PacketFense OPENWRT HOSTPAD installation

OpenWrt BarrierBreaker 14.07 with hostapd Quick Integration Guide

=================================================================

:encoding: UTF-8

:lang: en

:doctype: book

include::includes/global-attributes.asciidoc[]

About this Guide

----------------

This guide has been created in order to help sales engineers, product managers, or network specialists demonstrate the PacketFence capabilities on-site with an existing or potential customer.  It can also provide guidelines to setup a proof of concept for a potential PacketFence deployment using OpenWrt BarrierBreaker 14.07 with Hostapd.

Introduction

------------

This guide will provide an example for the configuration of an open SSID (not encrypted) and a secured SSID (802.1x). You will need to install wpad and hostapd. These two SSIDs will do RADIUS authentication against PacketFence.

Assumptions

-----------

* You have a configured PacketFence environment with working test equipment

* The management IP of PacketFence will be 192.168.1.10 and has s3cr3t as its RADIUS shared secret

* You have an acces point with OpenWrt BarrierBreaker 14.07 installed

Quick installation

------------------

Step 1: Packages installation

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You can install the packages from the web interface of OpenWrt.

Go to *System -> Software*

First update the repos by clicking the button Update lists if it's not up to date.

Then you will have to install the packages of Hostapd and wpad.

Go to the tab 'Available packages' and then search for the package hostapd into the 'Filter:' field.

Click Install the hostapd package, the actual version is 2014-06-03.1-1.

Do the same process for the wpad package version 2014-06-03.1-1.

NOTE: You will need the packages hostapd-commun and wpad-mini if they are not installed by default.

Step 2: Dynamic VLAN Configuration

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Connect using SSH to the AP and create the file : /etc/config/hostapd.vlan

----

*           wlan0.#

----

Step 3: Hostapd configuration

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You will need to modify the hostapd script that comes with the package that we previously installed.

Connect using SSH to the AP and run these commands:

----

cd /lib/netifd/

mv hostapd.sh hostapd.sh.old

opkg install curl

curl --insecure  https://github.com/inverse-inc/packetfence/tree/devel/addons/hostapd/hostapd-14.07.sh >  hostapd.sh

