database<br /><br /><br />####################### Removed in 6.0.1 ########<br />vi sub_mysql/conf-sqlcc<br />-I/usr/include/mysql<br />#################################################<br /><br /><br />From the INSTALL.idx :-<br />5. RDBM Support.<br /><br />MySQL:<br />If you want to compile ezmlm with MySQL support (http://www.mysql.com),<br />edit conf-cc (include files) and conf-ld (library paths) to reflect<br />your MySQL installation (see MySQL documentation). The package<br />should work with MySQL version 3.22 and up.<br /><br /><br />vi conf-cc<br />gcc -O -g -I/usr/include/mysql -I/usr/include/pgsql<br /><br /><br />vi conf-ld<br />cc -g -B /usr/lib/mysql/<br /><br /><br /><br /><br /><br /><br />OR<br /><br />echo "/usr/local/etc/ezmlm" > conf-etc<br />echo "/usr/local/bin/ezmlm" > conf-bin<br />echo "/var/qmail" > conf-qmail<br />echo "mysql" > conf-sub<br /><br /><br /><br /><br />Time to compile.<br /><br />make clean<br />make<br />make man<br />make mysql # new in 6.0.1<br />make setup<br /><br /><br />[root@www ezmlm-0.53]# ./ezmlm-test<br />...<br />Verifying message header and body contents...<br />ezmlm-make: fatal: unable to stat /downloads/qmailnew/ezmlm-0.53/lang/default: file does not exist<br />ezmlm-make failed<br />[root@www ezmlm-0.53]# vi conf-lang<br />[root@www ezmlm-0.53]# ls /downloads/qmailnew/ezmlm-0.53/lang/<br />ch_GB cs da de en_US es fr hu id it ja nl pl pt pt_BR ru sv<br />[root@www ezmlm-0.53]# ls /downloads/qmailnew/ezmlm-0.53/lang/en_US/<br />ezmlmrc mailinglist sed text<br />[root@www ezmlm-0.53]#<br /><br />ln -s /downloads/qmailnew/ezmlm-0.53/lang/en_US /downloads/qmailnew/ezmlm-0.53/lang/default<br /><br /><br /><br />You may want to create a ezmlm MySQL Database at this point.<br /><br />mysql -u root -p<br />create database ezmlm;<br />grant all on ezmlm.* to ezmlm@localhost identified by 'mysecret';<br />flush privileges;<br /><br /><br /><br />Now, Create ezmlm tables in the database: You must use the "-f" option with mysql, which will force mysql to continue even in case of failures.<br /><br /><br />./ezmlm-mktab-mysql -d list | mysql -D ezmlm -u ezmlm -pmysecret -f<br /><br />You may get output as below:<br /><br />[root@www ezmlm-0.53]# ./ezmlm-mktab-mysql -d list | mysql -D ezmlm -u ezmlm -pmysecret -f<br />ERROR 1051 (42S02) at line 6: Unknown table 'list'<br />ERROR 1051 (42S02) at line 7: Unknown table 'list_slog'<br />ERROR 1051 (42S02) at line 8: Unknown table 'list_digest'<br />ERROR 1051 (42S02) at line 9: Unknown table 'list_digest_slog'<br />ERROR 1051 (42S02) at line 10: Unknown table 'list_mod'<br />ERROR 1051 (42S02) at line 11: Unknown table 'list_mod_slog'<br />ERROR 1051 (42S02) at line 12: Unknown table 'list_allow'<br />ERROR 1051 (42S02) at line 13: Unknown table 'list_allow_slog'<br />ERROR 1051 (42S02) at line 14: Unknown table 'list_deny'<br />ERROR 1051 (42S02) at line 15: Unknown table 'list_deny_slog'<br />ERROR 1051 (42S02) at line 17: Unknown table 'list_cookie'<br />ERROR 1051 (42S02) at line 18: Unknown table 'list_mlog'<br />ERROR 1051 (42S02) at line 19: Unknown table 'list_digest_cookie'<br />ERROR 1051 (42S02) at line 20: Unknown table 'list_digest_mlog'<br />[root@www ezmlm-0.53]#<br /><br />This is normal. These are just error messages returned when trying to DROP these tables. If you are paranoid, you may want to run this command again. This time it will not give any errors as the tables would not have been already created and will be dropped properly.<br /><br />[root@www ezmlm-0.53]# ./ezmlm-mktab-mysql -d list | mysql -D ezmlm -u ezmlm -pmysecret -f<br />[root@www ezmlm-0.53]#<br /><br /><br />Now execute the test program again:<br /><br />./ezmlm-test -l ezmlm -p mysecret -h localhost<br /><br /><br />A successful test should look like this:-<br /><br />[root@www ezmlm-0.53]# ./ezmlm-test -s mysql -p mysecret -u ezmlm -d ezmlm -h localhost<br />ezmlm-make (1/2): OK<br />Using subdb plugin: mysql<br />ezmlm-reject: OK<br />ezmlm-[un|is]sub[n]: OK<br />ezmlm SQL: OK<br />ezmlm non-SQL: OK<br />ezmlm-send: OK<br />ezmlm-tstdig: OK<br />ezmlm-weed: OK<br />ezmlm-make (2/2): OK<br />ezmlm-clean: OK<br />ezmlm-store: OK<br />ezmlm-return: OK<br />ezmlm-warn (1/2): OK<br />ezmlm-manage (1/2): OK<br />ezmlm-request: OK<br />ezmlm-split: OK<br />ezmlm-gate: OK<br />ezmlm-idx: OK<br />ezmlm-get (index): OK<br />ezmlm-get (get): OK<br />ezmlm-get (thread): OK<br />ezmlm-get (digest): OK<br />ezmlm-manage (2/2): OK<br />ezmlm-moderate: OK<br />ezmlm-warn (2/2): OK<br />ezmlm-dispatch: OK<br />Verifying message header and body contents...<br />flags and substs: OK<br />subscribe probe: OK<br />unsubscribe probe: OK<br />subscribe: OK<br />unsubscribe: OK<br />copylines: OK<br />ezmlm-send: OK<br /><br />[root@www ezmlm-0.53]#<br /><br />Congradulations.<br /><br /><br /><br />Step: AUTORESPONDER:<br />---------------------<br /><br />autorespond-2.0.5.tar.gz is provided by the QMR package. This is the latest version on the net too. So let's follow it.<br /><br />cd /downloads/qmailrocks<br /><br />tar zxf autorespond-2.0.5.tar.gz<br /><br />cd autorespond-2.0.5<br /><br />make && make install<br /><br /><br /><br />Step: Courier Mail Drop:-<br /><br /><br />Install Courier MailDrop:- (This step would come after VPOPmail, Qmailadmin and Vqadmin in QMR. But I want to do it before VPOPmail, so I can tell vpopmail to use it / enable it in vpopmail.)<br /><br /><br />Note: At one time, I thaught that I don't think we need maildrop at all! But when I removed it, it took away "reformime with" it. And Qmail-scaner stoped working without reformime. So we do need Courier Mail Drop.<br /><br /><br />Here is the ouput if I remove the maildrop rpm from the system and run the qmail-scanner (doit) script :<br /><br />[root@www contrib]# ./test_installation.sh -doit<br /><br />Sending standard test message - no viruses...<br />qmail-inject: fatal: qq temporary problem (#4.3.0)<br />Bad error. qmail-inject died<br />[root@www contrib]#<br /><br /><br />And I get the following in the /var/log/maillog :-<br /><br />May 10 14:11:44 www X-Qmail-Scanner-2.04: [www.example.com121041070456210137] d_m: output spotted from /usr/bin/reformime -x/var/spool/qscan/tmp/www.example.com121041070456210137/ (sh: /usr/bin/reformime: No such file or directory<br />May 10 14:16:19 www X-Qmail-Scanner-2.04: [www.example.com121041097956210184] d_m: output spotted from /usr/bin/reformime -x/var/spool/qscan/tmp/www.example.com121041097956210184/ (sh: /usr/bin/reformime: No such file or directory<br /><br /><br /><br />After re-isntalling maildrop, everything became fine again.<br /><br /><br /><br />So, from the QMR site:<br />Part 7- Maildrop<br /><br />Maildrop is a mail filtering agent which can be used to filter messages as they arrive on the server. You will probably notice, once this installation in complete, that you don't really use maildrop. However, it's a cool tool and it's worth having around if you ever decide to get crazy with filtering your imcoming mail. .....<br /><br />----------<br />And here is from the Qmail-Scanner website:-<br /><br />Requirements<br /><br />* Netqmail 1.05 (or qmail-1.03 with patches)<br />...<br />...<br />* daemontools-0.76+<br />* reformime from Maildrop 1.3.8+<br /><br />-------------<br /><br />Lets install Courier MailDrop<br /><br /># Make sure you have pcre-devel and gcc-c++ installed on the system.<br /><br />yum install pcre-devel gcc-c++<br /><br />Ideally, according to myself, this step should have come before vpopmail. Also, from the maildrop homepage:<br /><br />http://www.courier-mta.org/maildrop/<br /><br />maildrop is the mail filter/mail delivery agent that's used by the Courier Mail Server. You do not need to download maildrop from here if you already have Courier installed. This is a standalone build of the maildrop mail filter that can be used with other mail servers.<br /><br />QMR provides maildrop-1.6.3.tar.gz . Where as the latest is: maildrop-2.0.4.tar.bz2 .<br /><br />I will use maildrop-2.0.4 and will make an RPM out of the source file to install it.<br /><br />cd /downloads/qmailnew<br /><br />wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.4.tar.bz2<br /><br />tar xjf maildrop-2.0.4.tar.bz2<br /><br />cd /downloads/qmailnew/maildrop-2.0.4<br /><br /><br />I have maildrop downloaded from the site and I updated it's specs file as :-<br /><br />%configure --with-devel --enable-userdb --enable-maildirquota --enable-syslog=1 --enable-trusted-users='root mail daemon postmaster qmaild mmdf' --enable-restrict-trusted=0 --enable-maildrop-uid=root --enable-maildrop-gid=vchkpw<br /><br /><br />I then repackaged it as tar.bz2 and made an RPM out of it:<br /><br />rm maildrop-2.0.4.tar.bz2<br /><br />tar cjf maildrop-2.0.4.tar.bz2 maildrop-2.0.4<br /><br />rpmbuild -ta maildrop-2.0.4.tar.bz2<br />...<br />...<br />...<br />Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/maildrop-2.0.4-1-buildroot<br />Wrote: /usr/src/redhat/SRPMS/maildrop-2.0.4-1.src.rpm<br />Wrote: /usr/src/redhat/RPMS/i386/maildrop-2.0.4-1.i386.rpm<br />Wrote: /usr/src/redhat/RPMS/i386/maildrop-devel-2.0.4-1.i386.rpm<br />Wrote: /usr/src/redhat/RPMS/i386/maildrop-man-2.0.4-1.i386.rpm<br />Wrote: /usr/src/redhat/RPMS/i386/maildrop-debuginfo-2.0.4-1.i386.rpm<br />Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.76157<br />+ umask 022<br />+ cd /usr/src/redhat/BUILD<br />+ cd maildrop-2.0.4<br />+ rm -rf /var/tmp/maildrop-2.0.4-1-buildroot<br />+ exit 0<br /><br /><br /><br />Now install the latest RPM<br /><br /><br />rpm -ivh /usr/src/redhat/RPMS/i386/maildrop-2.0.4-1.i386.rpm<br />Preparing... ########################################### [100%]<br />1:maildrop ########################################### [100%]<br /><br /><br /><br /><br /><br /><br />Step: VPOPMAIL with MySQL support:<br />------------------------------------<br /><br />vpopmail-5.4.13.tar.gz is supplied with QMR package.<br /><br />Whereas version 5.4.25 is available on inter7's sourceforge page:<br />http://sourceforge.net/project/showfiles.php?group_id=85937<br /><br />Lets download this new version:<br /><br />cd /downloads/qmailnew<br />wget http://optusnet.dl.sourceforge.net/sourceforge/vpopmail/vpopmail-5.4.25.tar.gz<br /><br /><br />tar xzf vpopmail-5.4.25.tar.gz<br />cd /downloads/qmailnew/vpopmail-5.4.25<br /><br /><br />Let's do the preparation first. We already have created a user vpopmail and vchkpw earlier.<br /><br />mkdir ~vpopmail/etc<br />chown vpopmail:vchkpw ~vpopmail/etc<br />echo "localhost|0|vpopmailuser|vpopmailpassword|vpopmail" > ~vpopmail/etc/vpopmail.mysql<br /><br /><br /><br />Create vpopmail Database:<br /><br />mysql -u root -p<br /><br />CREATE DATABASE vpopmail;<br /><br /><br />GRANT all ON vpopmail.* TO vpopmailuser@localhost IDENTIFIED BY 'vpopmailpassword';<br /><br />Flush privileges;<br />quit;<br /><br /><br /><br /><br />Try connecting:<br />mysql -u vpopmailuser -D vpopmail -pvpopmailpassword<br /><br /><br /><br />cd /downloads/qmailnew/vpopmail-5.4.25<br /><br />Note: QMR guide used the following switches for configuring vpopmail. Don't use them. Instead use the ones I have put below this line.<br /><br />[QMR Guide = ./configure --enable-logging=p --enable-auth-module=mysql --disable-passwd --enable-clear-passwd \<br />--disable-many-domains --enable-auth-logging --enable-sql-logging --enable-valias --disable-mysql-limits]<br /><br /><br />------------------------<br />WARNING : DO NOT USE the --enable-maildrop switch in vpopmail otherwise you will not get any mails and will get the following "Unable to open mailbox" errors in the maillog:<br /><br /><br />May 9 20:04:07 www spamd[31043]: spamd: clean message (-1.4/5.0) for kamran@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :711 in 1.3 seconds, 934 bytes.<br />May 9 20:04:07 www spamd[31043]: spamd: result: . -1 - ALL_TRUSTED scantime=1.3,size=934,user= kamran@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it ,uid=711,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=54894,mid=<>,autolearn=unavailable,shortcircuit=no<br />May 9 20:04:07 www spamd[31040]: prefork: child states: II<br /><br />May 9 20:04:07 www maildrop[19011]: Unable to open mailbox.<br /><br />-----------------------<br /><br />./configure --enable-logging=p --enable-auth-module=mysql --disable-clear-passwd --disable-many-domains \<br />--enable-sql-logging --enable-mysql-replication --enable-valias --enable-roaming-users \<br />--enable-spamassassin --enable-mysql-limits<br /><br />...<br />...<br />config.status: creating Makefile<br />config.status: creating config.h<br />config.status: executing depfiles commands<br /><br />vpopmail 5.4.25<br />Current settings<br />---------------------------------------<br /><br />vpopmail directory = /home/vpopmail<br />domains directory = /home/vpopmail/domains<br />uid = 708<br />gid = 702<br />roaming users = ON --enable-roaming-users<br />tcpserver file = /home/vpopmail/etc/tcp.smtp<br />open_smtp file = /home/vpopmail/etc/open-smtp<br />rebuild tcpserver file = ON --enable-rebuild-tcpserver-file (default)<br />password learning = OFF --disable-learn-passwords (default)<br />md5 passwords = ON --enable-md5-passwords (default)<br />file locking = ON --enable-file-locking (default)<br />vdelivermail fsync = OFF --disable-file-sync (default)<br />make seekable = ON --enable-make-seekable (default)<br />clear passwd = OFF --disable-clear-passwd<br />user dir hashing = ON --enable-users-big-dir (default)<br />address extensions = OFF --disable-qmail-ext (default)<br />ip alias = OFF --disable-ip-alias-domains (default)<br />onchange script = OFF --disable-onchange-script (default)<br />auth module = mysql --enable-auth-module=mysql<br />mysql replication = ON --enable-mysql-replication<br />sql logging = ON --enable-sql-logging<br />mysql limits = ON --enable-mysql-limits<br />SQL valias table = ON --enable-valias<br />auth inc = -I/usr/include/mysql<br />auth lib = -L/usr/lib/mysql -lmysqlclient -lz -lm<br />system passwords = OFF --disable-passwd (default)<br />pop syslog = show failed attempts with clear text password --enable-logging=p<br />auth logging = ON --enable-auth-logging (default)<br />one domain per SQL table = --disable-many-domains<br />spamassassin = ON --enable-spamassassin<br />maildrop = OFF --disable-maildrop (default)<br /><br /><br /><br /><br />Now compile it:<br /><br /><br />make && make install-strip<br />...<br />...<br />/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'dotqmail2valias' '/home/vpopmail/bin/dotqmail2valias'<br />/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vpopmaild' '/home/vpopmail/bin/vpopmaild'<br />make[3]: Leaving directory `/downloads/qmailnew/vpopmail-5.4.25'<br />make[2]: Leaving directory `/downloads/qmailnew/vpopmail-5.4.25'<br />make[1]: Leaving directory `/downloads/qmailnew/vpopmail-5.4.25'<br /><br /><br /><br />Step: VQADMIN:<br />--------------<br />QMR package provides vqadmin-2.3.6.tar.gz . The homepage of vqadmin ( http://www.inter7.com/vqadmin/ ) provides us vqadmin-2.3.7.tar.gz . Lets use that.<br /><br />cd /downloads/qmailnew/<br /><br />wget http://www.inter7.com/vqadmin/vqadmin-2.3.7.tar.gz<br /><br />tar xzf vqadmin-2.3.7.tar.gz<br /><br />cd /downloads/qmailnew/vqadmin-2.3.7<br /><br />mkdir /var/www/vqadmin<br />chown apache:apache /var/www/vqadmin -R<br /><br /><br />Note that --enable-html directory in the command below seems to be deprecated in newer versions of vqadmin (even in the one I am using, right now). This means it is not required to be mentioned to the configure script as it has no effect.