Shami's Blog

A while back one of my clients had an unpatched qmail server configured with local system users, it was set up in a collocation long before I took over. After having to listen to a lot of complaints about slow internet connectivity I found out that 40-50MB attachments were very common. Another thing I didn’t like about this set-up is the fact I had to maintain 2 password databases; An Active Directory for local user login and a shadow file for mail. So a local set-up with Active Directory as a back end was needed.

Postfix comes to the rescue. Having used Postfix for the past 3 years I believe it is the best MTA out there. qmail has it’s merits, but I’m not a big fan. After a lot of arguing the client managed to budge and give me one of the old workstations to use as a server, which, a month later had a hard drive crash and I forgot everything about this. Yesterday I thought I should document this since I didn’t see an easy to follow HOWTO for doing such a set-up.

NOTE: Unless mentioned otherwise, all the samples provided here show the lines you need to change in your configuration files, not the whole contents of those files. Remember to restart each daemon after configuration file changes.

Update: After checking vgumus’s setup I need to mention this. You’ll notice the user part of the email address is the same as the Active Directory user name (mshami and mshami@shami.net). Dovecot expects to get the Active Directory username from Postfix. If you want to use some other address in the “mail” field you have to use the virtual alias maps feature from Postfix to return sAMAccountName.

Update 2: This tutorial isn’t a substitute for reading the manual pages and having the basic skills to perform these operations. Please consult the manuals to get an idea of the configuration options for each software.

Enough with the introduction, lets get down to business. Here is what we’re going to use in order of installation:

FreeBSD 7.0. You can use Linux if you want, but you have to change a few steps. I’m using the ports version that came on the CD.
Dovecot 1.0.10
Postfix 2.4.6

Preparation:
We will need to have an Active Directory environment set up. This is out of the scope of this document
We need a non-privileged user in Active Directory to allow the other programs to authenticate, I’m calling it LDAP, and the password will be qwerty
Test username will be mshami and password will be qazxsw
Domain name is shami.local
Base DN is DC=shami,DC=local
IP addresses for our domain controllers are 192.168.192.210 and 192.168.192.211

FreeBSD:
Start your FreeBSD installation, I like to go with minimal installations and then add the needed components. Just make sure to give /usr about 5GB of space and give /var a LOT of space to hold the logs and the mail files. Then install the ports collection.

Dovecot:
The first time I did this I used Courier-IMAP. Its a good program but here it has a major issue. You have to create the home directories for all your users before they can log in. I wrote a patch for that but you have to apply it on both the IMAP and the POP3 daemons. You also have to patch Maildrop to do the same. So I decided to go ahead with Dovecot which after some research appears to have better performance than Courier-IMAP and more importantly has self-healing capabilities which solves this issue.

First, add a user called vmail (Assuming UID 1001 and GID 1001), this will be responsible for handling the virtual mailboxes. Then install Dovecot from ports

adduser
cd /usr/ports/mail/dovecot/
make
make install

Choose LDAP, LDA, and any other options you want to use
Answer yes when asked to create the group and the user dovecot. Asseming UID and GID of 143.

mkdir /var/vmail
chown vmail:vmail /var/vmail

Configuration:

vi /etc/rc.conf
dovecot_enable="YES"

Configure Dovecot

cd /usr/local/etc
cp dovecot-example.conf dovecot.conf
vi dovecot.conf and change the following stuff:

#We'll be starting with IMAP only, add other protocols when you get your system to start
protocols = imap
#Set all usernames to lowercase before authenticating, because Dovecot will create folders with the mixed case characters.
auth_username_format = %Lu
#Enable non-secure logging for testing
disable_plaintext_auth = no
ssl_disable = yes
#No matter how many domains we have, the usernames will be unique, so save the messages to /var/vmail/username
#Same as default_mail_env
mail_location = maildir:/var/vmail/%n
#Since we have virtual delivery, only the vmail user should be able to deliver, in my case the UID of that user is 1001
first_valid_uid = 1001
last_valid_uid = 1001
#Same thing for groups
first_valid_gid = 1001
last_valid_gid = 1001
#Set this to were you want the messages to reside
valid_chroot_dirs = /var/vmail
#auth default section
##Comment passdb pam
##Commend userdb passwd
##Add ldap passdb and userdb
  passdb ldap {
    # Path for LDAP configuration file, see doc/dovecot-ldap.conf for example
    args = /usr/local/etc/dovecot-ldap.conf
  }
  userdb ldap {
    # Path for LDAP configuration file, see doc/dovecot-ldap.conf for example
    args = /usr/local/etc/dovecot-ldap.conf
  }

Set up the LDAP backend:

cp /usr/ports/mail/dovecot/work/dovecot-1.0.10/doc/dovecot-ldap-example.conf /usr/local/etc/dovecot-ldap.conf
vi dovecot-ldap.conf

hosts = 192.168.192.210 192.168.192.211
dn = CN=LDAP User,OU=Special Users,DC=shami,DC=local
dnpass = qwerty
auth_bind = yes
ldap_version = 3
base = dc=shami, dc=local
user_attrs = sAMAccountName=home
user_filter = (&(ObjectClass=person)(sAMAccountName=%u))
pass_filter = (&(ObjectClass=person)(sAMAccountName=%u))
user_global_uid = 1001
user_global_gid = 1001

auth_bind tells dovecot to try to bind to Active Directory with the username and password clients authenticate with. Since Active Directory won’t let us read the password field then we need to do this. we’re not using Kerberos here.

Testing:

/usr/local/etc/rc.d/dovecot start
telnet localhost 143
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
* OK Dovecot ready.
a LOGIN mshami qazxsw
a OK Logged in.
a EXAMINE INBOX
* FLAGS (Answered Flagged Deleted Seen Draft)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1206022806] UIDs valid
* OK [UIDNEXT 1] Predicted next UID
a OK [READ-ONLY] Select completed.
a LOGOUT
* BYE Logging out
a OK Logout completed.
Connection closed by foreign host.

If you get that then you’re OK. Otherwise check your logs. You can turn on debugging in dovecot.conf. Also, you can use the Global Catalog port in your queries. The Global Catalog doesn’t use referrals, referrals cause some issues some times.

Now it’s time to get SMTP working

cd /usr/ports/mail/postfix
make
make install

Make sure you choose DOVECOT and OPENLDAP. Also choose any other options you need. No need for any Kerberos options. You can use the default options during the make install operation.

Disable sendmail:

vi /etc/rc.conf
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

vi /etc/periodic.conf
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

Enable Postfix:

vi /etc/rc.conf
postfix_enable="YES"

Fix the Postfix maps

postalias /etc/aliases

Reboot the system for all settings to take effect, then test:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server ESMTP Postfix
quit
221 2.0.0 Bye

Now that Postfix is running, lets hook it up to Active Directory (This is the complete file)

myhostname=mailhost
mydestination=localhost
mynetworks=127.0.0.1
myorigin=shami.net

virtual_mailbox_base = /var/vmail

virtual_uid_maps = static:1001
virtual_gid_maps = static:1001

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

alias_maps = hash:/etc/aliases
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix

virtual_mailbox_domains =
  shami.net

#LDAP Stuff
virtual_mailbox_maps = ldap:ldapvirtual
ldapvirtual_server_host =
  ldap://192.168.192.210
  ldap://192.168.192.211
ldapvirtual_search_base = DC=shami,DC=local
ldapvirtual_bind = yes
ldapvirtual_bind_dn = SHAMIldap
ldapvirtual_bind_pw = qwerty
ldapvirtual_query_filter = (sAMAccountName=%u)
ldapvirtual_result_attribute = sAMAccountName
ldapvirtual_version = 3
ldapvirtual_chase_referrals = yes
ldapvirtual_result_format=%s/

Lets test:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailhost ESMTP Postfix
helo localhost
250 mailhost
mail from: mshami@shami.net
250 2.1.0 Ok
rcpt to: mshami@shami.net
250 2.1.5 Ok
data
354 End data with .
hi
.
250 2.0.0 Ok: queued as 92B5911460
quit
221 2.0.0 Bye
Connection closed by foreign host.