wifi

----

Step 4: Configure the SSIDs

~~~~~~~~~~~~~~~~~~~~~~~~~~~

To configure the PF-Open SSID, we will use UCI:

----

uci add_list wireless.@wifi-iface[0]="wifi-iface"

uci add_list wireless.@wifi-iface[0].device="radio0"

uci add_list wireless.@wifi-iface[0].mode="ap"

uci add_list wireless.@wifi-iface[0].ssid="PF-Open"

uci add_list wireless.@wifi-iface[0].network="lan"

uci add_list wireless.@wifi-iface[0].encryption="none"

uci add_list wireless.@wifi-iface[0].auth_server="192.168.1.10"

uci add_list wireless.@wifi-iface[0].auth_port="1812"

uci add_list wireless.@wifi-iface[0].auth_secret="s3cr3t"

uci add_list wireless.@wifi-iface[0].acct_server="192.168.1.10"

uci add_list wireless.@wifi-iface[0].acct_port="1813"

uci add_list wireless.@wifi-iface[0].acct_secret="s3cr3t"

uci add_list wireless.@wifi-iface[0].dynamic_vlan="2"

uci add_list wireless.@wifi-iface[0].vlan_file="/etc/config/hostapd.vlan"

uci add_list wireless.@wifi-iface[0].vlan_tagged_interface="eth0"

uci add_list wireless.@wifi-iface[0].dae_secret="s3cr3t"

uci add_list wireless.@wifi-iface[0].dae_client="192.168.1.10"

uci add_list wireless.@wifi-iface[0].dae_port="3799"

uci add_list wireless.@wifi-iface[0].macfilter="2"

uci add_list wireless.@wifi-iface[0].nasid="ubiquiti"

uci commit

----

Configure the PF-Secure SSID:

----

uci add_list wireless.@wifi-iface[0]="wifi-iface"

uci add_list wireless.@wifi-iface[0].device="radio0"

uci add_list wireless.@wifi-iface[0].mode="ap"

uci add_list wireless.@wifi-iface[0].ssid="PF-Secure"

uci add_list wireless.@wifi-iface[0].network="lan"

uci add_list wireless.@wifi-iface[0].encryption="wpa2"

uci add_list wireless.@wifi-iface[0].auth_server="192.168.1.10"

uci add_list wireless.@wifi-iface[0].auth_port="1812"

uci add_list wireless.@wifi-iface[0].auth_secret="s3cr3t"

uci add_list wireless.@wifi-iface[0].acct_server="192.168.1.10"

uci add_list wireless.@wifi-iface[0].acct_port="1813"

uci add_list wireless.@wifi-iface[0].acct_secret="s3cr3t"

uci add_list wireless.@wifi-iface[0].dynamic_vlan="2"

uci add_list wireless.@wifi-iface[0].vlan_file="/etc/config/hostapd.vlan"

uci add_list wireless.@wifi-iface[0].vlan_tagged_interface="eth0"

uci add_list wireless.@wifi-iface[0].dae_secret="s3cr3t"

uci add_list wireless.@wifi-iface[0].dae_client="192.168.1.10"

uci add_list wireless.@wifi-iface[0].dae_port="3799"

uci add_list wireless.@wifi-iface[0].macfilter="2"

uci add_list wireless.@wifi-iface[0].nasid="ubiquiti"

uci commit

----

In order to apply this configuration, when you are connected using SSH on the AP, run the command 'wifi'. It will reload the configuration and broadcast the SSID.

NOTE:  It's known that you can't put 2 SSIDs with the same dae server at the same time. The deauthentication will not work on the second SSID.

Step 5: PacketFence configuration

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log in to the PacketFence administration web page and go under *Configuration -> Switches -> Add switch*.

Defenition:

[options="compact"]

* *IP Address/MAC Address/Range (CIDR)*: IP of your acces point

* *Type*: Hostapd

* *Mode*: production

* *Deauthentication Method*: RADIUS

* *Dynamic Uplinks*: Checked

Roles:

[options="compact"]

* *Role by VLAN ID*: Checked

* *Registration*: Your registration VLAN ID

* *Isolation*: Your isolation VLAN ID

RADIUS:

[options="compact"]

* *Secret Passphrase*: s3cr3t

Save this configuration by clicking the 'Save' button.

Step 6: Troubleshoot

~~~~~~~~~~~~~~~~~~~~

Here few things you can do/check to see if you configuration is working.

To check the wireless configuration: uci show wireless or cat /etc/config/wireless

PacketFense Installation In Centos 6 X

Install PacketFence on CentOS 6.x



First do a standard install of CentOS 6.  After the standard install IP all the network cards to the proper IP addresses before you install Packetfence.  After that follow these steps-by-step instructions to install packetfence.

Update CentOS

1. yum update

Install Wget

2. yum install wget

Add RPMforge

3. wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

4. rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
or gpg –import http://apt.sw.be/RPM-GPG-KEY.dag.txt

5. rpm -i rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

Add EPEL software repository:

6. rpm -Uvh http://mirror.yourconnect.com/epel/6/i386/epel-release-6-8.noarch.rpm

Add Open Fusion RPM Repository

7.rpm -Uvh http://repo.openfusion.net/centos6-x86_64/openfusion-release-0.6.2-1.of.el6.noarch.rpm

Exclude perl-Apache-Test from rpmforge and openfusion repository

8. Vi /etc/yum.repos.d/rpmforge.repo

9. Add the line exclude = perl-Apache-Test* on the section [rpmforge]

10.Vi /etc/yum.repos.d/openfusion.repo

11. add the line exclude = perl-Apache-Test* on the section [of]

12. In order to use the repository, just create a file named /etc/yum.repos.d/PacketFence.repo with the following content