<br /><br /><br />./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/vqadmin<br /><br />make && make install-strip<br /><br /><br />------------<br /><br />Setup a .conf file in /etc/httpd/conf.d/ as vqadmin.conf<br /><br />cat >> /etc/httpd/conf.d/vqadmin.conf << EOF<br /><br />Alias /vqadmin /var/www/vqadmin<br /><br /><directory><br />Order deny,allow<br />Allow from all<br /></directory><br />EOF<br /><br />--------------------<br /><br />--------------------<br /><br /><br />Edit the Apache config file and add the following :<br /><br />vi /etc/httpd/conf/httpd.conf<br /><br /><directory><br />Allow from all<br />Options ExecCGI<br />AllowOverride AuthConfig<br />Order deny,allow<br /></directory><br /><br />-------<br /><br /><br />Secure VQADMIN<br /><br />cat >> /var/www/cgi-bin/vqadmin/.htaccess << EOF<br /><br />AuthType Basic<br /># AuthUserFile will also be at a common place, such as /var/www/.htpasswd.vqadmin<br />AuthUserFile /var/www/.htpasswd.vqadmin<br />AuthName vQadmin<br />require valid-user<br />## satisfy any<br />EOF<br /><br /><br /><br />chown apache:apache /var/www/cgi-bin/vqadmin/.htaccess<br /><br />chmod 640 /var/www/cgi-bin/vqadmin/.htaccess # The QMR guide suggests 644 , which is too lax I think.<br /><br />htpasswd -bc /var/www/.htpasswd.vqadmin admin vqadminpassword<br /><br /><br />chown apache:apache /var/www/.htpasswd.vqadmin # This step is not in QMR.<br /><br />chmod 640 /var/www/.htpasswd.vqadmin<br /><br /><br />------------<br /><br /><br />service httpd restart<br /><br /><br />---------------------------------<br /><br /><br /><br />Open the following link in web browser:<br />http://10.1.2.3/cgi-bin/vqadmin/vqadmin.cgi<br /><br />If you see a white page with Vqadmin menu on it. Check your apache error log.<br /><br /><br />Apache error log:-<br /><br />[Thu May 08 16:51:18 2008] [error] [client 203.82.59.56] File does not exist:<br />/var/www/vhosts/example.com/httpdocs/images,<br />referer: http://192.168.0.200/cgi-bin/vqadmin/vqadmin.cgi<br /><br /><br />The solution is :-<br /><br />ln -s /var/www/html/images /var/www/vhosts/autogateway.com/httpdocs/<br /><br />chown apache:apache /var/www/html -R<br /><br />-------------<br /><br />Add a domain "example.com" in vqadmin .<br /><br />postmaster passowrd: postmasterpassword<br /><br />Created Domain<br />Domain postmaster added<br /><br /><br />Step: QMAILADMIN:<br />------------------<br />QMR provides qmailadmin-1.2.9.tar.gz .<br />The is the latest on Inter 7 is 1.2.11.<br />The latest devel version is 1.2.12 .<br /><br />cd /downloads/qmailnew/<br />wget http://internap.dl.sourceforge.net/sourceforge/qmailadmin/qmailadmin-1.2.12.tar.gz<br /><br />tar xzf qmailadmin-1.2.12.tar.gz<br />cd /downloads/qmailnew/qmailadmin-1.2.12<br /><br /><br />----------------------------------------- [ optional ] -------------<br />mkdir /var/www/qmailadmin<br /><br />cat >> /etc/httpd/conf.d/qmailadmin.conf << EOF<br /><br />Alias /qmailadmin /var/www/qmailadmin<br /><br /><directory><br />Order deny,allow<br />Allow from all<br /></directory><br />EOF<br /><br /><br />chown apache:apache /var/www/qmailadmin<br /><br />service httpd restart<br /><br />-------------------------------------------[ optional end ]---------------<br /><br />./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/qmailadmin --enable-imageurl=/qmailadmin/images/qmailadmin<br /><br /><br />./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/qmailadmin \<br />--enable-imagedir=/var/www/qmailadmin/images --enable-imageurl=/qmailadmin/images \<br />--enable-modify-quota<br />...<br />...<br /><br />qmailadmin 1.2.12<br />Current settings<br />---------------------------------------<br />cgi-bin dir = /var/www/cgi-bin<br />html dir = /var/www/qmailadmin<br />image dir = /var/www/qmailadmin/images<br />image URL = /qmailadmin/images<br />template dir = /usr/local/share/qmailadmin<br />qmail dir = /var/qmail<br />vpopmail dir = /home/vpopmail<br />autorespond dir = /usr/bin<br />ezmlm dir = /usr/local/bin/ezmlm<br />ezmlm idx = yes<br />mysql for ezmlm = yes<br />help = no<br />modify quota = no<br />domain autofill = no<br />modify spam check = no<br /><br /><br /><br />make && make install-strip<br /><br />----------------------------------------<br /><br /><br />Try loggin on to the URL:<br /><br />http://192.168.0.200/cgi-bin/qmailadmin<br /><br />, and try add a few users.<br /><br />Email Account kamran@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it (Muhammad Kamran Azeem) added successfully<br /><br />Alhumdulillah.<br /><br /><br /><br />Note: Error: If you are seeing a blank page after you add a user in vqadmin, then read the note below:-<br /><br />####################### NOTE : start #####################################<br /><br />Blank page after adding a user.<br /><br />[Tue Apr 01 05:00:42 2008] [error] [client 210.2.164.144] vmysql: can't read settings from /home/vpopmail/etc/vpopmail.mysql, referer: http://10.1.2.3/cgi-bin/qmailadmin<br />[Tue Apr 01 05:00:42 2008] [error] [client 210.2.164.144] Premature end of script headers: qmailadmin, referer: http://10.1.2.3/cgi-bin/qmailadmin<br /><br /><br />The file permissions of the file /home/vpopmail/etc/vpopmail.mysql are 640, to protect mysql root password from ordinary users. if I change it to 644, to allow apache to read this file, other ordinary users will also be able to look into this file.<br />May be I should add apache to the group vchkpw .<br /><br />vi /etc/group<br />vchkpw:x:702:apache<br /><br />Still the same problem . I need to investigate it further. At the moment. I am continuing with 644 to this file.<br /><br />Still the same problem. I notice that :-<br /><br /><br />[root@www qmailadmin-1.2.12]# ls -l /home/<br />total 12<br />drwx------ 4 akhan users 4096 Mar 28 22:05 akhan<br />drwx------ 2 vmail vmail 4096 Mar 29 02:25 vmail<br />drwx------ 8 vpopmail vchkpw 4096 Apr 1 03:34 vpopmail<br /><br /><br /><br />[root@www qmailadmin-1.2.12]# ls -l /var/www/cgi-bin/<br />total 160<br />-rwsr-sr-x 1 vpopmail vchkpw 151864 Apr 1 04:57 qmailadmin<br /><br /><br /><br />Corrected. Basically I incorrectly setup the permission of the directory ~vpopmail/etc as 640. This stupid step of mine, resulted in inability of group vchpw to "change directory into" ~vpopmail/etc and read the vpopmail.mysql file.<br /><br />Removed apache from the group memberdship of vchkpw from /etc/group.<br /><br />vi /etc/group<br />vchkpw:x:702:<br /><br />Email Account kamran@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it (Muhammad Kamran Azeem) added successfully<br /><br />Alhumdulillah. The qmailadmin web interface seems to be behaving correctly.<br />####################################### NOTE : end #######################################3<br /><br /><br />Step: FINALIZING QMAIL:<br />-----------------------<br /><br />The QMR guide suggests to run the following script:<br /># /downloads/qmailrocks/scripts/finalize/linux/finalize_linux.script<br /><br />This script can be viewed online at:<br />http://www.qmailrocks.org/downloads/scripts/finalize/linux/finalize_linux.script<br /><br />I will use the actual content of the script to get the tasks done manully.<br /><br /># First Copy all supervise scripts to their proper locations.:<br /><br />cp /downloads/qmailrocks/scripts/finalize/linux/pop3d_run /var/qmail/supervise/qmail-pop3d/run<br />cp /downloads/qmailrocks/scripts/finalize/linux/pop3d_log /var/qmail/supervise/qmail-pop3d/log/run<br />cp /downloads/qmailrocks/scripts/finalize/linux/smtpd_run /var/qmail/supervise/qmail-smtpd/run<br />cp /downloads/qmailrocks/scripts/finalize/linux/smtpd_log /var/qmail/supervise/qmail-smtpd/log/run<br />cp /downloads/qmailrocks/scripts/finalize/linux/send_run /var/qmail/supervise/qmail-send/run<br />cp /downloads/qmailrocks/scripts/finalize/linux/send_log /var/qmail/supervise/qmail-send/log/run<br /><br /><br /># Next: Copy rc and qmailctl scripts to proper locations:<br /><br />cp /downloads/qmailrocks/scripts/finalize/rc /var/qmail/<br />cp /downloads/qmailrocks/scripts/finalize/qmailctl /var/qmail/bin/<br /><br /><br /># Setup needed permisions:<br /><br />chmod 755 /var/qmail/rc /var/qmail/bin/qmailctl<br />chmod 751 /var/qmail/supervise/qmail-pop3d/run<br />chmod 751 /var/qmail/supervise/qmail-pop3d/log/run<br />chmod 751 /var/qmail/supervise/qmail-smtpd/run<br />chmod 751 /var/qmail/supervise/qmail-smtpd/log/run<br />chmod 751 /var/qmail/supervise/qmail-send/run<br />chmod 751 /var/qmail/supervise/qmail-send/log/run<br /><br /><br /># Setup default values to various control files:<br /><br />echo ./Maildir > /var/qmail/control/defaultdelivery<br />echo 255 > /var/qmail/control/concurrencyremote<br />chmod 644 /var/qmail/control/concurrencyremote<br />echo 30 > /var/qmail/control/concurrencyincoming<br />chmod 644 /var/qmail/control/concurrencyincoming<br /><br /><br /># Create symbolic links:<br /><br />ln -s /var/qmail/bin/qmailctl /usr/bin<br />ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-pop3d /service<br /><br /><br />--------------------<br /><br />Next edit the run scripts and adjust a few values:<br /><br />:%s/mail\.example\.com/www\.example\.com/g<br /><br /><br />vi /var/qmail/supervise/qmail-pop3d/run<br /><br />Find "mail.example.com" and change it to your server's hostname. For example: wwww.example.com<br /><br /><br />vi /var/qmail/supervise/qmail-smtpd/run<br /><br />Find "mail.example.com" and change it to your server's hostname. For example: www.example.com<br /><br /><br /><br />Next:<br /><br />qmailctl stop<br /><br />echo '127.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp<br /><br />qmailctl cdb<br /><br /><br /><br /><br />Now we create the common system aliases. These aliases are going to tell Qmail what to do with common server-generated mails.<br /><br />echo postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it > /var/qmail/alias/.qmail-root<br />echo postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it > /var/qmail/alias/.qmail-postmaster<br />echo postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it > /var/qmail/alias/.qmail-mailer-daemon<br />ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-anonymous<br />chmod 644 /var/qmail/alias/.qmail*<br /><br /><br /><br /><br />REMOVE SENDMAIL, POSTFIX , EXIM from System:<br />--------------------------------------------<br /><br />If you have not removed these pakages before, you can do it now.<br /><br />service sendmail stop<br />service postfix stop<br />service exim stop<br />service dovecot stop<br /><br /><br />rpm -e sendmail --nodeps<br />rpm -e sendmail-cf --nodeps<br />rpm -e postfix --nodeps<br />rpm -e exim --nodeps<br /><br /><br /># Create artificial sendmail path:<br /><br />rm -f /usr/lib/sendmail<br />rm -f /usr/sbin/sendmail<br /><br />ln -s /var/qmail/bin/sendmail /usr/lib/sendmail<br />ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail<br /><br /><br />-----------------<br /><br /><br />START QMAIL:<br />------------<br />The QMR guide asks to run the following script:<br /><br /># /downloads/qmailrocks/scripts/util/qmr_inst_check<br /><br />The script is long and there is no advantage running it command by command/ manually. When you run the script, it will check for some key required files and folders and will also check permissions and owership settings on many key items. It a needed file does not exist or if the ownership/permissions settings are wrong on a key file, it will tell you and then make a suggestion as to how to correct the error. This script does NOT check the CONTENT or SYNTAX of your scripts, but only for the scripts' existence and their ownership/permissions settings. If you've screwed up the syntax of on the run scripts, this tool will not detect it.<br /><br />Lets run it:<br /><br />/downloads/qmailrocks/scripts/util/qmr_inst_check<br /><br />[root@www qmailadmin-1.2.12]# /downloads/qmailrocks/scripts/util/qmr_inst_check<br />Congratulations, your Qmailrocks.org Qmail installation looks good!<br /><br /><br />[root@www qmailadmin-1.2.12]# qmailctl stat<br />/service/qmail-send: down 228 seconds, normally up<br />/service/qmail-send/log: down 228 seconds, normally up<br />/service/qmail-smtpd: down 228 seconds, normally up<br />/service/qmail-smtpd/log: down 228 seconds, normally up<br />/service/qmail-pop3d: down 228 seconds, normally up<br />/service/qmail-pop3d/log: down 228 seconds, normally up<br />messages in queue: 0<br />messages in queue but not yet preprocessed: 0<br /><br /><br /><br /><br /><br />Step: COURIER IMAP + COURIERPASSD:<br />----------------------------------<br /><br />Courier-imap is the preferred IMAP server to install because it has built in support the vchkpw mail user setup that Vpopmail utilizes. In short, Courier IMAP works with Vpopmail and virtual domains. In addition to installing Courier-imap, we're going to install Courierpassd. Courierpassd is a utility that allows users to change their mailbox passwords remotely.<br /><br /><br /># Must have gdbm-devel installed.<br /><br />yum install gdbm-devel<br /><br /><br />We are going to use latest releases from http://www.courier-mta.org/download.php .<br />Courierpassd is available at: http://erresea.arda.homeunix.net/store/<br /><br /><br />QMR provides courier-authlib-0.55.tar.bz2 . Latest is courier-authlib-0.60.2.tar.bz2 .<br />Also QMR package provides courier-imap-4.0.2.tar.bz2 . Whereas the latest is courier-imap-4.3.1.tar.bz2 .<br />Also QMR provides courierpassd-1.1.0-RC1 , whereas latest is courierpassd-1.1.2.tar.gz .<br /><br />I may also try Courier-Analog for SMTP,POP,IMAP traffic analysis. http://prdownloads.sourceforge.net/courier/courier-analog-0.15.tar.bz2<br /><br />Lets see if these latest packages work or not. Otherwise we may have to revert to the ones provided by QMR.<br /><br />cd /downloads/qmailnew<br /><br />wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.60.2.tar.bz2<br />wget http://prdownloads.sourceforge.net/courier/courier-imap-4.3.1.tar.bz2<br />wget http://www.arda.homeunix.net/store/courierpassd-1.1.2.tar.gz<br /><br /><br />I am going to build RPMs of these Courier-* files, after putting in the necessary config parameters. The RPM need to be built as ordinary user, say kamran.<br /><br /><br />--------------------------->>>>> See the WAM postfix discarded howto <<<<<<<<<<<< ----------------<br /><br />Courier-authlib:-<br />------------------<br /><br />This needs user kamran to be specified in visudo.<br /><br />kamran ALL=NOPASSWD: ALL<br /><br /><br />[kamran@www qmailnew]$ cp /downloads/qmailnew/courier* /home/kamran/<br /><br />cd /home/kamran<br /><br />[kamran@www ~]$ tar xjf courier-authlib-0.60.2.tar.bz2<br />[kamran@www ~]$ cd courier-authlib-0.60.2<br /><br /><br /><br />Added the following in the .spec file in the configure section.<br /><br />--with-authvchkpw --without-authldap --disable-root-check --with-ssl --with-redhat<br /><br />QMR suggests "--with-authchangepwdir=/usr/local/libexec/authlib" to be passed to the configure script. But I could not find it in courier-authlib-0.60.2<br /><br /><br />[kamran@www courier-authlib-0.60.2]$ vi courier-authlib.spec<br /><br />%configure --with-authvchkpw --without-authldap --disable-root-check --with-ssl --with-redhat<br /><br /><br />[kamran@www courier-authlib-0.60.2]$ rm courier-authlib-0.60.2.tar.bz2<br /><br />[kamran@www ~]$ tar cjf courier-authlib-0.60.2.tar.bz2 courier-authlib-0.60.2<br /><br /><br />sudo yum -y install libtool-ltdl-devel libtool-ltdl postgresql-devel expect<br /><br /><br /><br />$ sudo rpmbuild -ta courier-authlib-0.60.2.tar.bz2<br /><br />cd /usr/src/redhat/RPMS/i386/<br /><br />$ sudo rpm -ivh courier-authlib-0.60.2-1.i386.rpm courier-authlib-devel-0.60.2-1.i386.rpm courier-authlib-mysql-0.60.2-1.i386.rpm<br /><br /><br /><br />Time to compile/generate RPM for courier-imap as well. Pass the same arguments to its %configure section as well..