Jump to content

Administrator

Site Manager
  • Content Count

    1,283
  • Donations

    $100.00 
  • Joined

  • Last visited

  • Days Won

    105

Administrator last won the day on December 8

Administrator had the most liked content!

Community Reputation

87 Excellent

1 Follower

About Administrator

  • Rank
    Tracadaca
  • Birthday 02/08/1968

Contact Methods

  • Website URL
    https://www.devcu.com

Profile Information

  • Gender
    Male
  • Location
    New York
  • Interests
    Everything code...

Recent Profile Visitors

2,843 profile views
  1. Administrator

    Nginx 1.15.2 Fails to compile

    Updated Version to Release
  2. Administrator

    Build | Version 1.0.0 Beta 2

    Updated Type to Testing
  3. Administrator

    Build | Version 1.0.0 Beta 2

    We have a working announce on my test board, files being shared, More tests are being done but we are close to a release.
  4. Administrator

    Beta Build Testing

    Just got back to this, have a few things to update and will be testing sometime this upcoming week. If all goes well, we shall see about a Beta release.
  5. Administrator

    Build | Version 1.0.0 Pre-Release Candidate Alpha

    Pushing harder, working again on this.
  6. Administrator

    The Perfect Spam Free Secure Mail Server

    Step four: Dovecot Configure Dovecot is a bit easier than Postfix, we just have to change a few config files to get it up and running properly. If config is not in the list, leave as is! # cd /etc/dovecot/conf.d # nano 10-auth.conf Uncomemnt -Enable disable_plaintext_auth = yes Adjust - Add login auth_mechanisms = plain login Switch - Comment all others !include auth-sql.conf.ext # nano 10-logging.conf Uncomment log_path = syslog auth_verbose = yes auth_verbose_passwords = plain auth_debug = yes auth_debug_passwords = yes mail_debug = yes verbose_ssl = yes log_timestamp = "%b %d %H:%M:%S " login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k # nano 10-mail.conf Adjust mail_location = maildir:/var/vmail/%d/%n Uncomment type = private Uncomment mail_uid = vmail mail_gid = mail Comment #mail_privileged_group = mail Uncomment first_valid_uid = 150 last_valid_uid = 150 Uncomment mail_plugin_dir = /usr/lib/dovecot/modules # nano 10-master.conf Copy and paste #default_process_limit = 100 #default_client_limit = 1000 # Default VSZ (virtual memory size) limit for service processes. This is mainly # intended to catch and kill processes that leak memory before they eat up # everything. #default_vsz_limit = 256M # Login user is internally used by login processes. This is the most untrusted # user in Dovecot system. It shouldn't have access to anything at all. #default_login_user = dovenull # Internal user is used by unprivileged processes. It should be separate from # login user, so that login processes can't disturb other processes. #default_internal_user = dovecot service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. <doc/wiki/LoginProcess.txt> service_count = 1 # Number of processes to always keep waiting for more connections. process_min_avail = 4 # If you set service_count=0, you probably need to grow this. #vsz_limit = $default_vsz_limit } service pop3-login { service_count = 1 inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service lmtp { unix_listener lmtp { #mode = 0666 } # Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet #address = #port = #} } service imap { # Most of the memory goes to mmap()ing files. You may need to increase this # limit if you have huge mailboxes. #vsz_limit = $default_vsz_limit # Max. number of IMAP processes (connections) #process_limit = 1024 } service pop3 { # Max. number of POP3 processes (connections) #process_limit = 1024 } service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have # full permissions to this socket are able to get a list of all usernames and # get the results of everyone's userdb lookups. # # The default 0666 mode allows anyone to connect to the socket, but the # userdb lookups will succeed only if the userdb returns an "uid" field that # matches the caller process's UID. Also if caller's uid or gid matches the # socket's uid or gid the lookup succeeds. Anything else causes a failure. # # To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). unix_listener auth-userdb { mode = 0666 user = vmail group = mail } unix_listener /var/spool/postfix/private/auth { mode = 0666 # Assuming the default Postfix user and group user = postfix group = postfix } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 } # Auth process is run as this user. user = root } service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user. user = root } service dict { # If dict proxy is used, mail processes should have access to its