13. [PacketFence]

name=PacketFence Repository

baseurl=http://inverse.ca/downloads/PacketFence/RHEL$releasever/$basearch

gpgcheck=0

enabled=0

Install PacketFence with all its dependencies

14. yum groupinstall --enablerepo=PacketFence,rpmforge Packetfence-complete

Once packetfence is installed it can be configured at GUI interface

http://ipaddress:1444/configurator

The management interface will be

http://ipaddress:1443

If you can not get to the webpage, you will need to turn off the firewall on the server. To do this, type the following: service iptables stop

Step 1: Choose the type of Enforcement that you want. Either Inline Enforcement or VLAN Enforcement. For my situation, I have selected both.
     - Inline Enforcement means that the PacketFence server will sit between the computer and the network/internet.
     -  VLAN Enforcement means that the PacketFence server does not sit between the computer and the network/internet. It will change the config on the managed switch for each individual port on the switch.
Step 2: Networks. Add your networks.
If you are using VLAN Enforcement, make sure you specify your Management VLAN, Registration VLAN, and Isolation VLAN.
     - To add a VLAN, click on "Add VLAN" under Actions.
Step 3: Database Configuration
     -  Click on Test. You will be asked to set the MySQL admin password.
*Note: If you receive an error message when you click on test, make sure MySQL is running on the server.
     - Click on "Create the database".
     - Under "Create a PacketFence account" type in a password and then type it again to confirm it. Now click on "Create User".
Step 4: PacketFence Configuration
Type in your domain, the hostname of the server, any DHCP servers on your network under General.
Type in an email address under Alerting.
Step 5: Administration
Create a username and password for the administration interface.
Step 6: Start PacketFence
Click on "Start PacketFence"
Once PacketFence is started, you will be asked if you want to go to the Administration Interface, I clicked yes and then was taken to the admin page.

How To Configure and Validate DKIM Records on Zimbra Mail Server

DKIM is one of many tips for increase reputation of email server besides SPF records.  On this section, i will do generate DKIM on Zimbra and configure DKIM records on public DNS.

First, login to Zimbra server via SSH and generate DKIM

view sourceprint?

1.su - zimbra

2./opt/zimbra/libexec/zmdkimkeyutil -a -d imanudin.net -s selector

The result of above command is like below

For records key DKIM is line on () starting with “v=DKIM1…..until double quote (“). Block and copy the records and check on website : http://dkimcore.org/tools/. Paste on key record for checking and validate.

The above result still problem on double quote (“). Please remove all double quote (“) and check it again

The above picture is valid DKIM key record after remove double quote (“) on all records DKIM. Block (Ctrl+a) and copy (Ctrl+c) the valid DKIM records and insert in public DNS. In here, i am using cPanel for insert DKIM records

Please try to send email to Gmail and see the result

If you has been saw Signed by on Gmail, it’s mean you has been success to configure DKIM. If no, usually still waiting for propagation of DNS

In gamil  "Show Orginal" option will shows DKIM signed records pass.

How to install Zimbra Mail server

Zimbra mail server is a Total automatic installed all mail server packages, no need to configure, its better then manual postfix configuration servers. 

Obtaining A Copy Of Zimbra

Next, we’ll need to visit the following URL to get a download link for the latest version of Zimbra. The version being used in this article is the 8.0.7 GA release. To find the latest version of the software, simply head over to the Zimbra website.

Once there, you’ll need to copy the link for the Red Hat and CentOS install file by right clicking and copying the link. Keep the link handy, you’ll need it next.

Now, we’ll need to download the file from the Zimbra website and store it on our Droplet. But first, we’ll need to create a folder to store it in.

mkdir zcsinstall

Next, enter that directory:

cd zcsinstall

And then fetch the file from the Zimbra website. You can use wget to achieve this. Obviously, you’ll need to place the URL you copied earlier into this command rather than using the link here.

wget http://files2.zimbra.com/downloads/8.0.7_GA/zcs-8.0.7_GA_6020.RHEL6_64.20140321160526.tgz

This will download the file from the Zimbra website, saving it into the zcsinstall folder we created.