<br /><br />cd /home/kamran<br /><br />tar xjf courier-imap-4.3.1.tar.bz2<br /><br />cd courier-imap-4.3.1<br /><br />vi courier-imap.spec<br /><br />%configure \<br />--with-authvchkpw --without-authldap --disable-root-check --with-ssl \<br />--with-redhat \<br />%{?xflags: %{xflags}}<br /><br />rm courier-imap-4.3.1.tar.bz2<br />tar cjf courier-imap-4.3.1.tar.bz2 courier-imap-4.3.0<br /><br />sudo yum -y install openldap-servers<br /><br />Note: You cannot build courier-imap as sudo. You will get the following error:<br /><br />=============================<br />Do not run make check as root<br />=============================<br />make[2]: *** [check-am] Error 1<br />make[2]: Leaving directory `/usr/src/redhat/BUILD/courier-imap-4.3.1/imap'<br />make[1]: *** [check] Error 2<br />make[1]: Leaving directory `/usr/src/redhat/BUILD/courier-imap-4.3.1/imap'<br />make: *** [check-recursive] Error 1<br />error: Bad exit status from /var/tmp/rpm-tmp.6589 (%build)<br /><br /><br />So we need to setup a RPM environment in the /home/kamran directory.<br /><br />Time to setup environment for RPM Build as user akhan.<br /><br />su - kamran # if you have not already done so<br /><br />mkdir $HOME/rpm/{SOURCES,SPECS,BUILD,SRPMS,RPMS} -p<br />mkdir $HOME/rpm/RPMS/{i386,x86_64}<br />echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros<br /><br /><br />$ rpmbuild -ta courier-imap-4.3.1.tar.bz2<br /><br /><br />After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):<br /><br />Install courier-imap like this:<br /><br />cd $HOME/rpm/RPMS/i386<br />sudo rpm -ivh courier-imap-4.3.1-1.i386.rpm<br /><br />Preparing... ########################################### [100%]<br />1:courier-imap ########################################### [100%]<br /><br /><br />Exit from the user kamran's shell at this point.<br /><br />exit.<br /><br /><br />--------<br /><br />Run:-<br /><br />/usr/lib/courier-imap/sbin/mkimapdcert<br /><br /><br />[root@www ~]# /usr/lib/courier-imap/sbin/mkimapdcert<br />/usr/lib/courier-imap/share/imapd.pem already exists.<br /><br />------------<br /><br />Edit /usr/lib/courier-imap/etc/imapd.cnf<br /><br />change postmaser@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it an administrative email address postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it<br /><br />vi /usr/lib/courier-imap/etc/imapd.cnf<br /><br />-------------<br /><br />vi /usr/lib/courier-imap/etc/imapd<br /><br />Make sure that the following configuration exists: IMAPDSTART=YES<br /><br /><br />---------<br /><br /><br />vi /usr/lib/courier-imap/etc/imapd-ssl<br /><br />Make sure that the following configuration exists: IMAPDSSLSTART=YES<br /><br />Make sure that the following configuration exists: TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem<br /><br /><br />################<br /><br />IMAPDSSLSTART=YES<br /><br />##NAME: IMAPDSTARTTLS:0<br />#<br /># Whether or not to implement IMAP STARTTLS extension instead:<br /><br />IMAPDSTARTTLS=YES<br /><br />##NAME: IMAP_TLS_REQUIRED:1<br />#<br /># Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.<br /># (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS<br /># is issued).<br /><br />IMAP_TLS_REQUIRED=0<br /><br />####################<br /><br />vi /etc/authlib/authdaemonrc<br /><br />Around like 27, you should see the "authmodulelist" setting. Make sure that "authvchkpw" is the only module listed. Like so:<br /><br />authmodulelist="authvchkpw"<br /><br />Save and exit the file.<br /><br />-------------<br /><br /><br />The init.d files would now already be in place, because of RPM installation we did.<br /><br />[root@www ~]# ls /etc/init.d/courier-*<br />/etc/init.d/courier-authlib<br />/etc/init.d/courier-imap<br /><br />Start the Authlib service<br /><br />[root@www ~]# /etc/init.d/courier-authlib start<br />Starting Courier authentication services: authdaemond<br /><br /><br />chkconfig --level 35 courier-authlib on<br /><br />You should see the authdaemond process, as shown below.<br /><br />[root@www ~]# ps aux | grep auth<br />root 14081 0.0 0.0 1636 316 ? S 11:51 0:00 /usr/sbin/courierlogger -pid=/var/spool/authdaemon/pid -start /usr/libexec/courier-authlib/authdaemond<br />root 14082 0.0 0.1 6716 1316 ? S 11:51 0:00 /usr/libexec/courier-authlib/authdaemond<br />root 14083 0.0 0.0 6716 360 ? S 11:51 0:00 /usr/libexec/courier-authlib/authdaemond<br />root 14084 0.0 0.0 6716 360 ? S 11:51 0:00 /usr/libexec/courier-authlib/authdaemond<br />root 14085 0.0 0.0 6716 360 ? S 11:51 0:00 /usr/libexec/courier-authlib/authdaemond<br />root 14086 0.0 0.0 6716 360 ? S 11:51 0:00 /usr/libexec/courier-authlib/authdaemond<br />root 14087 0.0 0.0 6716 360 ? S 11:51 0:00 /usr/libexec/courier-authlib/authdaemond<br />root 14111 0.0 0.0 4100 608 pts/1 R+ 11:51 0:00 grep auth<br />[root@www ~]#<br /><br /><br />And the following output in MAILLOG .<br /><br />[root@www ~]# tail -f /var/log/maillog<br />May 9 11:05:21 www authdaemond: Installing libauthvchkpw<br />May 9 11:05:21 www authdaemond: Installation complete: authvchkpw<br />May 9 11:49:05 www authdaemond: stopping authdaemond children<br />May 9 11:49:05 www authdaemond: modules="authvchkpw", daemons=5<br />May 9 11:49:05 www authdaemond: Installing libauthvchkpw<br />May 9 11:49:05 www authdaemond: Installation complete: authvchkpw<br />May 9 11:51:09 www authdaemond: stopping authdaemond children<br />May 9 11:51:34 www authdaemond: modules="authvchkpw", daemons=5<br />May 9 11:51:34 www authdaemond: Installing libauthvchkpw<br />May 9 11:51:34 www authdaemond: Installation complete: authvchkpw<br /><br /><br /><br />[root@www ~]# service courier-imap start<br />Starting Courier-IMAP server: imap imap-ssl pop3 generating-SSL-certificate... pop3-ssl<br />[root@www ~]#<br /><br /><br />[root@www ~]# ps aux | grep courier<br />0:00 /usr/sbin/courierlogger -pid=/var/run/imapd.pid -start -name=imapd /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 143 /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/bin/imapd Maildir<br />root 15218 0.0 0.0 1744 504 ? S 12:25 0:00 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 143 /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/bin/imapd Maildir<br />root 15224 0.0 0.0 1640 232 ? S 12:25 0:00 /usr/sbin/courierlogger -pid=/var/run/imapd-ssl.pid -start -name=imapd-ssl /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 993 /usr/lib/courier-imap/bin/couriertls -server -tcpd /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/bin/imapd Maildir<br />root 15225 0.0 0.0 1748 508 ? S 12:25 0:00 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 993 /usr/lib/courier-imap/bin/couriertls -server -tcpd /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/bin/imapd Maildir<br />root 15230 0.0 0.0 1636 228 ? S 12:25 0:00 /usr/sbin/courierlogger -pid=/var/run/pop3d.pid -start -name=pop3d /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 110 /usr/lib/courier-imap/sbin/pop3login /usr/lib/courier-imap/bin/pop3d Maildir<br />root 15231 0.0 0.0 1744 504 ? S 12:25 0:00 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 110 /usr/lib/courier-imap/sbin/pop3login /usr/lib/courier-imap/bin/pop3d Maildir<br />root 15245 0.0 0.0 1640 232 ? S 12:25 0:00 /usr/sbin/courierlogger -pid=/var/run/pop3d-ssl.pid -start -name=pop3d-ssl /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /usr/lib/courier-imap/bin/couriertls -server -tcpd /usr/lib/courier-imap/sbin/pop3login /usr/lib/courier-imap/bin/pop3d Maildir<br />root 15246 0.0 0.0 1748 508 ? S 12:25 0:00 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /usr/lib/courier-imap/bin/couriertls -server -tcpd /usr/lib/courier-imap/sbin/pop3login /usr/lib/courier-imap/bin/pop3d Maildir<br />root 15249 0.0 0.0 4096 584 pts/0 R+ 12:26 0:00 grep courier<br /><br />-------------------------------<br /><br />[root@www ~]# nmap localhost<br /><br />Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-05-09 12:28 PKT<br />Interesting ports on localhost.localdomain (127.0.0.1):<br />Not shown: 1670 closed ports<br />PORT STATE SERVICE<br />21/tcp open ftp<br />22/tcp open ssh<br />80/tcp open http<br />110/tcp open pop3<br />143/tcp open imap<br />199/tcp open smux<br />443/tcp open https<br />993/tcp open imaps<br />995/tcp open pop3s<br />3306/tcp open mysql<br /><br /><br /><br />Alhumdulillah.<br /><br />------------------------------------------------------<br /><br /><br />IMPORTANT:<br /><br />QMAIL has it's own POP3 daemon. And this courier POP3 and POP3S WILL conflict with it. So disable POP3 and POP3S in Courier.<br /><br /><br /><br />vi /usr/lib/courier-imap/etc/pop3d<br />...<br />POP3DSTART=NO<br /><br /><br />vi /usr/lib/courier-imap/etc/pop3d-ssl<br />...<br />POP3DSSLSTART=NO<br /><br /><br />[root@www contrib]# service courier-imap stop<br />Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl<br /><br />[root@www contrib]# service courier-imap start<br />Starting Courier-IMAP server: imap imap-ssl<br /><br /><br />Or may be rename the files:<br /><br />cd /usr/lib/courier-imap/etc/<br />mv pop3d pop3d.disabled<br />mv pop3d-ssl pop3d-ssl.disabled<br /><br />[root@www qmail-scanner-2.04]# service courier-imap stop<br />Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl<br /><br />[root@www qmail-scanner-2.04]# service courier-imap start<br />Starting Courier-IMAP server: imap imap-ssl<br /><br /><br />Step: COURIERPASSD:<br />--------------------<br /><br />[root@www ~]# find / -name courierauthconfig<br />/home/akhan/rpm/BUILD/courier-authlib-0.60.2/courierauthconfig<br />/usr/bin/courierauthconfig<br /><br />[root@www ~]# find / -name courierauth.h<br />/home/akhan/rpm/BUILD/courier-authlib-0.60.2/courierauth.h<br />/home/akhan/downloads/courier-authlib-0.60.2/courierauth.h<br />/usr/include/courierauth.h<br />/downloads/qmailrocks/courier-authlib-0.55/courierauth.h<br />[root@www ~]#<br /><br /><br />cd /downloads/qmailnew/courierpassd-1.1.2<br />./configure<br />make && make install<br /><br /><br />echo "courierpassd 106/tcp #for /etc/xinetd.d/courierpassd" >> /etc/services<br />echo "courierpassd 106/tcp #for /etc/xinetd.d/courierpassd" >> /usr/share/nmap/nmap-services<br /><br /><br />Add this to xinetd. You must have xinet rpm installed on the system.<br /><br />cat >> /etc/xinetd.d/courierpassd << EOF<br />service courierpassd<br />{<br />port = 106<br />socket_type = stream<br />protocol = tcp<br />user = root<br />server = /usr/local/sbin/courierpassd<br />server_args = -s imap<br />wait = no<br />only_from = 127.0.0.1<br />instances = 4<br />disable = no<br />}<br />EOF<br /><br /><br />service xinetd restart<br /><br /><br /><br />[root@www courierpassd-1.1.2]# nmap localhost<br /><br />PORT STATE SERVICE<br />21/tcp open ftp<br />22/tcp open ssh<br />80/tcp open http<br />106/tcp open pop3pw ----------------------------> courierpassd<br />110/tcp open pop3<br />143/tcp open imap<br />199/tcp open snmp<br />443/tcp open https<br />993/tcp open imaps<br />995/tcp open pop3s<br />3306/tcp open mysql<br /><br />Nmap finished: 1 IP address (1 host up) scanned in 0.233 seconds<br /><br /><br /><br />Step: SQUIRRELMAIL:<br />-------------------<br /><br />cd /downloads/qmailnew<br /><br />wget http://nchc.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.13.tar.bz2<br /><br />cd /var/www<br /><br />tar xjf /downloads/qmailnew/squirrelmail-1.4.13.tar.bz2<br /><br /># Remove the symbolic link pointing to previous version:<br />rm -f webmail<br />ln -s squirrelmail-1.4.13 webmail<br />chown apache:apache squirrelmail-1.4.13 -R<br /><br /><br />cd webmail/config<br /><br />./conf.pl<br /><br />Organization Preferences<br /><br />1. Organization Name : Example Company<br />4. Organization Title : example mail service, powered by SquirrelMail $version<br /><br /><br />Server Settings<br /><br />General<br />-------<br />1. Domain : example.com<br /><br />2. Invert Time : false<br />3. Sendmail or SMTP : SMTP<br /><br />IMAP Settings<br />--------------<br />4. IMAP Server : localhost<br />5. IMAP Port : 143<br />6. Authentication type : login<br />7. Secure IMAP (TLS) : false<br />8. Server software : other<br />9. Delimiter : detect<br /><br />SMTP Settings<br />-------------<br />4. SMTP Server : localhost<br />5. SMTP Port : 25<br />6. POP before SMTP : false<br />7. SMTP Authentication : none<br />8. Secure SMTP (TLS) : false<br />9. Header encryption key :<br /><br /><br />General Options<br />1. Data Directory : /var/www/webmail/data/<br />2. Attachment Directory : /var/www/webmail/attach/<br /><br /><br />Make sure that these two directories exist and have proper permissions.<br /><br />ls -l /var/www/webmail<br />drwxrwxr-x 2 apache apache 4096 May 10 04:30 data<br /><br />mkdir /var/www/webmail/{attach,data} -p<br />chown apache:apache /var/www/webmail/{attach,data} -R<br />chmod 733 /var/www/webmail/attach<br /><br /><br /><br />cat >> /etc/httpd/conf.d/squirrelmail.conf << EOF<br />Alias /webmail /var/www/webmail<br />EOF<br /><br />service httpd restart<br /><br /><br /><br />Download the change_pass plugin:<br /><br />cd /var/www/webmail/plugins<br /><br /><br />wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fchange_pass-2.7a-1.4.x.tar.gz<br /><br />tar xzf change_pass-2.7a-1.4.x.tar.gz<br /><br />Added plugins using ./conf.pl program<br /><br /><br /><br />Try changing passwords:<br /><br />passwords are changed successfully.<br /><br /><br />This is what you should get in your /var/log/messages file, once you change password from Squirrelmail web interface:<br /><br />Apr 1 09:55:48 www xinetd[26780]: START: courierpassd pid=26924 from=127.0.0.1<br />Apr 1 09:55:48 www xinetd[26780]: EXIT: courierpassd status=0 pid=26924 duration=0(sec)<br /><br /><br />Alhumdulillah !<br /><br /><br />-----------------<br /><br /><br />Extra decoding library<br /><br />SquirrelMail decoding functions are used to display and convert messages encoded in different character sets. Extra decoding library provides support of some complex Eastern and Apple x-mac character sets.<br /><br />cd /downloads/qmailnew<br /><br />wget tar xjf squirrelmail-decode-1.2.tar.bz2<br /><br /><br />tar xjf squirrelmail-decode-1.2.tar.bz2<br /><br /><br />From the README.decode :-<br /><br />/***************************************<br />* SquirrelMail Extra Decoding Library *<br />***************************************/<br /><br />This package contains extra decoding functions. Functions are enabled by<br />copying .php files to SquirrelMail's functions/decode/ directory.<br /><br />---------<br /><br />Install these functions:-<br /><br />[root@www squirrelmail-decode-1.2]# ./install<br />Please enter path to your SquirrelMail installation:/var/www/webmail<br /><br />Extra decoding functions are installed.<br />[root@www squirrelmail-decode-1.2]#<br /><br /><br />------------<br /><br />To make squirrel mail show the logged in Username with the "Sign Out" link on the top right of the web page, do the following:<br /><br />Open / edit the file "page_header.php" in the /var/www/webmail/fucntions directory.<br /><br />Find the line with the word "Sign Out" in it:-<br /><br />displayInternalLink ('src/signout.php', _("Sign Out"), $frame_top);<br /><br />And change it to :<br />displayInternalLink ('src/signout.php', _("Sign Out ".$username), $frame_top);<br /><br /><br />Then find the following line(s) / function definition in the same file:-<br /><br /><br />function displayPageHeader($color, $mailbox, $xtra='', $session=false) {<br /><br />global $hide_sm_attributions, $frame_top,<br />$compose_new_win, $compose_width, $compose_height,<br />$attachemessages, $provider_name, $provider_uri,<br />$javascript_on, $default_use_mdn, $mdn_user_support,<br />$startMessage, $org_title;<br /><br />and change that to<br /><br />function displayPageHeader($color, $mailbox, $xtra='', $session=false) {<br /><br />global $hide_sm_attributions, $frame_top,<br />$compose_new_win, $compose_width, $compose_height,<br />$attachemessages, $provider_name, $provider_uri,<br />$javascript_on, $default_use_mdn, $mdn_user_support,<br />$startMessage, $org_title, $username;<br /><br />-------<br />Basically you just added a $username to the global line above.<br /><br /><br />Step: CLAMAV and SPAMASSASSIN:<br />--------------------------------<br /><br />CLAMAV:<br />--------------<br /><br /><br /><br />Note this part (CLAMAV) is deprecated. Please refer to this article, instead.<br /><br />Download latest CLAMAV from http://crash.fce.vutbr.cz/crash-hat/centos/5/clamav/<br /><br />By the time of this writing, 0.93-2 is latest.