socket. # For example: mode=0660, group=vmail and global mail_access_groups=vmail unix_listener dict { #mode = 0600 #user = #group = } } # nano 10-ssl.conf Copy and paste, make sure you update all SSL paths! ## ## SSL settings ## # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = required # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf ssl_cert = </etc/letsencrypt/live/mail.domain.com/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.domain.com/privkey.pem # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often # world-readable, you may want to place this setting instead to a different # root owned 0600 file by using ssl_key_password = <path. #ssl_key_password = # PEM encoded trusted certificate authority. Set this only if you intend to use # ssl_verify_client_cert=yes. The file should contain the CA certificate(s) # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) ssl_ca = </etc/letsencrypt/live/mail.domain.com/chain.pem # Require that CRL check succeeds for client certificates. #ssl_require_crl = yes # Directory and/or file for trusted SSL CA certificates. These are used only # when Dovecot needs to act as an SSL client (e.g. imapc backend). The # directory is usually /etc/ssl/certs in Debian-based systems and the file is # /etc/pki/tls/cert.pem in RedHat-based systems. ssl_client_ca_dir = /etc/ssl/certs #ssl_client_ca_file = # Request client to send a certificate. If you also want to require it, set # auth_ssl_require_client_cert=yes in auth section. #ssl_verify_client_cert = no # Which field from certificate to use for username. commonName and # x500UniqueIdentifier are the usual choices. You'll also need to set # auth_ssl_username_from_cert=yes. #ssl_cert_username_field = commonName # DH parameters length to use. ssl_dh_parameters_length = 2048 # SSL protocols to use #ssl_protocols = !SSLv2 !SSLv3 # SSL ciphers to use ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:+HIGH:+MEDIUM # Prefer the server's order of ciphers over client's. ssl_prefer_server_ciphers = yes # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = # SSL extra options. Currently supported options are: # no_compression - Disable compression. # no_ticket - Disable SSL session tickets. #ssl_options = # nano 15-mailboxes.conf Copy and paste ## ## Mailbox definitions ## # Each mailbox is specified in a separate mailbox section. The section name # specifies the mailbox name. If it has spaces, you can put the name # "in quotes". These sections can contain the following mailbox settings: # # auto: # Indicates whether the mailbox with this name is automatically created # implicitly when it is first accessed. The user can also be automatically # subscribed to the mailbox after creation. The following values are # defined for this setting: # # no - Never created automatically. # create - Automatically created, but no automatic subscription. # subscribe - Automatically created and subscribed. # # special_use: # A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the # mailbox. There are no validity checks, so you could specify anything # you want in here, but it's not a good idea to use flags other than the # standard ones specified in the RFC: # # \All - This (virtual) mailbox presents all messages in the # user's message store. # \Archive - This mailbox is used to archive messages. # \Drafts - This mailbox is used to hold draft messages. # \Flagged - This (virtual) mailbox presents all messages in the # user's message store marked with the IMAP \Flagged flag. # \Junk - This mailbox is where messages deemed to be junk mail # are held. # \Sent - This mailbox is used to hold copies of messages that # have been sent. # \Trash - This mailbox is used to hold messages that have been # deleted. # # comment: # Defines a default comment or note associated with the mailbox. This # value is accessible through the IMAP METADATA mailbox entries # "/shared/comment" and "/private/comment". Users with sufficient # privileges can override the default value for entries with a custom # value. # NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf. namespace inbox { # These mailboxes are widely used and could perhaps be created automatically: mailbox Trash { auto = no special_use = \Trash } mailbox Junk { auto = no special_use = \Junk } mailbox Drafts { auto = no special_use = \Drafts } mailbox Sent { auto = subscribe # autocreate and autosubscribe the Sent mailbox special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Spam { auto = create # autocreate Spam, but don't autosubscribe special_use = \Junk } # If you have a virtual "All messages" mailbox: #mailbox virtual/All { # special_use = \All # comment = All my messages #} # If you have a virtual "Flagged" mailbox: #mailbox