Editing The Hosts File

Now we’ll need to edit the hosts file in CentOS to contain the IP address of the Droplet, the FQDN, and name of the server. We can do this by typing:

nano /etc/hosts

Once opened, the hosts file should look similar to the following:

You’ll need to edit the file to contain another row with your Droplet's IP address, FQDN and name. The line should look like the following:

123.123.123.123      mail.example.com     mail

You’ll need to ensure that you replace the above with the actual data values for your Droplet. You should also make sure that you use a tabbed space between each value. This means that you’ll have a host file looking something similar to:

Once done, press CTRL+O and then Enter to save. Then press CTRL+X to return.

Unpacking And Installing Zimbra

The next stage is to unpack the tgz file we downloaded earlier. To do this, we can execute the following command:

tar zxvf zcs-*.tgz

Next, change directory into the folder that the files were extracted into:

cd zcs-*

Finally, we can run the installer.

./install.sh --platform-override

Once the installer starts, you’ll need to accept the license agreements by pressing Y at each license prompt. When you reach the ‘select packages to install’ section, simply press enter at each of the options which will select the default value.

You may get the following error during installation:

This error is presented by Zimbra because it’s looking for an MX record for the domain ‘subdomain.example.com’. Instead, we want it to search for an MX record for ‘example.com’. This means that we should press Y`, and change the domain name to just ‘example.com’.

If you get a port conflict error, you may need to exit the installer and resolve the issue before continuing.

You’ll soon reach the configuration page, similar to that below. First we should choose option 3 to allow us to enter the zimbra-store section.

Address unconfigured (**) items (? – help)   3

Next, choose 3 again. This will allow us to configure the admin username and password.

Select, or 'r' for previous menu [r]  3

Create admin user: [admin@example.com] admin@example.com

Password for admin@example.com (min 6 characters): [_6ty6y8ui] password

Next, choose r to return to the previous menu.

Select, or 'r' for previous menu [r]  r

Then, choose 1 to go to the common configuration section.

*** CONFIGURATION COMPLETE - press 'a' to apply

Select from menu, or press 'a' to apply config (? - help)   1

After this, choose 6 to edit the time zone.

Select, or 'r' for previous menu [r]  6

Here, you should choose the number relative to the time zone you’re in. For example, you could type 83 to get the Europe/London time zone.

Enter the number for the local timezone: [39]  83

Then choose ‘r’ to return and ‘a’ to apply the configuration. You should also choose the log the installation to a file, in case any errors arise.

Select, or 'r' for previous menu [r] r

*** CONFIGURATION COMPLETE - press 'a' to apply

Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes]  yes
Save config in file: [/opt/zimbra/config.7622] /root/zimbra-installation.txt
Saving config in /root/zimbra-installation.txt...done.
The system will be modified - continue? [No] yes

The system will then continue the installation. Setup of Zimbra should take about 20 minutes, depending on the Droplet size you selected.

Finally, you’ll be given the option of notifying Zimbra of the installation, which allows them to track the uptake of their products. You can either type ‘yes’ or ‘no’ here, either way, this is the final step of the installation. You can make sure that the installation was successful from the final confirmation message:

Configuration complete – press return to exit

It is recommended that you reboot your Droplet.

Accessing The Zimbra Admin Control Panel

The control panel can be easily accessed by visiting the following URL:

https://mail.example.com:7071/zimbraAdmin

Postfix, Dovtcot , PostfixAdmin, Roundcube email configuration in centos 6.4 working 100 percent tested