<br /><br /><br />cd /downloads/qmailnew/<br />wget http://crash.fce.vutbr.cz/crash-hat/centos/5/clamav/clamav-0.93-2.i386.rpm<br />wget http://crash.fce.vutbr.cz/crash-hat/centos/5/clamav/clamav-db-0.93-2.i386.rpm<br />wget http://crash.fce.vutbr.cz/crash-hat/centos/5/clamav/clamav-server-0.93-2.i386.rpm<br />wget http://crash.fce.vutbr.cz/crash-hat/centos/5/clamav/clamav-devel-0.93-2.i386.rpm<br /><br /><br />rpm -ivh clamav-*<br /><br /><br />Create a user as qscand:<br /><br /><br />groupadd -g 710 qscand<br />useradd -u 710 -g 710 -c "Qmail-Scanner Account" -s /bin/false qscand<br /><br /><br /><br />vi /etc/clamd.conf<br /><br /># Lines shown below are default settings, unless specified otherwise.<br /><br />LogFile /var/log/clamav/clamd.log<br />LogFileMaxSize 0<br />LogTime yes<br />LogSyslog yes # ---------------------> default is NO. Change to YES.<br />PidFile /var/run/clamav/clamd.pid<br />TemporaryDirectory /tmp<br />DatabaseDirectory /var/lib/clamav # ----> This is changed in the newer (0.94-1) version, to /var/clamav.<br />LocalSocket /var/run/clamav/clamd.sock # --------> Disabled. Change to enabled/socket file name.<br />FixStaleSocket yes<br />MaxConnectionQueueLength 30<br />MaxThreads 50<br />ReadTimeout 300<br />User qscand # ----------------------> Most important. Default clamav. Change to qscand.<br />AllowSupplementaryGroups yes<br />DetectBrokenExecutables yes<br />ScanMail yes<br />ArchiveMaxCompressionRatio 300<br />ArchiveBlockEncrypted yes<br />ArchiveBlockMax yes<br /><br /><br />vi /etc/freshclam.conf<br /><br />DatabaseDirectory /var/lib/clamav<br />UpdateLogFile /var/log/clamav/freshclam.log<br />PidFile /var/run/clamav/freshclam.pid<br />LogSyslog yes # -----------------------------------> change to yes<br />DatabaseOwner qscand # -------------------------> Most important. Default clamav. Change to qscand.<br />AllowSupplementaryGroups yes<br />DNSDatabaseInfo current.cvd.clamav.net<br />DatabaseMirror db.us.clamav.net<br />DatabaseMirror database.clamav.net<br />Checks 24<br />NotifyClamd /etc/clamd.conf<br /><br /><br />vi /etc/logrotate.d/clamd<br />#<br /># Rotate Clam AV daemon log file<br />#<br /><br />/var/log/clamav/clamd.log {<br />missingok<br />nocompress<br />create 640 qscand qscand<br />postrotate<br />/bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2> /dev/null || true<br />endscript<br />}<br /><br /><br />vi /etc/logrotate.d/freshclam<br /><br />#<br /># Rotate FreshClam daemon log file<br />#<br /><br />/var/log/clamav/freshclam.log {<br />missingok<br />nocompress<br />create 640 qscand qscand<br />postrotate<br />/bin/kill -HUP `cat /var/run/clamav/freshclam.pid 2> /dev/null` 2> /dev/null || true<br />endscript<br />}<br /><br /><br />chown qscand:qscand /var/log/clamav -R<br />chown qscand:qscand /var/lib/clamav -R<br />chown qscand:qscand /var/run/clamav -R<br /><br /><br />service clamd restart<br />chkconfig --level 35 clamd on<br /><br />service freshclam restart<br />chkconfig --level 35 freshclam on<br /><br /><br />########################################################################<br />Deprecated:-<br /><br />FreshClam doesn't need to be called through cron any more:-<br /><br /># crontab -e<br /># 25 2 * * * /usr/bin/freshclam --quiet -l /var/log/clamav/freshclam.log<br />#<br /><br />Becaue, freshclam runs as daemon mode and checks the server once<br />everyday, itself. The following option can be used in /etc/init.d/freshclam<br />to set number of checks between 1 and 50<br /><br />--checks=#n -c #n number of checks per day, 1 <= n <= 50<br />---------------------------------------------------------------------------<br /><br />See the proof below:<br />May 10 15:10:02 www last message repeated 6 times<br />May 10 15:11:59 www freshclam[22467]: Received signal: wake up<br />May 10 15:11:59 www freshclam[22467]: ClamAV update process started at Sat May 10 15:11:59 2008<br />May 10 15:11:59 www freshclam[22467]: main.cvd is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven)<br />May 10 15:12:00 www freshclam[22467]: Downloading daily-7077.cdiff [100%]<br />May 10 15:12:00 www freshclam[22467]: Downloading daily-7078.cdiff [100%]<br />May 10 15:12:00 www freshclam[22467]: Downloading daily-7079.cdiff [100%]<br />May 10 15:12:00 www freshclam[22467]: Downloading daily-7080.cdiff [100%]<br />May 10 15:12:01 www freshclam[22467]: Downloading daily-7081.cdiff [100%]<br />May 10 15:12:01 www freshclam[22467]: Downloading daily-7082.cdiff [100%]<br />May 10 15:12:01 www freshclam[22467]: daily.cld updated (version: 7082, sigs: 49709, f-level: 26, builder: ccordes)<br />May 10 15:12:01 www freshclam[22467]: Database updated (281543 signatures) from db.local.clamav.net (IP: 65.120.238.2)<br />May 10 15:12:01 www clamd[22412]: SelfCheck: Database modification detected. Forcing reload.<br />May 10 15:12:01 www clamd[22412]: Reading databases from /var/lib/clamav<br />May 10 15:12:01 www freshclam[22467]: Clamd successfully notified about the update.<br />May 10 15:12:01 www freshclam[22467]: --------------------------------------<br />May 10 15:12:05 www clamd[22412]: Database correctly reloaded (280776 signatures)<br /><br /><br /><br />#########################################################################<br /><br /><br /><br /><br />SPAM ASSASSIN<br />----------------<br /><br />QMR package refers to install perl-Mail-SpamAssassin , but that is not availble through yum. And the provided RPM is too old to be compatible with current spamassassin-3.1.9 . So I installed it through CPAN.<br /><br />perl -MCPAN -e "install Mail::SpamAssassin"<br /><br /><br />groupadd -g 711 spamd<br />useradd -u 711 -g 711 -s /home/spamd spamd<br /># passwd -l spamd # not in QMR guide. I thought it should be implemented. But do we need it?<br /><br /><br />vi /etc/sysconfig/spamassassin<br /><br />If the above file exists, replace its contents :<br /><br />SPAMDOPTIONS="-d -c -m5 -H"<br /><br />, with the following line. If the file does not exist, create it and add the following line:<br /><br />SPAMDOPTIONS="-x -u spamd -H /home/spamd -d"<br /><br /><br />spamd Options explained<br />-c, --create-prefs Create user preferences files (we don't need it)<br />-x, --nouser-config Disable user config files<br />-d, --daemonize Daemonize<br />-m num, --max-children=num Allow maximum num children<br />-u username, --username=username Run as username<br />-g groupname, --groupname=groupname Run as groupname (should we use this too? )<br />-v, --vpopmail Enable vpopmail config (we "should" need it, but not using at the moment)<br />-x, --nouser-config Disable user config files<br />-H [dir], --helper-home-dir[=dir] Specify a different HOME directory<br /><br /><br /><br />Save and exit from the file.<br /><br /><br /><br />vi /etc/mail/spamassassin/local.cf<br /><br />Add the following line...<br /><br />required_hits 5<br /><br />Save and exit from the file.<br /><br /><br />service spamassassin restart<br />chkconfig --level 35 spamassassin on<br /><br /><br /><br /><br /><br /><br />-------------------------------------------------------<br /><br />The following modules are used by various .pre files. Make sure that they are also installed.<br /><br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::RelayCountry"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::URIDNSBL"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::Hashcash"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::SPF"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::DCC"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::Pyzor"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::Razor2"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::SpamCop"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::AntiVirus"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::AWL"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::AutoLearnThreshold"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::WhiteListSubject"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::DomainKeys"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::MIMEHeader"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::ReplaceTags"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::DKIM"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::Check"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::HTTPSMismatch"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::URIDetail"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::Shortcircuit"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::Bayes"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::BodyEval"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::DNSEval"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::HTMLEval"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::HeaderEval"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::MIMEEval"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::RelayEval"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::URIEval"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::WLBLEval"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::VBounce"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::Rule2XSBody"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::ASN"<br />perl -MCPAN -e "install Mail::SpamAssassin::Plugin::ImageInfo"<br /><br /><br />-------------------------------------------------------<br /><br /><br /><br />Created a new local.cf file from the link ( http://www.yrex.com/spam/spamconfig.php)<br /><br /><br />...<br />...<br /># ok_languages should be disabled.<br /><br /># ok_languages en<br /><br /># SpamAssassin 3.1 Note: Language checking has been moved to a plugin in version 3.1.<br /># This setting will not work unless your administrator has enabled the TextCat plugin<br /># in /etc/mail/spamassassin/v310.pre.<br /><br /><br />---------------------------------------------------<br /><br />vi /etc/mail/spamassassin/init.pre<br />...<br />loadplugin Mail::SpamAssassin::Plugin::RelayCountry<br />...<br /><br />--------------<br /><br />vi /etc/mail/spamassassin/v310.pre<br />...<br /><br />loadplugin Mail::SpamAssassin::Plugin::DCC<br />loadplugin Mail::SpamAssassin::Plugin::Pyzor<br />loadplugin Mail::SpamAssassin::Plugin::Razor2<br />loadplugin Mail::SpamAssassin::Plugin::SpamCop<br />loadplugin Mail::SpamAssassin::Plugin::AntiVirus<br />loadplugin Mail::SpamAssassin::Plugin::AWL<br />loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold<br />loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject<br />loadplugin Mail::SpamAssassin::Plugin::DomainKeys<br />loadplugin Mail::SpamAssassin::Plugin::MIMEHeader<br />loadplugin Mail::SpamAssassin::Plugin::ReplaceTags<br />...<br /><br />----------------------<br /><br />vi /etc/mail/spamassassin/v312.pre<br />...<br />loadplugin Mail::SpamAssassin::Plugin::DKIM<br /><br />---------------<br /><br />vi /etc/mail/spamassassin/v320.pre<br />...<br />loadplugin Mail::SpamAssassin::Plugin::Shortcircuit<br />loadplugin Mail::SpamAssassin::Plugin::ASN<br /><br /><br />Now, run sa-compile. But, sa-compile needs re2c .<br /><br />Dowload re2c from:<br /><br />http://re2c.org/<br /><br /><br />http://rpmseek.com/download/<br />http://apt.sw.be/packages/re2c/re2c-0.13.1-1.el4.rf.i386.rpm?hl=com&nid=92223<br /><br />http://rpmseek.com/download/http://apt.sw.be/packages/re2c/re2c-0.13.1-1.el5.rf.i386.rpm?hl=com&nid=92223:589<br /><br />cd /downloads/qmailnew<br />Use links to download this:<br />http://apt.sw.be/packages/re2c/re2c-0.13.1-1.el4.rf.i386.rpm<br /><br />http://superb-west.dl.sourceforge.net/sourceforge/re2c/re2c-0.13.3-1.src.rpm<br /><br /><br />cd /downloads/qmailnew<br />wget http://superb-west.dl.sourceforge.net/sourceforge/re2c/re2c-0.13.3-1.src.rpm<br />rpmbuild --rebuild re2c-0.13.3-1.src.rpm<br /><br /><br />rpm -ivh /usr/src/redhat/RPMS/i386/re2c-0.13.3-1.i386.rpm<br /><br />------------<br /><br /><br />Now Run sa-compile:<br /><br /># sa-compile<br /><br /><br />Then, run sa-update:<br /><br />sa-update -D<br /><br /><br />Restart spamassassin service.<br /><br />service spamassassin restart<br /><br /><br /><br />DCC howto:<br />----------<br />cd /downloads/qmailnew<br /><br />wget http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z<br />tar xzf dcc.tar.Z<br />cd dcc-1.3.90/<br /><br />./configure<br />make<br />make install<br /><br /><br />vi /etc/mail/spamassassin/local.cf<br /><br />dcc_home /var/dcc<br />dcc_path /usr/local/bin/dccproc<br /><br /># dcc_dccifd_path, should be the path to dccifd socket, which will become available when dcc service is started.<br />dcc_dccifd_path /var/dcc/dccifd<br /><br /><br /><br />vi /var/dcc/dcc_conf<br />. . .<br />DCCIFD_ENABLE=on<br />. . .<br /><br /><br />cp /var/dcc/libexec/rcDCC /etc/rc.d/init.d/dcc<br /><br />chkconfig --level 35 dcc on<br />service dcc start<br /><br />[root@www dcc-1.3.90]# ps aux | grep -i dcc<br />root 30623 0.0 0.0 2492 268 ? Ss 16:44 0:00 /var/dcc/libexec/dccifd -tREP,20 -tCMN,5, -llog -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID<br />root 30624 0.1 0.6 28992 6844 ? Sl 16:44 0:00 /var/dcc/libexec/dccifd -tREP,20 -tCMN,5, -llog -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID<br />root 30629 0.0 0.0 4100 580 pts/0 R+ 16:44 0:00 grep -i dcc<br /><br /><br />Enable the DCC plugin in spamassassin .pre files. Also enable other plugins. Disable pyzor and remove it's line from local.cf as well.<br /><br /><br /><br />RAZOR:<br />------<br /><br />Download Razor from: http://razor.sourceforge.net/<br /><br />cd /downloads/qmailnew<br />wget http://optusnet.dl.sourceforge.net/sourceforge/razor/razor-agents-2.84.tar.bz2<br /><br />tar xjf razor-agents-2.84.tar.bz2<br />cd razor-agents-2.84<br />perl Makefile.PL && make && make install<br /><br /><br />Added the following to local.cf file:<br /><br />#vi /etc/mail/spamassassin/local.cf<br />#razor_config /etc/razor/razor-agent.conf<br /><br />OR<br /><br />echo "razor_config /etc/razor/razor-agent.conf" >> /etc/mail/spamassassin/local.cf<br /><br />Then:<br />razor-admin -d -home=/etc/razor -create<br />razor-admin -d -home=/etc/razor -register<br /><br /><br />--------------------------<br /><br />[root@www qmailnew]# service spamassassin restart<br />Stopping spamd: [ OK ]<br />Starting spamd: [ OK ]<br /><br /><br />Step: QMAILSCANNER:<br />--------------------<br /><br />QMR package provides qmail-scanner-1.25.tgz. Latest is 2.04 from http://qmail-scanner.sourceforge.net/ .<br />QMR package provides qms-analog-0.4.2.tar.gz. Latest is from qms-analog-0.4.4 http://www.qms-analog.teel.ws . I don't think we need qms-analog. QmailScanner has a new reporting tool. From QMS website:<br /><br />Reporting: in the contrib directory there's qs2mrtg.pl. A perl script for monitoring your syslog files for qmail-scanner records. It then graphs how Qmail-Scanner is processing your emails. It creates different graphs for incoming vs outgoing email, as well as the flow of spam and viruses.<br /><br />We would also install TNEF (http://sourceforge.net/projects/tnef/) . As per the QMS site:-<br /><br />Optional: Mark Simpson's TNEF unpacker. Can decode those annoying MS-TNEF MIME attachments that Microsoft mail servers just love to use. If you don't have this, there are several classes of email that Qmail-Scanner basically won't be able to extract attachments in. However, your AV might very well be able to handle them<br /><br /><br />yum install db4-devel<br /><br />perl -MCPAN -e "install DB_File"<br /><br /><br />TNEF:-<br />------<br />cd /downloads/qmailnew<br />wget http://internap.dl.sourceforge.net/sourceforge/tnef/tnef-1.4.3.tar.gz<br />tar xzf tnef-1.4.3.tar.gz<br />cd /downloads/qmailnew/tnef-1.4.3<br />./configure && make && make install<br /><br /><br /><br />Decided to install new version of QMS:-<br />---------------------------------------<br /><br />cd /downloads/qmailnew<br /><br />wget http://superb-west.dl.sourceforge.net/sourceforge/qmail-scanner/qmail-scanner-2.04.tgz<br />tar xzf qmail-scanner-2.04.tgz<br />cd /downloads/qmailnew/qmail-scanner-2.04<br /><br /><br />Create the following (new) file:-<br /><br />(Don't use cat >> << EOF method to create this file)<br /><br />vi qms-config<br />#!