virtual/Flagged { # special_use = \Flagged # comment = All my flagged messages #} } # nano 20-imap.conf Replace at bottom protocol imap { mail_max_userip_connections = 512 imap_idle_notify_interval = 24 mins mail_plugins = $mail_plugins antispam } # nano 20-pop3.conf Replace at bottom protocol pop3 { mail_max_userip_connections = 512 #mail_plugins = $mail_plugins sieve } # nano 90-plugin.conf Copy and paste ## ## Plugin settings ## # All wanted plugins must be listed in mail_plugins setting before any of the # settings take effect. See <doc/wiki/Plugins.txt> for list of plugins and # their configuration. Note that %variable expansion is done for all values. plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /var/lib/dovecot/sieve.d/ sieve_global_path = /var/lib/dovecot/sieve.d/default.sieve } plugin { antispam_backend = pipe antispam_signature = X-Spam-Flag antispam_signature_missing = move antispam_trash = trash;Trash;Deleted Items;Deleted Messages antispam_trash_pattern = trash;Trash;Deleted * antispam_trash_pattern_ignorecase = TRASH antispam_spam = Spam;Junk antispam_spam_pattern = spam;Spam;junk;Junk antispam_spam_pattern_ignorecase = SPAM;JUNK antispam_pipe_tmpdir = /var/tmp antispam_pipe_program = /usr/bin/spamc antispam_pipe_program_args = --username;debian-spamd antispam_pipe_program_spam_arg = --learntype=spam antispam_pipe_program_notspam_arg = --learntype=ham antispam_debug_target = syslog antispam_verbose_debug = 1 } # nano 90-sieve.conf Uncomment sieve_before = /var/lib/dovecot/sieve.d/ sieve_extensions = +notify +imapflags +fileinto +mailbox +variables sieve_global_extensions = +spamtest +spamtestplus +virustest +relational +comparator-i;ascii-numeric +reject +regex +body sieve_max_script_size = 1M And finally connect to the database # nano /etc/dovecot/dovecot-sql.conf.ext Uncomment driver = mysql connect = host=localhost dbname=mailservename user=postfixuser password=databasepassword password_query = \ SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, \ 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, \ 8 as userdb_gid, allow_nets \ FROM mailbox WHERE username = '%u' AND active = '1' user_query = \ SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail, \ 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota \ FROM mailbox WHERE username = '%u' AND active = '1' Enabling Sieve # nano 15-lda.conf Uncomment postmaster_address = postmaster@domain.com hostname = mail.domain.com Adjust protocol lda { log_path = syslog mail_plugins = $mail_plugins sieve mail_fsync = optimized } Restart Dovecot # /etc/init.d/dovecot restart Should start with no problems. I have verbose debugging enabled for testing and correcting. You can alter this in the logging.conf when all is well. Most common error is path to SSL, make sure it is correct or server wont start. Now we want to connect to the mail server from a client such as Outlook but first we need to take some security steps and create a new row in the mailserver database Create a new row in the mailboxes table allow_nets varchar(255) NOT Null This is where you can add you IP address block to connect from, it ensures no one else can access your email unless its from your own work station/machine In allow_nets for each mailbox add your public IP block like so 111.222.333.0/24 For convenience you can also add it from the mail admin submission form when editing or creating new account but we will need to alter the postfix admin code to achieve this. And upon each update it will need to be added in as it is over written. At the command line (Path to mymailadmin) # nano /usr/share/mymailadmin/model/MailboxHandler.php Find 'name' => pacol(1, 1, 1, 'text', 'name' , 'pCreate_mailbox_name_text' , '' ), Add underneath 'allow_nets' => pacol( 1, 1, 1, 'text', 'pCreate_allowed_nets' , 'pCreate_allow_nets' , '' ), # nano /usr/share/mymailadmin/templates/list-virtual_mailbox.tpl Find {if $CONF.quota===YES}<td>{$PALANG.pOverview_mailbox_quota}</td>{/if} Below it add <td>{$PALANG.allownet}</td> Find <td>{$item.modified}</td> Above it add <td>{$item.allow_nets}</td> # nano /usr/share/mymailadmin/languages/en.lang Adjust for your own language Add at top $PALANG['allownet'] = 'Allowed Nets'; $PALANG['pCreate_allowed_nets'] = 'Allowed IP Nets (comma separated list)'; Save the files and login to Postfix admin and see the fields available now. Moving on...