First Config DNS Server using bind package

resolv.conf SELinux 
sudo gedit /etc/selinux/config

   SELINUX=disable SeLinux； 

SELINUX=enforcing SeLinux 

CentOS: 
sudo yum install gcc kernel-devel kernel-headers dkms make bzip2 perl 
iptables: 
sudo gedit /etc/sysconfig/iptables 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1024 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1025 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4190 -j ACCEPT 
sudo service iptables restart 
sudo yum -y install telnet 
sudo yum -y install postfix* dovecot* 
sudo yum -y install httpd mysql mysql-server mysql-devel php php-mysql 
sudo yum -y install php-mbstring php-imap php-xml 
sudo yum install pam-devel 

sudo yum -y install telnet postfix* dovecot* httpd mysql mysql-server mysql-devel php php-mysql php-mbstring php-imap php-xml pam-devel 
sudo chkconfig postfix on 
sudo chkconfig dovecot on 
sudo chkconfig httpd on 
sudo chkconfig mysqld on 
sudo gedit /etc/httpd/conf/httpd.conf //#ServerName www.example.com:80  
sudo service postfix restart 
sudo service dovecot restart 
sudo service httpd restart 
sudo service mysqld restart 
 
vmail 
sudo useradd -u 2000 -d /var/vmail -m -s /sbin/nologin vmail 
mail： 
mysqladmin -uroot password 'root' 
mysql -h localhost -uroot -p 
mysql> GRANT ALL PRIVILEGES ON mail.* TO root@localhost IDENTIFIED BY 'root'; 
mysql> create database mail; 
mysql> GRANT ALL PRIVILEGES ON mail.* TO admin@"localhost" IDENTIFIED BY '123123' WITH GRANT OPTION; 
mysql> flush privileges; 
postfixadmin: 
http://sourceforge.net/projects/postfixadmin/files/postfixadmin/postfixadmin-2.3.6/postfixadmin-2.3.6.tar.gz/download 
postfixadmin，/var/www/html 
sudo cp -rf /home/pandy/ /postfixadmin /var/www/html 
postfixadmin: 
sudo gedit /var/www/html/postfixadmin/config.inc.php 
------------ 
$CONF['configured'] = true; 
$CONF['default_language'] = 'cn'; 
$CONF['database_type'] = 'mysql'; 
$CONF['database_host'] = 'localhost'; 
$CONF['database_user'] = 'admin'; 
$CONF['database_password'] = '123123'; 
$CONF['database_name'] = 'mail'; 
$CONF['admin_email'] = 'admin@pandy8.com'; 
$CONF['encrypt'] = 'dovecot:CRAM-MD5'; 
$CONF['dovecotpw'] = "/usr/bin/doveadm pw"; 
$CONF['domain_path'] = 'YES'; 
$CONF['domain_in_mailbox'] = 'NO'; 
$CONF['aliases'] = '1000'; 
$CONF['mailboxes'] = '1000'; 
$CONF['maxquota'] = '1000'; 
$CONF['fetchmail'] = 'NO'; 
$CONF['emailcheck_resolve_domain']='NO'; 
$CONF['quota'] = 'YES'; 
$CONF['used_quotas'] = 'YES'; 
$CONF['new_quota_table'] = 'YES'; 
postfixadmin: 
http://127.0.0.1/postfixadmin/setup.php 
:admin / admin, generate password hash,hash code, 
code,：sudo gedit /var/www/html/postfixadmin/config.inc.php 
$CONF['setup_password'] = 'ae3e1cb27c62fae6c43dc1fd84853207:03bf21e651640880b910317a27fdb205fe8949fa'; //

postfixadmin 
================================= 
postfxiadmin 
/usr/local/bin/maildir-creation.sh ，: 
sudo gedit /usr/local/bin/maildir-creation.sh 
-------------------------------------------- 
#!/bin/bash 
HOME_DIR="/var/vmail" 
USER_NAME="vmail" 
GROUP_NAME="vmail" 
if [ ! -d ${HOME_DIR}/$1 ] ; then 
    mkdir ${HOME_DIR}/$1 
    chown -R ${USER_NAME}.${GROUP_NAME} ${HOME_DIR}/$1 
fi 
mkdir ${HOME_DIR}/$1/$2 
chown -R ${USER_NAME}.${GROUP_NAME} ${HOME_DIR}/$1/$2 