/bin/sh<br /><br />## File: qms-config<br />##<br />## Purpose: Provide a file to save personal qmail-scanner configuration<br />## options. This file should be edited for your server and<br />## saved somewhere so that it survives qmail-scanner and<br />## qms-analog upgrades.<br />##<br /><br /># Was the "install" option given?<br />if [ "$1" != "install" ]; then<br />INSTALL=<br />else<br />INSTALL="--install"<br />fi<br /><br /># Qmail Scanner 2.02 configuration:<br /><br />./configure --domain example.com \<br />--admin postmaster \<br />--local-domains "example.com,sufi-iqbal.net" \<br />--add-dscr-hdrs yes \<br />--ignore-eol-check yes \<br />--notify admin \<br />--redundant yes \<br />"$INSTALL"<br /><br /><br /><br />Next:<br /><br />chmod 755 qms-config<br /><br />./qms-config<br /><br />then<br /><br />---------------------------<br />( Note QMS will get installed in /var/spool/qscan. NOT /var/spool/qmailscan)<br /><br />./qms-config install<br /><br /><br /><br />Testing suid nature of /usr/bin/perl...<br />Looks OK...<br />Hit RETURN to create initial directory structure under /var/spool/qscan,<br />and install qmail-scanner-queue.pl under /var/qmail/bin:<br />perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt<br />perlscanner: total of 12 entries.<br /><br />Finished installation of initial directory structure for Qmail-Scanner<br />under /var/spool/qscan and qmail-scanner-queue.pl under /var/qmail/bin.<br /><br />Finished. Please read README(.html) and then go over the script<br />(/var/qmail/bin/qmail-scanner-queue.pl) to check paths/etc.<br /><br />"/var/qmail/bin/qmail-scanner-queue.pl -r" should return some well-known virus<br />definitions to show that the internal perlscanner component is working.<br /><br />That's it!<br /><br /><br />****** FINAL TEST ******<br /><br />Please log into an unpriviledged account and run<br />/var/qmail/bin/qmail-scanner-queue.pl -g<br /><br />If you see the error "Can't do setuid", or "Permission denied", then<br />refer to the FAQ.<br /><br />(e.g. "setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -g")<br /><br /><br />That's it! To report success:<br /><br />% (echo 'First M. Last'; cat SYSDEF)|mail jhaar-s4vstats@crom.trimble.co.nzThis e-mail address is being protected from spambots, you need JavaScript enabled to view it<br />Replace First M. Last with your name.<br /><br /><br />-------------<br /><br />ls -l /var/qmail/bin/qmail-scanner-queue.pl<br /><br />-rwsr-sr-x 1 qscand qscand 111710 May 9 17:36 /var/qmail/bin/qmail-scanner-queue.pl<br /><br /><br />---------------<br />Let's do the test :<br /><br />logon as user kamran:<br /><br /># su - kamran<br />[kamran@www ~]$ /var/qmail/bin/qmail-scanner-queue.pl -g<br />perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt<br />perlscanner: total of 12 entries.<br />[kamran@www ~]$<br /><br />exit<br /><br />Note: The path is changed for the Qmail Scanner spool files in the newest version, from "/var/spool/qmailscan", to "/var/spool/qscan" .<br /><br /><br />The test is passed. Alhumdulillah. Now run the following:-<br /><br /><br />setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z # also setup a cronjob to do this once a day.<br />setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g # also setup a cronjob to do this once a day.<br /><br /><br />Set them up to run through cron as well:-<br /><br />crontab -e<br />0 1 * * * /usr/local/bin/setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z<br />0 1 * * * /usr/local/bin/setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g<br /><br /><br /><br />chown -R qscand:qscand /var/spool/qscan # not /var/spool/qmailscan<br /><br /><br />vi /var/qmail/supervise/qmail-smtpd/run<br />QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE<br />...<br />(change softlimit to 40000000)<br />...<br />...<br /><br />Note: The limit 40000000 (40 MB) is (more than two years) old. And because of all the new requirements of latest version of the participating software, I needed to increase it to 60000000 (60 MB), otherwise my mails were not being dealt correctly by the Qmail Scanner. It is safe to increase this value.<br />--------<br /><br />WAIT........ DISABLE POP3 AND POP3S in COURIER FIRST. QMAIL HAS IT'S OWN POP3 server.<br /><br /><br /><br />Restart Qmail<br /><br />qmailctl stop<br />sleep 5<br />qmailctl start<br />sleep 5<br />qmailctl stat<br /><br /><br />[root@www qmail-scanner-2.04]# qmailctl stat<br />/service/qmail-send: up (pid 7749) 5 seconds<br />/service/qmail-send/log: up (pid 7750) 5 seconds<br />/service/qmail-smtpd: up (pid 7753) 5 seconds<br />/service/qmail-smtpd/log: up (pid 7758) 5 seconds<br />/service/qmail-pop3d: up (pid 7767) 5 seconds<br />/service/qmail-pop3d/log: up (pid 7768) 5 seconds<br />messages in queue: 293<br />messages in queue but not yet preprocessed: 181<br /><br /><br /><br /><br />Now, try the test_installation.sh script in contrib directory.<br /><br /><br />cd /downloads/qmailnew/qmail-scanner-2.04/contrib<br /><br /><br />./test_installation.sh -doit<br /><br />[root@www contrib]# ./test_installation.sh -doit<br /><br />Sending standard test message - no viruses...<br />done!<br /><br />Sending eicar test virus - should be caught by perlscanner module...<br />done!<br /><br />Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)...<br /><br />Sending bad spam message for anti-spam testing - In case you are using SpamAssassin...<br />Done!<br /><br />Finished test. Now go and check Email sent to postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it<br /><br /><br /><br /><br />You should have 2 messages in the postmaster's mail box, one clean message and the other marked as *****SPAM***** ., and the following output in your maillog.<br /><br /><br />tail -f /var/log/maillog<br /><br />May 9 17:53:34 www qmail-scanner[8149]: Clear:RC:1(127.0.0.1): 0.022018 313 postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it Qmail-Scanner_test_(1/4):_inoffensive_message <> orig-www.example.com12103376145628149:313 1210337614.8151-0.www.example.com:68<br />May 9 17:53:34 www spamd[31043]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37141<br />May 9 17:53:34 www spamd[31043]: spamd: processing message <> for postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :711<br />May 9 17:53:34 www qmail-scanner[8162]: Perlscan:EICAR_Test_Virus:RC:1(127.0.0.1): 0.027297 961 postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it Qmail-Scanner_viral_test_(2/4):_checking_perlscanner... <> 1210337614.8169-0.www.example.com:300 Eicar.com:69 orig-www.example.com12103376145628162:961<br />May 9 17:53:35 www qmail-scanner[8177]: CLAMDSCAN:Eicar-Test-Signature:RC:1(127.0.0.1): 0.016671 1236 postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it Qmail-Scanner_viral_test_(3/4):_checking_non-perlscanner_AV... <> sneaky.txt<br />May 9 17:53:35 www spamd[31044]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37143<br />May 9 17:53:35 www spamd[31044]: spamd: checking message (unknown) for postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :711<br />May 9 17:53:35 www spamd[31043]: spamd: clean message (0.0/5.0) for postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :711 in 0.7 seconds, 616 bytes.<br />May 9 17:53:35 www spamd[31043]: spamd: result: . 0 - UNPARSEABLE_RELAY scantime=0.7,size=616,user= postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it ,uid=711,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37141,mid=<>,autolearn=ham,shortcircuit=no<br />May 9 17:53:35 www spamd[31040]: prefork: child states: IB<br />May 9 17:53:35 www maildrop[8167]: Unable to open mailbox.<br />May 9 17:53:36 www spamd[31044]: spamd: identified spam (1009.7/5.0) for postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :711 in 1.6 seconds, 1893 bytes.<br />May 9 17:53:36 www spamd[31044]: spamd: result: Y 1009 - DATE_IN_FUTURE_96_XX,DK_POLICY_TESTING,EXCUSE_4,FORGED_YAHOO_RCVD,GTUBE,MISSING_MID,NORMAL_HTTP_TO_IP,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK scantime=1.6,size=1893,user= postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it ,uid=711,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37143,mid=(unknown),autolearn=no,shortcircuit=no<br />May 9 17:53:37 www spamd[31040]: prefork: child states: II<br />May 9 17:53:37 www qmail-scanner[8186]: Clear:RC:1(127.0.0.1):SA:1(1009.7/5.0): 1.755721 1881 postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it Qmail-Scanner_anti-spam_test_(4/4):_checking_SpamAssassin_[if_present]_(There_yo <9ps291lhupy> orig-www.example.com12103376155628186:1881 1210337615.8188-0.www.example.com:818<br />May 9 17:53:37 www spamd[31043]: spamd: connection from localhost.localdomain [127.0.0.1] at port 37147<br />May 9 17:53:37 www spamd[31043]: spamd: processing message <9ps291lhupy> for postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :711<br />May 9 17:53:38 www spamd[31043]: spamd: identified spam (1009.2/5.0) for postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :711 in 1.4 seconds, 2384 bytes.<br />May 9 17:53:38 www spamd[31043]: spamd: result: Y 1009 - AWL,DK_POLICY_TESTING,EXCUSE_4,FORGED_YAHOO_RCVD,GTUBE,INVALID_MSGID,MSGID_SHORT,NORMAL_HTTP_TO_IP,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,UNPARSEABLE_RELAY scantime=1.4,size=2384,user= postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it ,uid=711,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37147,mid=<9ps291lhupy>,autolearn=no,shortcircuit=no<br />May 9 17:53:38 www spamd[31040]: prefork: child states: II<br />May 9 17:53:38 www maildrop[8204]: Unable to open mailbox.<br />May 9 17:55:15 www spamd[31043]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43421<br />May 9 17:55:15 www spamd[31043]: spamd: processing message <> for postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :711<br />May 9 17:55:17 www spamd[31044]: spamd: connection from localhost.localdomain [127.0.0.1] at port 43427<br />May 9 17:55:17 www spamd[31044]: spamd: processing message <9ps291lhupy> for postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :711<br />May 9 17:55:17 www spamd[31043]: spamd: clean message (0.0/5.0) for postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :711 in 1.3 seconds, 616 bytes.<br />May 9 17:55:17 www spamd[31043]: spamd: result: . 0 - UNPARSEABLE_RELAY scantime=1.3,size=616,user= postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it ,uid=711,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43421,mid=<>,autolearn=unavailable,shortcircuit=no<br />May 9 17:55:17 www spamd[31040]: prefork: child states: IB<br />May 9 17:55:17 www maildrop[8590]: Unable to open mailbox.<br />May 9 17:55:18 www spamd[31044]: spamd: identified spam (1008.9/5.0) for postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it :711 in 1.5 seconds, 2384 bytes.<br />May 9 17:55:18 www spamd[31044]: spamd: result: Y 1008 - AWL,DK_POLICY_TESTING,EXCUSE_4,FORGED_YAHOO_RCVD,GTUBE,INVALID_MSGID,MSGID_SHORT,NORMAL_HTTP_TO_IP,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,UNPARSEABLE_RELAY scantime=1.5,size=2384,user= postmaster@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it ,uid=711,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=43427,mid=<9ps291lhupy>,autolearn=no,shortcircuit=no<br />May 9 17:55:18 www spamd[31040]: prefork: child states: II<br />May 9 17:55:18 www maildrop[8602]: Unable to open mailbox.<br /><br /><br />Note:<br />Any SMTP sessions that are dropped (due to network outages/etc) may lead to files lying around in /var/spool/qscan . Running "/var/qmail/bin/qmail-scanner-queue.pl -z", at least once daily, will ensure such files are deleted when they're over 30 hours old - make a cronjob to do that (see contrib/ for a logrotate script).<br /><br />crontab -e<br />0 2 * * * /var/qmail/bin/qmail-scanner-queue.pl -z<br /><br />--------------<br /><br />You may want to change the file /etc/tcp.smtp , from :<br /><br />127.:allow,RELAYCLIENT=""<br /><br /><br />, to:<br /><br /><br /># No Qmail-Scanner at all for mail from 127.0.0.1<br />127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"<br /># Use Qmail-Scanner without SpamAssassin on any mail from the local network<br /># [it triggers SpamAssassin via the presence of the RELAYCLIENT var]<br /># 10.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"<br />#<br /># Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world<br />:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"<br /><br />--------------------<br /><br />I have setup my /etc/tcp.smtp as follows:-<br /><br />[root@www contrib]# vi /etc/tcp.smtp<br /># my users loggin on to the web interface may be uploading virus infeced files.<br />127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"<br /># No Qmail-Scanner at all for mail from 127.0.0.1<br />## 127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"<br /># Use Qmail-Scanner without SpamAssassin on any mail from the local network<br /># [it triggers SpamAssassin via the presence of the RELAYCLIENT var]<br /># 10.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"<br />#<br /># Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world<br />:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"<br /><br /><br /><br />[root@www contrib]# qmailctl stop<br />Stopping qmail...<br /><br />qmail-smtpd<br />qmail-send<br />qmail-pop3d<br /><br /><br />[root@www contrib]# qmailctl cdb<br />Reloaded /etc/tcp.smtp.<br /><br /><br />[root@www contrib]# qmailctl start<br />Starting qmail...<br /><br />Starting qmail-send<br />Starting qmail-smtpd<br />Starting qmail-pop3d<br /><br /><br />[root@www contrib]# qmailctl stat<br />/service/qmail-send: up (pid 8801) 4 seconds<br />/service/qmail-send/log: up (pid 8808) 4 seconds<br />/service/qmail-smtpd: up (pid 8811) 4 seconds<br />/service/qmail-smtpd/log: up (pid 8816) 4 seconds<br />/service/qmail-pop3d: up (pid 8819) 4 seconds<br />/service/qmail-pop3d/log: up (pid 8820) 4 seconds<br />messages in queue: 263<br />messages in queue but not yet preprocessed: 0<br /><br /><br />Step: Install / configure qs2mrtg:<br />----------------------------------<br />Install qs2mrtg.pl from the contrib directory of the qmailscanner.<br /><br />This is for drawing graphs in MRTG.<br /><br /><br /><br />Step: QMAIL ANALOG:<br />-------------------<br /><br />I could not get this to work with lastest QmailScanner. So It is useless to setup. Also it is not needed based on qs2mrtg.<br /><br /><br /><br />Step: GREYLISTING and RBLSMTPD:<br />---------------------------------<br /><br />Greylist software can be downloaded.<br /><br />cd /downloads/qmailnew<br />wget http://oss.albawaba.com/files/cqgreylist-0.2.tar.gz<br />tar xzf cqgreylist-0.2.tar.gz<br />cd cqgreylist-0.2<br />mkdir /var/qmail/cqgreylist<br />chown vpopmail /var/qmail/cqgreylist<br /><br /><br />vi cqgreylist.c<br />. . .<br /><br />/*<br />* Change anything you want here<br />*/<br />/* RFC 2821 specifies the timeout for recieving a command to at least 5 mins */<br />#define TIMEOUT 300<br />/* specify the greylisting time in which to not accept mail from a sender */<br />#define GREY_SECONDS 60<br /><br />char* hostname = "www.example.com";<br />char* message = "You are greylisted. Try again.";<br />char* base_directory = "/var/qmail/cqgreylist/";<br /><br />/*<br />* End of user editable parameters<br />*/<br /><br /><br />make<br />cp cqgreylist /var/qmail/bin/<br /><br /><br />crontab -e<br /><br />. . .<br />23 * * * * /usr/bin/find /var/qmail/cqgreylist -mtime 1 -type f -exec rm -f {} \;<br /><br />See next section (RBLSMTPD) to actually include GreyListing in Qmail run file.<br /><br /><br /><br />RBLSMTPD:<br />---------<br /><br />Edit the run script for qmail-smtpd:-<br /><br />vi /var/qmail/supervise/qmail-smtpd/run<br /><br />Text before editing:<br />. . .