If all goes well, Postfix will deliver the message to /var/vmail/mshami/

Using the Dovecot LDA:
Normally the virtual delivery agent is enough, but if you want to apply quota or vacation auto reply you’re going to have to use the Dovecot LDA. Also, the Dovecot LDA updates the mailbox indexes which will give you better IMAP/POP3 performance

vi /usr/local/etc/postfix/master.cf
dovecot   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -d ${user}

vi /usr/local/etc/postfix/main.cf
virtual_transport=dovecot
dovecot_destination_recipient_limit=1

vi /usr/local/etc/dovecot.conf and uncomment the following (client section removed):
  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = vmail
      group = vmail
    }
  }

Test again:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailhost ESMTP Postfix
helo localhost
250 mailhost
mail from: mshami@shami.net
250 2.1.0 Ok
rcpt to: mshami@shami.net
250 2.1.5 Ok
data
354 End data with .
hi
.
250 2.0.0 Ok: queued as 9DBBF1143B
quit
221 2.0.0 Bye
Connection closed by foreign host.

Now check your logs, you should see something like this:

postfix/pipe[904]: 9DBBF1143B: to=, relay=dovecot, delay=6.9, delays=6.4/0.01/0/0.56, dsn=2.0.0, status=sent (delivered via dovecot service)

Great, now we’re ready to enable SMTP authentication:

vi /usr/local/etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client

vi /usr/local/etc/dovecot.conf
  client {
    path = /var/run/dovecot/auth-client
    mode = 0660
    user = postfix
    group = postfix
  }

Testing:

 telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailhost ESMTP Postfix
ehlo localhost
250-mailhost
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AG1zaGFtaQBxYXp4c3c=
235 2.0.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.

Instead of AG1zaGFtaQBxYXp4c3c= you can generate your own username/password combination by using the command

printf 'usernamepassword' | mmencode

Where is the null byte.

Enabling quota:
There is no need to go through this here, as the Dovecot wiki explains it clearly.

http://wiki.dovecot.org/Quota

If you’ve lived in the 80s you are gonna find this seriously hilarious. I literally rolled on the floor laughing. Enjoy

Yesterday I went to my old school; The Jordan University of Science and Technology (JUST) to attend the first Open Source Day. Hopefully it won’t be the last.

The event was great, I met lots of great people. The students look so eager to learn. I wish them all the best. Good luck guys, can’t wait to attend the event next year inshalla.

Been using Ubuntu Hardy Heron for about a month now, and I have to say it rocks, the best Desktop Linux so far.

Anyways, I have a Creative Audigy 2 card since I’m not a fan of software mixing under Linux, which is connected to an old creative 4.1 set. Since I don’t have any space I hooked only the front speakers and use the rear channels with a headset. After upgrading to Hardy I couldn’t get the headset to work. I just found the solution on the Ubuntu forums and thought I should document.

The new Ubuntu uses PulseAudio as it’s default sound engine, you can set volume levels for each application separately which is cool if you ask me. PulseAudio uses 2 channels by default. All you have to do is change:

; default-sample-channels = 2

To:

 default-sample-channels = 6

In /etc/pulse/daemon.conf, then restart gdm and you’re done

I recently decided to install Windows on my home PC since I wanted to play some games, it’s been about 3 years since I started using Linux exclusively but thought a change would be nice. Since I didn’t find good guides I decided to write my own

Why would you want to do that? Well, back when I used to dual boot on a single drive I used to re-install Windows very frequently. Windows wipes out grub during installation so I needed to keep grub on a separate partition.

This guide assumes you have 2 hard drives; one for Linux and the other for Windows, you can do the same with a single drive but with minor changes.