/usr/local/bin/maildir-deletion.sh ,： 
sudo gedit /usr/local/bin/maildir-deletion.sh 
---------------------------------------------- 
#!/bin/bash 
# 
# vmta ALL = NOPASSWD: /usr/local/bin/maildir-deletion.sh 
# 
if [ $# -ne 2 ] ; then 
  exit 127 
fi 
DOMAIN="$1" 
USER="$2" 
HOME_DIR="/var/vmail" 
USER_DIR="${HOME_DIR}/${DOMAIN}/${USER}" 
TRASH_DIR="${HOME_DIR}/deleted-maildirs" 
DATE=`date "+%Y%m%d_%H%M%S"` 
if [ ! -d "${TRASH_DIR}/${DOMAIN}" ] ; then 
    mkdir -p "${TRASH_DIR}/${DOMAIN}" 
fi 
if [ -d "${USER_DIR}" ] ; then 
    mv ${USER_DIR} ${TRASH_DIR}/${DOMAIN}/${USER}-${DATE} 
fi 
sudo mkdir /var/vmail/deleted-maildirs 
sudo chown -R vmail.vmail /var/vmail/deleted-maildirs/ 
 
sudo chmod 750 /usr/local/bin/maildir-* 
sudo chown vmail.vmail /usr/local/bin/maildir-* 

sudo 
/etc/sudoers 
sudo vim /etc/sudoers 
---------------------------- 
vmail ALL = NOPASSWD: /usr/local/bin/maildir-creation.sh 
vmail ALL = NOPASSWD: /usr/local/bin/maildir-deletion.sh 
 
#Defaults    requiretty 
esc , :wq!, 
postfixadmin 
create-mailbox.php ，229： 
sudo gedit /var/www/html/postfixadmin/create-mailbox.php 
db_log ($SESSID_USERNAME, $fDomain, 'create_mailbox', "$fUsername"); 
 
system("sudo /usr/local/bin/maildir-creation.sh $fDomain ".$_POST['fUsername']); 
delete.php ，146： 
sudo gedit /var/www/html/postfixadmin/delete.php 
db_log ($SESSID_USERNAME, $fDomain, 'delete_mailbox', $fDelete); 
： 
$userarray=explode("@",$fDelete); 
$user=$userarray[0]; 
$domain=$userarray[1]; 
system("sudo /usr/local/bin/maildir-deletion.sh $domain $user"); 

4、Postfix 
http://www.centospub.com/make/postfix_smtp.html 
========================================= 
/etc/postfix/main.cf： 
sudo gedit /etc/postfix/main.cf 

--------------------------------------- 
myhostname = bogon  //hostname
mydomain = pandy8.com 
myorigin = $mydomain 
inet_interfaces = all 
mydestination = localhost    //MX 
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain  //unknown user 
mynetworks_style = host 


--------------------------------------#======================================================================= 
# ADDRESS REDIRECTION (VIRTUAL DOMAIN) 
# 
# The VIRTUAL_README document gives information about the many forms 
# of domain hosting that Postfix supports. 
# See: http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu8.04-p2 
# The follwing lines connect Postfix with the MySQL database that contains information about 
# the virtual users/accounts hosted. See proxymap(8) virtual(5) and mysql_table(5) 
# 
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf 
# 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf 
# 
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf 
# 
# Additional for quota support 
virtual_create_maildirsize = yes 
virtual_mailbox_extended = yes 
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf 
virtual_mailbox_limit_override = yes 
virtual_maildir_limit_message = Sorry, this user has exceeded their disk space quota, please try again later. 
virtual_overquota_bounce = yes 
# 
#Specify the user/group that owns the mail folders. I'm not sure if this is strictly necessary when using Dovecot's LDA. 
virtual_uid_maps = static:2000 
virtual_gid_maps = static:2000 
# 
#Specifies which tables proxymap can read: http://www.postfix.org/postconf.5.html#proxy_read_maps 
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps 
SMTP
--------------------------------------- 
#======================================================================= 
#SASL SUPPORT FOR CLIENTS 
# 
# The following options set parameters needed by Postfix to enable 
# SMTP AUTH support using Dovecot's SASL component for authentication of mail clients. 
# See: /usr/share/doc/postfix-2.3.3/README_FILES/SASL_README - http://www.postfix.org/SASL_README.html 
# And /usr/share/doc/dovecot-1.0.7/wiki/HowTo.PostfixAndDovecotSASL.txt - http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL 
# 
# Turns on sasl authorization 
smtpd_sasl_auth_enable = yes 
# 
#Use dovecot for authentication 
smtpd_sasl_type = dovecot 
# 
# Path to UNIX socket for SASL 
smtpd_sasl_path = /var/run/dovecot/auth-client 
# 
#Disable anonymous login. We don't want to run an open relay for spammers. 
smtpd_sasl_security_options = noanonymous 
# 
#Adds support for email software that doesn't follow RFC 4954. 
#This includes most versions of Microsoft Outlook before 2007. 
broken_sasl_auth_clients = yes 
# 
smtpd_recipient_restrictions =  permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination 
Dovecot
--------------------------------------- 
#======================================================================= 
# TRANSPORT MAP 
# 
virtual_transport = dovecot 
dovecot_destination_recipient_limit = 1 
master.cf 
sudo gedit /etc/postfix/master.cf 