<br />exec /usr/local/bin/softlimit -m 40000000 \<br />/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \<br />-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \<br />/var/qmail/bin/qmail-smtpd www.example.com \<br />/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1<br /><br /><br />Text after editing:<br />-------------------<br />. . .<br />exec /usr/local/bin/softlimit -m 40000000 \<br />/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \<br />-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \<br />rblsmtpd \<br />-r sbl.spamhaus.org \<br />-r zen.spamhaus.org \<br />-r bl.spamcop.net \<br />-r list.dsbl.org \<br />/var/qmail/bin/cqgreylist \<br />/var/qmail/bin/qmail-smtpd www.example.com \<br />/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1<br /><br /><br />Restart Qmail service:<br /><br />qmailctl stop<br />qmailctl cdb<br />qmailctl start<br />sleep 5<br />qmailctl stat<br /><br />[root@www cqgreylist-0.2]# qmailctl stat<br />/service/qmail-send: up (pid 11184) 5 seconds<br />/service/qmail-send/log: up (pid 11191) 5 seconds<br />/service/qmail-smtpd: up (pid 11194) 5 seconds<br />/service/qmail-smtpd/log: up (pid 11199) 5 seconds<br />/service/qmail-pop3d: up (pid 11202) 5 seconds<br />/service/qmail-pop3d/log: up (pid 11203) 5 seconds<br />messages in queue: 21<br />messages in queue but not yet preprocessed: 0<br /><br /><br />ALHUMDULILLAH. MAIL SERVER SETUP COMPLETE.<br /><br />======================================================<br /><br /><br />Step: QS2MRTG: [Not fully documented]. Coming soon.<br />---------------------------------------------------<br /><br />Install qs2mrtg.pl from the contrib directory of the qmailscanner.<br /><br />cp /downloads/qmailnew/qmail-scanner-2.04/contrib/qs2mrtg.pl /usr/local/bin/<br /><br /><br />This is for drawing graphs in MRTG.<br /><br />[root@www contrib]# ./qs2mrtg.pl --syslog-file=/var/log/messages \<br />--offset-file=/var/log/qs2mrtg.offset \<br />--mrtg-output-dir=/var/www/mrtg/ --mailsrv-name=www.example.com<br /><br /><br /><br /><br />Step: SETUP FIREWALL:<br />---------------------<br />Create a new file /etc/firewall.sh<br /><br />vi /etc/firewall.sh<br /><br />#!/bin/bash<br /><br />###################################################################################<br /># Author: Muhammad Kamran Azeem ( kamran@example.comThis e-mail address is being protected from spambots, you need JavaScript enabled to view it )<br /># Created: 20080410<br /># Last Updated: 20080410<br /># Implementation on this sevrer:20080509<br /># Proposed implementation: On stand alone webmail servers<br />###################################################################################<br />#<br /># Various tools:<br /># nmap -sU PUBLIChost # scans UDP ports<br />#<br /># The following reports total number of connections<br /># netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n<br />#<br />#<br />#<br />###################################################################################<br /><br /><br /><br /># User configurable parameters - START - #############################################<br />#<br /># The Public interface of this server towards Internet:-<br />PUBLICIF=eth0<br />#<br /># The Public IP of this server (on $PUBLICIF) visible/accessable from the Internet:-<br />PUBLICIP=192.168.0.200<br />#<br /># The full path to the iptables program:-<br />IPTABLES=/sbin/iptables<br />#<br /># User configurable parameters - END - ###############################################<br /><br />############ Load Modules - Start #############<br />#<br /># Load FTP connection tracking module<br />modprobe ip_conntrack_ftp<br />#<br />############# Load Modules - End ##############<br /><br />$IPTABLES -F<br />$IPTABLES -t nat -F<br />$IPTABLES -P INPUT ACCEPT<br /><br /># ports list:<br /># 22/tcp - SSH<br /># 25/tcp - SMTP<br /># 80/tcp - HTTP<br /># 443/tcp - HTTPS<br /># 110/tcp - POP3<br /># 995/tcp - POP3S<br /># 143/tcp - IMAP<br /># 993/tcp - IMAPS<br /># 123/tcp - NTP<br /># 123/udp - NTP<br /># 199/tcp - SNMP<br /># 161/UDP - SNMP<br /># 3306/tcp - MySQL<br /><br /><br /># Setup default INPUT policy as DROP<br />$IPTABLES -P INPUT DROP<br /><br /><br />## allow packets coming from the machine<br />$IPTABLES -A INPUT -i lo -j ACCEPT<br />$IPTABLES -A OUTPUT -o lo -j ACCEPT<br /><br /># allow outgoing traffic<br />$IPTABLES -A OUTPUT -o $PUBLICIF -j ACCEPT<br /><br /><br /># Block spoofing<br /><br /># $IPTABLES -A INPUT -s 127.0.0.0/8 -i ! lo -j DROP<br /><br /># OR more sophisticated / wide ranged method is below:-<br /><br /># Add your IP range/IPs here,<br /># Yes I am sure that the last address has 16 bit subnet for a VALID reason<br />SPOOFLIST="0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/16 192.168.0.0/16 224.0.0.0/3"<br />for ip in $SPOOFLIST<br />do<br />$IPTABLES -A INPUT -i $PUBLICIF -s $ip -j DROP<br />done<br /><br /><br /># Allow the following traffic only:-<br />$IPTABLES -A INPUT -i $PUBLICIF -p tcp -m multiport --dport 21,22,25,80,443,110,995,143,993 -j ACCEPT<br /><br /><br /># Hopefuly spamassassin, NTP, Razor, DNS, DCCIFD, etc will keep working properly,<br /># because of the following two rules.<br />$IPTABLES -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT<br />$IPTABLES -A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT<br />$IPTABLES -A INPUT -p icmp -m state --state RELATED,ESTABLISHED -j ACCEPT<br /><br /><br /># Stop bad packets<br />$IPTABLES -A INPUT -m state --state INVALID -j DROP<br /><br /># NMAP FIN/URG/PSH<br />$IPTABLES -A INPUT -i $PUBLICIF -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP<br /><br /># stop Xmas Tree type scanning<br />$IPTABLES -A INPUT -i $PUBLICIF -p tcp --tcp-flags ALL ALL -j DROP<br />$IPTABLES -A INPUT -i $PUBLICIF -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP<br /><br /># stop null scanning<br />$IPTABLES -A INPUT -i $PUBLICIF -p tcp --tcp-flags ALL NONE -j DROP<br /><br /># SYN/RST<br />$IPTABLES -A INPUT -i $PUBLICIF -p tcp --tcp-flags SYN,RST SYN,RST -j DROP<br /><br /># SYN/FIN<br />$IPTABLES -A INPUT -i $PUBLICIF -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP<br /><br /><br /># If the incoming SYN packets are not NEW, we need to DROP them:-<br />$IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP<br /><br /># Stop sync flood. Not using the following because it will result in VERY SLOW SERVER<br /># Incoming syn requests, which may be legitimate Web requests,<br /># coming from many web browsers / clients will get limited to 1 per second,<br /># WHICH, WE DON'T WANT.<br /># I suppose we CANNOT SYN Flood ?<br /># $IPTABLES -N SYNFLOOD<br /># $IPTABLES -A SYNFLOOD -p tcp --syn -m limit --limit 1/s -j RETURN<br /># $IPTABLES -A SYNFLOOD -p tcp -j REJECT --reject-with tcp-reset<br /># $IPTABLES -A INPUT -p tcp -m state --state NEW -j SYNFLOOD<br /><br /><br /><br /># Stop ping flood attack<br /><br /># DROP ICMP packets size larger than (64 Data+8 Header)=72 bytes (Below 85 did not help me!):<br /><br />iptables -A INPUT -p icmp --icmp-type echo-request -m length --length 85: -j REJECT --reject-with icmp-host-prohibited<br /><br /># Allow maximum one incoming ICMP packets per second<br />iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT<br /><br /><br /># End of Firewall script<br /><br />exit 0<br /><br /><br />-------------<br /><br /><br />Create a new startup file /etc/init.d/firewall<br /><br />vi /etc/init.d/firewall<br /><br /># firewall Startup script for our personal firewall<br />#<br /># chkconfig: 01 99<br /># description: Our own custom built firewall setup<br /># processname: firewall<br /><br /># Source function library.<br />. /etc/rc.d/init.d/functions<br /><br />prog=/etc/firewall.sh<br />lockfile=/var/lock/subsys/firewall<br />RETVAL=0<br /><br />start() {<br />echo -n $"Starting $prog: "<br />/bin/sh /etc/firewall.sh<br />RETVAL=$?<br />echo<br />[ $RETVAL = 0 ] && touch ${lockfile}<br />return $RETVAL<br />}<br /><br /><br />stop() {<br />echo -n $"Stopping $prog: "<br />/sbin/iptables -F<br />/sbin/iptables -t nat -F<br />/sbin/iptables -P INPUT ACCEPT<br />/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT<br />RETVAL=$?<br />echo<br />[ $RETVAL = 0 ] && rm -f ${lockfile}<br />}<br /><br /># See how we were called.<br />case "$1" in<br />start)<br />start<br />;;<br />stop)<br />stop<br />;;<br />status)<br />/sbin/iptables -L<br />;;<br />restart)<br />stop<br />start<br />;;<br />*)<br />echo $"Usage: $prog {start|stop|status|restart}"<br />RETVAL=3<br />esac<br /><br />exit $RETVAL<br /><br /><br />------------------------<br /><br />chmod +x /etc/firewall.sh<br />chmod +x /etc/init.d/firewall<br /><br />chkconfig --level 35 firewall on<br />service firewall start<br /><br />=====================================================================<br /><br />End of QMail Rocks Guide<br />Last Updated ( Thursday, 13 November 2008 21:15 )how computer gadget workhttp://www.blogger.com/profile/09956983139997755746noreply@blogger.com1tag:blogger.com,1999:blog-1528334988465998227.post-25512512615315777862009-05-05T11:25:00.000-07:002009-05-05T11:27:23.817-07:00How did the Internet start?<p style="text-align: justify;">Mention the history of the <a href="http://computer.howstuffworks.com/internet-technology-channel.htm">Internet</a> to a group of people, and chances are someone will make a snarky comment about Al Gore claiming to have invented it. Gore actually said that he "took the initiative in creating the Internet" [source: <a href="http://howstuffworks.com/framed.htm?parent=internet-start.htm&url=http://www.cnn.com/ALLPOLITICS/stories/1999/03/09/president.2000/transcript.gore/">CNN</a>]. He promoted the Internet's development both as a senator and as vice president of the <a href="http://maps.howstuffworks.com/maps-of-united-states.htm">United States</a>. So how did the Internet really get started? Believe it or not, it all began with a <a href="http://science.howstuffworks.com/satellite.htm">satellite</a>. </p><p style="text-align: justify;">It was 1957 when the then Soviet Union launched <strong>Sputnik</strong>, the first man-made satellite. Americans were shocked by the news. The <a href="http://people.howstuffworks.com/the-cold-war-timeline.htm">Cold War</a> was at its peak, and the United States and the Soviet Union considered each other enemies. If the Soviet Union could launch a satellite into <a href="http://science.howstuffworks.com/space-channel.htm">space</a>, it was possible it could launch a missile at <a href="http://maps.howstuffworks.com/maps-of-north-america.htm">North America</a>. </p><div> </div><p style="text-align: justify;">President Dwight D. Eisenhower created the <strong>Advanced Research Projects Agency</strong> (<strong>ARPA</strong>) in 1958 as a direct response to Sputnik's launch. ARPA's purpose was to give the United States a technological edge over other countries. One important part of ARPA's mission was computer science.</p><div style="text-align: justify;"> </div><p style="text-align: justify;">In the 1950s, <a href="http://computer.howstuffworks.com/">computers</a> were enormous devices that filled entire rooms. They had a fraction of the power and processing ability you can find in a modern <a href="http://computer.howstuffworks.com/pc.htm">PC</a>. Many computers could only read magnetic tape or punch cards, and there was no way to <a href="http://computer.howstuffworks.com/home-network.htm">network</a> computers together. </p><div style="text-align: justify;" id="googleAd"> </div><div style="text-align: justify;"> </div><p style="text-align: justify;">ARPA aimed to change that. It enlisted the help of the company Bolt, Beranek and Newman (BBN) to create a computer network. The network had to connect four computers running on four different <a href="http://computer.howstuffworks.com/operating-system.htm">operating systems</a>. They called the network <a href="http://computer.howstuffworks.com/arpanet.htm">ARPANET</a>.</p><div style="text-align: justify;"> </div><p style="text-align: justify;">Without ARPANET, the Internet wouldn't look or behave the way it does today -- it might not even exist. Although other groups were working on ways to network computers, ARPANET established the protocols used on the Internet today. Moreover, without ARPANET, it may have taken many more years before anyone tried to find ways to join regional networks together into a larger system. </p><div style="text-align: justify;"> </div><p style="text-align: justify;">In the next section, we'll look at how ARPANET joined with other networks to create the Internet.</p><p style="text-align: justify;"><br /></p><h1 class="articlePageTitle">Early Networks</h1> <!-- dtl_id=479110 //--> <p>In 1973, engineers began to look at ways to connect ARPANET to the <strong>packet radio network</strong> (<strong>PRNET</strong>). A packet radio <a href="http://computer.howstuffworks.com/home-network.htm">network</a> connects computers through <a href="http://electronics.howstuffworks.com/radio.htm">radio</a> transmitters and receivers. Instead of sending data across <a href="http://communication.howstuffworks.com/telephone.htm">phone</a> lines, the computers use radio waves. It took three years, but in 1967 engineers successfully connected the two networks [source: <a href="http://howstuffworks.com/framed.htm?parent=internet-start.htm&url=http://www.sri.com/about/timeline/timeline3.html">SRI</a>]. </p> <p> </p><table width="200" align="right" cellpadding="3" cellspacing="0"> <tbody> <tr> <td><center><img alt="Tim Berners-Lee" src="http://static.howstuffworks.com/gif/internet-start-2.jpg" width="200" border="0" height="200" /><br /><span style="font-size:78%;">Catrina Genevese/<a href="http://howstuffworks.com/framed.htm?parent=internet-start.htm&url=http://www.gettyimages.com/Home.aspx">Getty Images</a><br /></span><span style="font-size:85%;"><strong>Tim Berners-Lee</strong><br /></span></center></td> </tr> </tbody> </table> <p>Technicians joined the <strong><a href="http://science.howstuffworks.com/satellite.htm">Satellite</a> Network</strong> (SATNET) to the other two networks in 1977. They called the connection between multiple networks <strong>inter-networking</strong>, or the <strong>Internet</strong> for short. Other early computer networks soon joined. They included <strong>USENET</strong>, <strong>BITNET</strong>, <strong>CSNET</strong> and <strong>NSFNET</strong>. </p> <p>In 1990, Tim Berners-Lee developed a system designed to simplify navigation on the Internet. In time, this system became known as the <strong>World Wide Web</strong>. It didn't take long for some people to mistakenly identify the Internet and the Web as the same thing. The Internet is a global interconnection of computer networks; the World Wide Web is a way to navigate this massive network. In sailing terms, it's like comparing an ocean to a ship.</p><p style="text-align: justify;">Most early Internet users were government and <a href="http://science.howstuffworks.com/military-channel.htm">military</a> employees, graduate students and computer scientists. Using the World Wide Web, the Internet became much more accessible. Colleges and universities began to connect to the Internet, and businesses soon followed. By 1994, Internet commerce had become a reality. </p><div style="text-align: justify;"> </div><p style="text-align: justify;">Today, the Internet is more complex than ever. It connects computers, satellites, mobile devices and other gadgets together in a massive network millions of times more intricate than the original ARPANET. And to think, we owe it all to a silver beeping ball that once orbited miles above the <a href="http://science.howstuffworks.com/earth.htm">Earth's</a> surface.