  7. [Updated as of 27 AUG 2018] There are many email server install tutorials out there but none tell you how to configure the server for blocking all Spam and malicious users, while running a very secure, reliable and smooth server.. They also don't tell you how to get all aspects up and running like DCC, Pyzor, postgrey, etc.. Just running apt or yum to install these programs is not installing or configuring a mail server. The following is a culmination of 20 years of installing and configuring these servers to the point that they are 100% spam free and 100% secure from spammers and hackers. If you are not using forced TLS or your mail carrier doesn't support it than find a new carrier. 100% SSL encryption is standard and necessary in todays internet climate. This will take anywhere from 2 to 4 hours to complete, test, and put into production. Depending on your skill at the command line will determine the total time. Don't have the time and want a secure and smoothly running mail server? Need an evaluation for a current server? Hire Us Using Ubuntu 18.04 but should work on any Debian based OS, You can use this to reconfigure currently installed mail servers as well that aren't doing the job. Ruining latest Bind9 for mail server DNS, Nginx 1.15.2, Percona MySQL 5.7, and PHP 7.2 (For Postifx Admin) We will be installing and configuring the following: Postfix Postfix Admin with allowed nets security Dovecot Dovecot-sieve Postgrey Amavis Spamassassin Bayes Database Pyzor Razor2 DCC OpenDKIM Letsencrypt SSL Configure UFW Firewall Custom Sieve Scripts Configure DNS for SPF | DMARC | DKIM Configure DNS Reverse for Mail Server Configure CRON jobs for bayes and rcDCC SSL First Security is first and foremost; generate your SSL with letsencrypt via certbot or have your premium cert ready. We are using the sub domain mail.domain.com for this example. Make sure to adjust all files and configurations for your SSL paths as well as domain name, directory/file paths, IP address and users where applicable. Generate a strong 2048bit dhparam.pem ( We will link to it later in Postfix / Dovecot, and Nginx ) # openssl dhparam 2048 -out /etc/ssl/certs/dhparam.pem Step one: Install Change to root user # sudo su Run an update # apt update && apt upgrade Install the required applications and dependencies. I am assuming php 7.2 [recommended] (Update the application list accordingly if other version) # apt install postfix postfix-mysql getmail4 dovecot-antispam rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo postgrey pyzor razor amavisd-new spamassassin clamav clamav-daemon unzip bzip2 arj nomarch lzop cabextract libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl php7.2-fpm php7.2-mysql php7.2-curl php7.2-gd php7.2-intl php-pear php-imagick php7.2-imap php7.2-mbstring php-memcache php-sqlite3 php-apcu php7.2-tidy php7.2-xmlrpc php7.2-xml dovecot-managesieved postfix-ldap postfix-pcre sasl2-bin arj p7zip-full ripole rpm2cpio tnef unrar-free libmysqlclient-dev opendkim opendkim-tools rblcheck postfix-policyd-spf-python During install you will prompted by Postfix to choose your setup Internet Site And hostname mail.domain.com (Obviously your domain and your mail servers hostname) If you see this during install don't worry, we never set a home path so its a postgrey error and we will deal with it later. The most important part of this entire install is proper permissions for functionality as well as security, 99% of mail server issues are improper permissions,. Make sure php imap is enabled (Issues on random systems, most are good but just to make sure) # phpenmod imap Now we must install our PERL modules # cpan -i DBI # cpan -i DBD::mysql # cpan -i Geo::IP # cpan -i Net::CIDR::Lite # cpan -i Encode::Detect::Detector # cpan -i Net::Patricia # cpan -fi Mail::SpamAssassin::Bayes::CombineChi # cpan -i Mail::SpamAssassin::Plugin::SPF # cpan -i Mail::SpamAssassin::Plugin::Shortcircuit # cpan -i Mail::SpamAssassin::CompiledRegexps::body_0 # cpan -i Mail::DKIM::Verifier # cpan -i Mail::DKIM When installing Mail::SpamAssassin::Bayes::CombineChi you will see hundreds of these. Its a deprecation warning and must be fixed by the maintainer. It will install properly and we will fix that error later in this tutorial, Unescaped left brace in regex is deprecated here (and will be fatal in Perl 5.30), passed through in regex; marked by <-- HERE in m/^(.{ <-- HERE ,200}).*$/ at ../blib/lib/Mail/SpamAssassin/PerMsgStatus.pm line 921 Everything installed for now lets jump in...
  8. Now thats a long version name and its been a long development. Still some ways to go but will be installing a test version here within a week or so. Hope to get feedback and probably lots of bug reports but thats all good cant go forward with out the input. See you very soon! View full report
  9. Now thats a long version name and its been a long development. Still some ways to go but will be installing a test version here within a week or so. Hope to get feedback and probably lots of bug reports but thats all good cant go forward with out the input. See you very soon!
  10. Administrator