Install Windows on the first hard drive
Install Linux on the second drive, and install grub on the master boot record of that drive
Download Grub4Dos
Save grldr and menu.lst to C:
Edit menu.lst and put the following:

title Linux
chainloader (hd1)+1
rootnoverify (hd1)

Edit your boot.ini and add the following line:

C:GRLDR="Linux"

Another way to do this is using bootpart. Make sure to install grub on the first sector of the boot partition because bootpart can’t read master boot records.

You might want to create a site that doesn’t have RSS. I did this for my employer to create the admission exam system. Having the RSS icons show up just annoyed me, here is how to do it:

In theme.inc, just comment all the code lines in this function:

function theme_feed_icon($url) {
//  if ($image = theme('image', 'misc/feed.png', t('Syndicate content'), t('Syndicate content'))) {
//    return '<a href="'. check_url($url) .'" class="feed-icon">'. $image. '</a>';
//}
}

In common.inc do the same with this function except for the first and last lines:

function drupal_add_feed($url = NULL, $title = '') {
  static $stored_feed_links = array();

/*  if (!is_null($url)) {
    $stored_feed_links[$url] = theme('feed_icon', $url);

    drupal_add_link(array('rel' => 'alternate',
                          'type' => 'application/rss+xml',
                          'title' => $title,
                          'href' => $url));
  }*/
  return $stored_feed_links;
}

Be careful everybody, the machines are rising, SkyNet is trying run unnoticed, but someone found it in Egypt

 

A few days ago I decided to bite the bullet and upgrade from Ubuntu 7.04 to 8.04. I’ve been using IceWM for a while and thought I should give Gnome a try. I’m used to Win+Something shortcuts so I wanted to implement those under Gnome. Here is a list of shortcuts that should cover the concepts:

Win+Q: Terminal (With some specific options)
Control+Alt+W: Amarok (The W is from my Windows days, from Winamp )
Alt+F5: Toggle window maximized mode
Win+[ZXCVB]: Playback controls for Amarok
Win+R: Run dialog

Let’s begin

• Open gconf-editor and go to global_keybindings.As you can see the format isn’t hard
• Set the value of run_command_1 to “<Super>q” and the value of run_command_2 to “<Alt><Control>w” without the quotes (Those correspond to Win+Q and Control+Alt+W)
• Now go to keybinding_commands
• Set the value of command_1 to “xterm -ls -fg white -bg black -cc 33:48,37:48,45-47:48,38:48,58:48″ and the value of command_2 to “amarok” without the quotes. Now test Win+Q and Control+Alt+W
• Go to windows_keybindings
• Set the value of toggle_maximized to “<Alt>F5″. Now test
• Run dialog is set using panel_run_dialog under global_keybindings, I set it to “<Super>r”. Amarok sets the playback keys by default, but you’ll notice that both Win+R and Win+V don’t work. This happens because Compiz is the default window manager now. To fix this install compizconfig-settings-manager, go to “Advanced Desktop Effects Settings” and disable “Enhanced Zoom Desktop” or change the key bindings. This will free both key bindings so you can use them here

Edit: A weird thing happened to me today, I set the “Visual Effects” in appearance to “None” and suddenly my shortcuts stopped working. The solution to this is simple, make sure you use “<Super>r”, not “<Super> R”; Note the extra space before the “R”. Omitting this space works in both cases, something to keep in mind.

I spent the past 2 days working on getting 2.5 up and running. I lost some of my entries but at least it is now back up.

Enjoy the new upgrade

My current employer is switching from FirstClass to Microsoft Exchange. One of the questions I got from an employee was how to make Outlook print the first page of an email. When I went to the print dialog I was surprised that it doesn’t have a page range selection option, which surprised me. Having used Windows since version 3.0 I found that option in all Windows applications.

Anyways, according to Microsoft, you can’t. That’s right, they removed one of the very basic options in email from their flagship email client.

The best alternative I found it is to preview in Internet Explorer and print from there.