</p>how computer gadget workhttp://www.blogger.com/profile/09956983139997755746noreply@blogger.com4tag:blogger.com,1999:blog-1528334988465998227.post-48027317960590041622009-05-05T11:18:00.000-07:002009-05-05T11:20:56.692-07:00How Spam Works<p style="text-align: justify;"> Most of us get spam every day. Some of us get a little, and some of us get a lot, but if you have an <a href="http://computer.howstuffworks.com/email.htm">e-mail</a> account it is always there. For example, this morning, here's one that came to my inbox: </p><div style="text-align: justify;"><blockquote><span style="font-size:-1;"> Subject: Adobe </span><p> <span style="font-size:-1;">Suppose we tell you that you could really lose up to 82% of your unwanted body fat and keep it off in just a few months, would you be interested? We certainly hope so! Please visit our web site - Click here! </span></p></blockquote>Obviously this is spam, yet it made it through the spam filters and I opened it because the subject line made it unknowable whether it was spam or not. </div><p style="text-align: justify;"> Spam is incredibly annoying, especially in large quantities. If you have a public e-mail address you can receive hundreds of spam messages for every legitimate message that arrives. Even with good filters, some of the spam makes it through. And filters can sometimes delete messages that you really do want to receive. Spam is free speech run amok. </p><p style="text-align: justify;"> Where does all of this spam e-mail (also known as "unsolicited commercial e-mail") come from? Why is there so much of it? Is there any way to stop it? In this article, we will answer these questions and many others as we take a dive into the sea of spam.<br /></p><p style="text-align: justify;"> Spam is a huge problem for anyone who gets e-mail. According to <a href="http://computer.howstuffworks.com/framed.htm?parent=spam.htm&url=http://www.businessweek.com/technology/content/jun2003/tc20030610_1670_tc104.htm">Business Week magazine</a>: </p><div style="text-align: justify;"><blockquote><span style="font-size:-1;"> In a single day in May [2003], No. 1 Internet service provider AOL Time Warner (AOL ) blocked 2 billion spam messages -- 88 per subscriber -- from hitting its customers' e-mail accounts. Microsoft (MSFT), which operates No. 2 Internet service provider MSN plus e-mail service Hotmail, says it blocks an average of 2.4 billion spams per day. According to research firm Radicati Group in Palo Alto, Calif., spam is expected to account for 45% of the 10.9 trillion messages sent around the world in 2003. </span></blockquote> One of the problems with spam, and the reason why there is so much of it, is that it is so easy to create. </div><p style="text-align: justify;">You could easily become a spammer yourself. Let's say that you have a recipe from your grandmother for the best blueberry muffins ever created. A friend suggests that you sell the recipe for $5. </p><div style="text-align: justify;">You decide that your friend might be on to something, so you send an e-mail to the 100 people in your personal e-mail address book with the subject line, "These Blueberry Muffins Have Been Described as Heaven -- You Can Have the Recipe for $5!" Your e-mail contains a link to your blueberry muffin Web site. As a result of your 100 e-mails, you get two orders and make $10<br />"Wow!" you think, "It cost me nothing to send those 100 e-mails, and I made $10. If I sent 1,000 e-mails I could make $100. If I sent a million e-mails I could make $100,000! I wonder where I could get a million e-mail addresses..." </div><p style="text-align: justify;"> So, how could you get 1 million e-mail addresses? Read on to find out. </p><p style="text-align: justify;"> </p><p style="text-align: justify;"> <!-- Page Break --> </p><div style="text-align: justify;"><br /></div>how computer gadget workhttp://www.blogger.com/profile/09956983139997755746noreply@blogger.com1tag:blogger.com,1999:blog-1528334988465998227.post-77736366164231057512009-05-05T11:00:00.000-07:002009-05-05T11:05:48.825-07:00How Banner Ads Work<p style="text-align: justify;">If you've spent any time surfing the Internet, you've seen more than your fair share of <strong>banner ads</strong>. These small rectangular advertisements appear on all sorts of Web pages and vary considerably in appearance and subject matter, but they all share a basic function: if you click on them, your Internet browser will take you to the advertiser's Web site. But how do they work and why are they there? </p><div style="text-align: justify;">Banner ads are usually relatively simple pieces of HTML code, but their presence on the Web and their importance in Internet-based business is immense.<br /><br />In this article, we'll examine banner ads and their place on the Internet. We'll see how they work, how advertisers rate their effectiveness, and how you can use them to advertise your site or bring in revenue.<br /></div><p style="text-align: justify;">We'll also examine the technology behind them and look at some of the different forms they can take. By the end of this article, you will be a banner ad expert!<br /></p><p style="text-align: justify;"><br /></p><div style="text-align: justify;"><br /></div><h1 style="text-align: justify;" class="articlePageTitle">What is a Banner Ad?</h1><div style="text-align: justify;"> <!-- dtl_id=18556 //--> </div><p style="text-align: justify;"> Over the past few years, most of us have heard about all the money being made on the Internet. This new medium of education and entertainment has revolutionized the economy and brought many people and many companies a great deal of success. But where is all this money coming from? There are a lot of ways Web sites make money, but one of the main sources of revenue is advertising. And one of the most popular forms of Internet advertising is the banner ad. </p><p style="text-align: justify;">A banner ad is simply a special sort of hypertext link. If you've read the How Stuff Works article <a href="http://computer.howstuffworks.com/web-page.htm">"How Web Pages Work"</a>, then you know how a basic text link works. A bit of HTML code instructs a Web server to bring up a particular Web page when a user clicks on a certain piece of text. Banner ads are essentially the same thing, except that instead of text, the link is displayed as a box containing graphics (usually with textual elements) and sometimes animation. </p><div style="text-align: justify;"> </div><p style="text-align: justify;">Because of its graphic element, a banner ad is somewhat similar to a traditional ad you would see in a printed publication such as a newspaper or magazine, but it has the added ability to bring a potential customer directly to the advertiser's Web site. This is something like touching a printed ad and being immediately teleported to the advertiser's store! A banner ad also differs from a print ad in its dynamic capability. It stays in one place on a page, like a magazine ad, but it can present multiple images, include animation and change appearance in a number of other ways.<br /></p><p style="text-align: justify;"><br /></p><h1 style="text-align: justify;" class="articlePageTitle">Types of Banner Ads</h1><div style="text-align: justify;"> <!-- dtl_id=18558 //--> </div><p style="text-align: justify;"> Like print ads, banner ads come in a variety of shapes and sizes. The <a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.iab.net/">Internet Advertising Bureau</a> (IAB) specifies eight different banner sizes, according to <strong>pixel</strong> dimensions. A pixel is the smallest unit of color used to make up images on a computer or television screen. The IAB's standard banner sizes are: </p><p style="text-align: justify;"> </p><table style="text-align: left; margin-left: 0px; margin-right: 0px;" width="400" cellpadding="3" cellspacing="0"> <tbody> <tr> <td><center><img alt="Banner Ad Example" src="http://static.howstuffworks.com/gif/banner-ad-size.jpg" width="430" /> </center></td></tr></tbody></table><div style="text-align: justify;"> </div><p style="text-align: justify;">The full banner (468 x 60) is by far the most popular, but you will see all these variations all over the Web. These are not the only banner ad shapes and sizes, either, but they are a good representation of the range of common banner ads. There is no universal file-size constraint for banner ads, but most Web sites impose their own limits on <a href="http://computer.howstuffworks.com/bytes.htm">memory size</a>, usually something like 12K to 16K. This is because banner ads add to the total file size of the page they appear on, therefore increasing the time it takes for a browser to load that page. </p><div style="text-align: justify;"> </div><p style="text-align: justify;">As you've probably noticed while surfing the Web, actual graphic content, or <strong>creative</strong>, varies considerably among banner ads. The simplest banner ads feature only one, static GIF or JPEG image, which is linked to the advertiser's home page. More common is the GIF-animated banner ad, which displays several different images in succession, sometimes to create the effect of animated motion. Then there are <strong>rich media</strong> banner ads -- ads that use audio, video, or Java and Shockwave programming. These banner ads, which usually have larger file sizes, are often interactive beyond their simple linking function. </p><div style="text-align: justify;"> </div><p style="text-align: justify;"> </p><h1 style="text-align: justify;" class="articlePageTitle">Banner Ad Objectives</h1><div style="text-align: justify;"> <!-- dtl_id=18560 //--> </div><p style="text-align: justify;"> Advertisers generally hope a banner ad will do one of two things. Ideally, a visitor to the <strong>publisher</strong> site, the Web site that posts the banner ad, will click on the banner ad and go to the advertiser's Web site. In this case the banner ad has brought the advertiser a visitor they would not have had otherwise. The banner ad is a real success if the visitor not only comes to the site but also buys something. Failing a <strong>click-through</strong>, advertisers hope that a publisher site visitor will see the banner ad and will somehow register it in their heads. This could mean the visitor consciously notes the content of a banner ad and decides to visit the advertiser's site at some time in the future, or it might mean that the visitor only peripherally picks up on the ad but is made aware of the advertiser's product or service. </p><p style="text-align: justify;"> This second effect of advertising is known as <strong>branding</strong>. We've all experienced the effects of branding before. Say you see ads on television for Brand X glue all the time. The ads don't seem to particularly affect you -- you don't leap from your couch to go buy glue -- but down the road, when you're at the store shopping for glue, they may affect the decision you make. If you don't have any other reason to choose one type of glue over the others, you'll probably choose the one you're most familiar with, Brand X, even if you're only familiar with it because of advertising. </p><p style="text-align: justify;">So there are several ways a banner ad can be successful. Consequently, there are several ways advertisers measure banner ad success. Advertisers look at: </p><ul style="text-align: justify;"><li><strong>Clicks/Click-throughs:</strong> The number of visitors who click on the banner ad linking to the advertiser's Web site. Publisher sites often sell banner ad space on a cost-per-click (CPC) basis. </li><li><strong>Page views:</strong> Also called page impressions, this is the number of times a particular Web page has been requested from the server. Advertisers are interested in page views because they indicate the number of visitors who could have seen the banner ad. Although they don't measure the effectiveness of a branding campaign, they do measure how many visitors were exposed to it. The most common way to sell banner ad space is cost per thousand impressions, or CPM (In roman numerals, M equals a thousand). </li><li><strong>Click-through rate (CTR):</strong> This describes the ratio of page views to clicks. It is expressed as the percentage of total visitors to a particular page who actually clicked on the banner ad. The typical click-through-rate is something under 1 percent, and click-through rates significantly higher than that are very rare. </li><li><strong>Cost per sale:</strong> This is the measure of how much advertising money is spent on making one sale. Advertisers use different means to calculate this, depending on the ad and the product or service. Many advertisers keep track of visitor activity using Internet <a href="http://computer.howstuffworks.com/cookie.htm">cookies</a>. This technology allows the site to combine shopping history with information about how the visitor originally came to the site. </li></ul><div style="text-align: justify;"> </div><p style="text-align: justify;">Different measures are more important to different advertisers, but most advertisers consider all of these elements when judging the effectiveness of a banner ad. </p><h1 style="text-align: justify;" class="articlePageTitle">Who Makes Banner Ads?</h1><div style="text-align: justify;"> <!-- dtl_id=18562 //--> </div><p style="text-align: justify;"> Pretty much anybody with computer knowledge can learn how to make a very basic banner ad. To code the banner, simply combine the HTML tag for a link with the HTML tag for an image. You can create the necessary graphics using a simple computer art program, like Paint Shop Pro, which you can download from <a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.jasc.com/download_4.asp">this site</a>. </p><p style="text-align: justify;"> To understand the coding involved, let's look at an example. Here is a basic static banner ad for How Stuff Works: </p><p style="text-align: justify;"> </p><table style="text-align: left; margin-left: 0px; margin-right: 0px;" width="430" cellpadding="3" cellspacing="0"> <tbody><tr><td> <center> <a href="http://computer.howstuffworks.com/index.htm"><img src="http://static.howstuffworks.com/gif/banner-ad-static.gif" width="430" /></a> </center> </td></tr></tbody></table><div style="text-align: justify;"> </div><p style="text-align: justify;"> Its code looks like this: </p><p style="text-align: justify;"> </p><div style="text-align: justify;"><blockquote> <strong><a href="http://www.howstuffworks.com/"> <img src="http://static.howstuffworks.com/gif/banner-ad-static.gif" /> </a></strong> </blockquote> </div><p style="text-align: justify;"> The link component of the code is: </p><p style="text-align: justify;"> </p><div style="text-align: justify;"><blockquote> <strong><a href="http://www.howstuffworks.com/"> ___________ </a></strong> </blockquote> </div><p style="text-align: justify;"> As you can see, the information in quotes is the URL for the How Stuff Works home page. If you were writing a text link, you would simply write something like "How Stuff Works" in the blank space, and a site visitor could click on those words to bring up the HSW home page. To make a banner link, you do pretty much the same thing, except instead of text, you put a tag for a graphic in the empty space. The graphic tag component of the code is: </p><p style="text-align: justify;"> </p><div style="text-align: justify;"><blockquote> <strong><img src="http://static.howstuffworks.com/gif/banner-ad-static.gif" /></strong> </blockquote> </div><p style="text-align: justify;">In this case, the tag simply consists of the URL location of the graphic image; the full URL would be "http://www.howstuffworks.com/gif/banner-ad-static.gif" (go to this URL and you will see the graphic), but we only need to put the last part of the URL here, since we are already within "http://www.howstuffworks.com." This tells a visitor's browser to load the image posted at that particular URL. The visitor can then click anywhere on the entire image to visit the How Stuff Works home page. For more information on how to code image and hyperlink tags, check out the How Stuff Works article, <a href="http://computer.howstuffworks.com/web-page.htm">How Web Pages Work</a>. </p><p