    MOD \front\bitracker\browse

    Updated Version to Stable
  11. Administrator

    Nginx 1.15.2 Fails to compile

    Updated Status to Fixed
  12. Administrator

    Nginx 1.15.2 Fails to compile

    Seems Perl issue was on my end, apt and cpan installs don't play together well. If you have this issue simply reinstall apt --reinstall install perl libperl-dev Should compile fine.
  13. Administrator

    Nginx 1.15.2 Fails to compile

    Works fine on the dev server not the production server
  14. Administrator

    Nginx 1.15.2 Fails to compile

    Perl issue after a server upgrade on Bionic (Havent run on my other version test servers yet) when compiling Nginx with OpenSSL option. rm -rf objs/install_perl cc -c -fPIC -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fwrapv -fno-strict-a$ -o objs/src/http/modules/perl/ngx_http_perl_module.o \ src/http/modules/perl/ngx_http_perl_module.c cc -c -fPIC -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -I src/core -I src/e$ -o objs/ngx_http_perl_module_modules.o \ objs/ngx_http_perl_module_modules.c cc -o objs/ngx_http_perl_module.so \ objs/src/http/modules/perl/ngx_http_perl_module.o \ objs/ngx_http_perl_module_modules.o \ -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed -Wl,-E -fstack-protector-strong -L/usr/local/lib -L/usr/local/lib/perl5/5.26.2/x86_64-linux/CORE -lperl -lpthread -lnsl -ldl -lm -lcryp$ -shared /usr/bin/x86_64-linux-gnu-ld: /usr/local/lib/perl5/5.26.2/x86_64-linux/CORE/libperl.a(op.o): relocation R_X86_64_PC32 against symbol `PL_compcv' can not be used when making a shared object;$ /usr/bin/x86_64-linux-gnu-ld: final link failed: Bad value collect2: error: ld returned 1 exit status objs/Makefile:1889: recipe for target 'objs/ngx_http_perl_module.so' failed make[1]: *** [objs/ngx_http_perl_module.so] Error 1 make[1]: Leaving directory '/opt/source/nginx-1.15.2' Makefile:8: recipe for target 'build' failed make: *** [build] Error 2 View full report
  15. Perl issue after a server upgrade on Bionic (Havent run on my other version test servers yet) when compiling Nginx with OpenSSL option. rm -rf objs/install_perl cc -c -fPIC -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fwrapv -fno-strict-a$ -o objs/src/http/modules/perl/ngx_http_perl_module.o \ src/http/modules/perl/ngx_http_perl_module.c cc -c -fPIC -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -I src/core -I src/e$ -o objs/ngx_http_perl_module_modules.o \ objs/ngx_http_perl_module_modules.c cc -o objs/ngx_http_perl_module.so \ objs/src/http/modules/perl/ngx_http_perl_module.o \ objs/ngx_http_perl_module_modules.o \ -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed -Wl,-E -fstack-protector-strong -L/usr/local/lib -L/usr/local/lib/perl5/5.26.2/x86_64-linux/CORE -lperl -lpthread -lnsl -ldl -lm -lcryp$ -shared /usr/bin/x86_64-linux-gnu-ld: /usr/local/lib/perl5/5.26.2/x86_64-linux/CORE/libperl.a(op.o): relocation R_X86_64_PC32 against symbol `PL_compcv' can not be used when making a shared object;$ /usr/bin/x86_64-linux-gnu-ld: final link failed: Bad value collect2: error: ld returned 1 exit status objs/Makefile:1889: recipe for target 'objs/ngx_http_perl_module.so' failed make[1]: *** [objs/ngx_http_perl_module.so] Error 1 make[1]: Leaving directory '/opt/source/nginx-1.15.2' Makefile:8: recipe for target 'build' failed make: *** [build] Error 2
×