style="text-align: justify;"> Basic, static banner ads are so simple you can make a few for your site in an afternoon, and animated GIF banner ads aren't much more complicated. On the other end of the spectrum are complicated rich media ads. Ads with elaborate animation or user interactivity require much more extensive programming ability. </p><p style="text-align: justify;">Amateur banner ads often work fine, but with so many ads competing for viewer attention, many Web sites need the help of professional ad designers. Good advertising agencies and professional designers not only bring their programming skills to banner ad creation, but also their creativity and extensive marketing experience. They work to match a banner ad campaign with the advertiser's product or service, and to make innovative, attention-getting graphic content. There are many ad agencies and free-lance banner ad designers serving Web sites today, and they have a wide range of experience, ability and success. They also have a wide range of fees: You can get a professional banner ad for $50 or you can spend upwards of $1,000. </p><p style="text-align: justify;">There are also Web sites that offer free banner ad creation. They either provide you with all the components you need to create your own banner ad, such as backgrounds and fonts, or they create a banner ad for you. These designers and companies do this for a number of reasons. Some simply make money from advertising on their sites, some offer free banner creation in exchange for their customers posting client banner ads on the customer's site and a few designers simply create banners as a hobby. </p><p style="text-align: justify;"> Some popular free banner design sites are: </p><ul style="text-align: justify;"><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://makeyourbanner.com/">Make Your Banner.com</a> </li><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.abcbanners.com/mlinks/links.pl">ABC Banners</a> </li><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://members.tripod.com/atomicarts/">Atomic Arts</a> </li></ul><p style="text-align: justify;"> Like most forms of advertising, banner ads vary considerably in quality because their creators vary a great deal in ability and experience. The range is even greater with banner ads than with most other forms, however, because it is so easy and inexpensive to create and post banners. </p><p style="text-align: justify;"><br /></p><div style="text-align: justify;"><br /></div><h1 style="text-align: justify;" class="articlePageTitle">Advertising with Banners</h1><div style="text-align: justify;"> <!-- dtl_id=18564 //--> </div><p style="text-align: justify;"> An advertiser that is interested in posting banner ads on other sites has three basic options. The advertiser can: </p><ul style="text-align: justify;"><li>Arrange to display other Web sites' banner ads in exchange for them displaying its ad. </li><li>Pay publisher sites to post its banner. </li><li>Pay an organization, usually a banner network like <a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.doubleclick.net">DoubleClick</a> or <a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.flycast.com">Flycast</a>, to post the banner on a number of publisher sites. </li></ul><p style="text-align: justify;"> These three arrangements take many forms and advertisers and publishers must choose the specific arrangement that best suits them. If you want to post banner ads on other sites but don't have the capital to mount a traditional advertising campaign, you may choose to exchange banner ads with other sites. There are two ways you can go about this. The first is to individually develop relationships with other Web sites and trade specific banners. This is a very natural process and allows you to place your banner ads conscientiously and post other Web site banner ads that fit your site well. Your banner ad doesn't end up on very many sites, however, unless you invest a whole lot of your time in seeking out interested webmasters. </p><p style="text-align: justify;">If you want to get your banner ad on a lot of sites in a short amount of time (and don't want to pay for it) then your best bet is joining a banner exchange program.<br /></p><h1 style="text-align: justify;" class="articlePageTitle">Banner Exchange Programs</h1><div style="text-align: justify;"> <!-- dtl_id=18566 //--> </div><p style="text-align: justify;"> Banner exchange programs offer a simple service. If you post a certain number of banner ads on your site, they will post your banner ad on another site. Usually, this isn't an even exchange; you have to post more than one banner ad for every one of your banner ads they post. This is how the exchange program makes a profit. Their arrangement yields them more banner ad spaces than actual banner ads they need to place for their members, so they can sell the extra banner ad spaces to paying advertisers. The exact ratio varies, but 2:1, posting two banner ads on your site for every one of yours posted on another site, is a typical arrangement. </p><p style="text-align: justify;">Most banner exchange programs distribute banner ads in the same way. For every banner ad you've decided to display, the exchange provides you with a piece of HTML code. This code instructs a visitor's Web browser to bring up a banner ad from the exchange program's <a href="http://computer.howstuffworks.com/web-server.htm">server</a>. This enables the exchange program to easily change which banner ads are on which sites. They can also monitor the success of particular banner ads on particular member sites, which helps them to pair sites with suitable advertisers. </p><p style="text-align: justify;">The advantage of joining a banner exchange program is it's a free way to get other sites to post your banner ads. The disadvantage is that you give up a lot of control over where your ads are posted and what ads are posted on your site. In most cases, the banner exchange program chooses where to put its members' banner ads, and you may not like what they decide to post on your site or where they end up posting your banner ad. Most banner exchange programs attempt to link banner ads and sites intelligently, and they often do a good job, but there is a possibility that at some point you will be dissatisfied with a banner ad that ends up on your site. </p><p style="text-align: justify;"> Some major banner exchange programs are: </p><ul style="text-align: justify;"><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://adnetwork.bcentral.com/">LinkExchange</a> </li><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.bannerswap.com/">BannerSwap</a> </li><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.smartage.com/promote/smartclicks/index2.html?">SmartClicks</a> </li><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.free-banners.com/main.htm">Free Banners</a> </li><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.linkbuddies.com/index.html">LinkBuddies</a> </li></ul><div style="text-align: justify;"> </div><p style="text-align: justify;">It's pretty easy to join a banner exchange program. Go to any of the above sites and they will walk you through their particular process. It's definitely a good idea to shop around, because different banner exchange programs have different strengths. Some programs concentrate on effective banner placement more than others, and some specialize in Web sites that feature a particular subject matter, such as religion or kid interests. Most banner exchange programs are free to join, but some also offer a better exchange ratio for a small fee.<br /></p><h1 style="text-align: justify;" class="articlePageTitle">Buying Advertising</h1><div style="text-align: justify;"> <!-- dtl_id=18568 //--> </div><p style="text-align: justify;"> If you are interested in buying advertising space, you have a few different options. You can: </p><ul style="text-align: justify;"><li>Approach Web sites yourself </li><li>Employ an advertising agency </li><li>Join a banner ad network </li><li>Start an affiliate program </li></ul><div style="text-align: justify;"> Each of these options has its own advantages and disadvantages, as we will see.<br /><br /></div><p style="text-align: justify;"> <span style="font-size:+1;color:#000099;">Approach Web Sites Yourself</span><br />This is an involved, time-consuming way to place your banner ads, but it does offer some significant advantages. Mainly, placing all your banner ads yourself gives you a lot of control over how you advertise. You can fully investigate potential publisher sites to decide if their content matches yours and you can often work with the site to find the best location for your ad. This can be a relatively inexpensive way of advertising, if you target small Web sites that don't attract a lot of other advertisers. If you choose such sites carefully, your banner ad can be fairly effective. A small Web site that caters to a particular niche may not have very high traffic, but the people who do visit are all interested in some of the same things. If you sell rare <a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.pez.com/">PEZ machines</a>, for example, a well-placed ad on a small toy collector site could bring you significant traffic. </p><p style="text-align: justify;"> To place advertisements this way, you have to approach each site individually, follow its particular procedures and purchase its particular advertising packages. Start by searching the site to see if they have a page for potential advertisers. If you can't find anything online, call the site or send them e-mail. Shop around for an advertising arrangement that meets your needs and fits your budget. </p><p style="text-align: justify;">Larger sites will probably have a set advertising package with a relatively high price tag. Most sites sell advertising space on a CPM basis, in a package consisting of a certain number of impressions. CPM varies considerably -- you can expect to pay anywhere from $5 to $100 per thousand impressions on a fairly popular site. There is such a wide range because different Web sites have different levels of popularity and different sorts of audiences. A site with consistently high traffic will usually charge a lot more than a less popular site. If a site caters to a particular niche, it may charge more than a general interest site because its advertisers can more effectively target a specific demographic. The amount of impressions in an advertising package varies, but 50,000 to 200,000 impressions sold at a time is typical of good-sized sites. Smaller sites may not have any advertising plan whatsoever, which means you might be able to work out a good deal with them. </p><p style="text-align: justify;"> <span style="font-size:+1;color:#000099;">Employ an Advertising Agency</span><br />A full-service advertising agency will do most of the work of posting banner ads for you, and it will lend its expertise to the process. Agencies help you seek out suitable publisher sites, they negotiate the price of banner ad space, and they help you make the best use of your advertising budget. Additionally, advertising agencies work with you to conceive advertising campaigns and they create professional banner ads for your site. They can often get a better price on advertising space because they have a lot of clients and can buy impressions in bulk. There are many good Internet advertising agencies, offering a wide variety of special services. </p><p style="text-align: justify;">It's clear that using an advertising agency has a lot of advantages, but it also has one significant drawback for smaller sites: Advertising agencies usually deal only with accounts of a certain minimum size. Agencies vary considerably in reputation, services offered and size, and so also vary a great deal in price and account minimum. The best way to find out if an ad agency is right for you is to shop around. Find out what an agency offers, how much it charges and how much experience it has. Look at several agencies so you can make an informed decision. </p><p style="text-align: justify;">The cost of using an agency is certainly worth it to very large companies because they need the expertise and talent of professionals to make their ads competitive with rival companies' ads. It may be a necessary investment for a smaller Web site too, if it wants to establish itself as a significant presence on the Internet. Advertising is a very difficult process and an important ad campaign is certainly best handled by experts. If you have a limited advertising budget, however, you might do better to spend most of your money on actual banner ad placement, rather than marketing plans and top-of-the-line banner design. </p><p style="text-align: justify;"> <span style="font-size:+1;color:#000099;">Join a Banner Ad Network</span><br />If you want to place your banner ads on a lot of sites and don't want to put in the time to negotiate with the sites yourself, then using a banner network is a good option. Banner ad networks simply act as brokers between advertisers and publishers. Like banner exchange programs, they take care of placing an advertiser's banner ads and tracking all activity related to that ad. They also share one of the main drawbacks of banner exchange programs, however -- a lack of client control. Banner networks decide where to place banner ads, and they don't give each client the level of attention an advertising agency would. Consequently, there's a good chance you won't always be happy where your banner ad gets displayed. Many Web sites happily accept this shortcoming in light of the extensive services ad networks provide at a relatively low cost. </p><p style="text-align: justify;">You definitely need to shop around to find a suitable banner network. For one thing, many of the larger banner networks primarily sell advertising space from high-traffic publisher sites, which may be too expensive for your budget. There are banner ad networks that specialize in more affordable advertising space on smaller publisher sites, and a few networks offer discounted "remainder" advertising space, also called excess banner inventory, which is simply ad space that didn't sell at the regular price. You should also check out networks that specialize in a particular kind of site, as they may place your ads more effectively. Unfortunately, there are plenty of banner ad networks that promise more than they deliver and that fail to place your ads effectively, so be sure to research a network thoroughly before you join. </p><p style="text-align: justify;">You'll also need to decide whether you are interested in impressions or click-throughs, as most banner ad networks specialize in one or the other. </p><p style="text-align: justify;"> Some major impression networks are: </p><ul style="text-align: justify;"><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.doubleclick.net/">DoubleClick</a> </li><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.flycast.com">Flycast</a> </li><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.burstmedia.com/">BURST! Media</a> </li><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.contentzone.com">ContentZone</a> </li></ul><div style="text-align: justify;"> </div><p style="text-align: justify;"> Some major click-through networks are: </p><ul style="text-align: justify;"><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.bannerbrokers.com">Banner Brokers</a> </li><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://valueclick.com/">ValueClick</a> </li><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.bannerspace.com">BannerSpace</a> </li><li><a href="http://computer.howstuffworks.com/framed.htm?parent=banner-ad.htm&url=http://www.eads.com/">eAds</a></li></ul><p style="text-align: justify;"><br /></p><p style="text-align: justify;"><br /></p><div style="text-align: justify;"><br /></div>how computer gadget workhttp://www.blogger.com/profile/09956983139997755746noreply@blogger.com1