--------------------------------------- 
dovecot   unix  -       n       n       -       -       pipe 
  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient} 
Mysql 
================================== 
sudo gedit /etc/postfix/mysql_virtual_domains_maps.cf 
--------------------------------------- 
user = admin 
password = 123123 
hosts = localhost 
dbname = mail 
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1' 
#optional query to use when relaying for backup MX 
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1' 
sudo gedit /etc/postfix/mysql_virtual_alias_maps.cf 
---------------------------- 
user = admin 
password = 123123 
hosts = localhost 
dbname = mail 
query = SELECT goto FROM alias WHERE address='%s' AND active = '1' 
sudo gedit /etc/postfix/mysql_virtual_mailbox_maps.cf 
----------------------------- 
user = admin 
password = 123123 
hosts = localhost 
dbname = mail 
query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1' 
sudo gedit /etc/postfix/mysql_virtual_mailbox_limit_maps.cf 
-------------------------------------- 
user = admin 
password = 123123 
hosts = localhost 
dbname = mail 
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1' 
5、Dovecot 
================================================ 
 
sudo gedit /etc/dovecot/dovecot.conf 
--------------------------------- 
protocols = imap pop3 
listen = * 
dict { 
  quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext 
} 
!include conf.d/*.conf 
sudo gedit /etc/dovecot/conf.d/10-auth.conf 
--------------------------------- 
disable_plaintext_auth = no 
auth_mechanisms = plain login cram-md5 
!include auth-sql.conf.ext 
sudo gedit /etc/dovecot/conf.d/10-mail.conf 
-------------------------------- 
mail_location = maildir:%hMaildir 
mbox_write_locks = fcntl 
sudo gedit /etc/dovecot/conf.d/10-master.conf 
--------------------------- 
service imap-login { 
  inet_listener imap { 
  } 
  inet_listener imaps { 
  } 
} 
service pop3-login { 
  inet_listener pop3 { 
  } 
  inet_listener pop3s { 
  } 
} 
service lmtp { 
  unix_listener lmtp { 
  } 
} 
service imap { 
} 
service pop3 { 
} 
service auth { 
  unix_listener auth-userdb { 
    mode = 0600 
    user = vmail 
    group = vmail 
  } 
  unix_listener auth-client { 
    mode = 0600 
    user = postfix 
    group = postfix 
  } 
} 
service auth-worker { 
} 
service dict { 
  unix_listener dict { 
    mode = 0600 
    user = vmail 
    group = vmail 
  } 
} 
sudo gedit /etc/dovecot/conf.d/15-lda.conf 
--------------------- 
protocol lda { 
  mail_plugins = quota 
  postmaster_address = admin@pandy8.com 
} 
sudo gedit /etc/dovecot/conf.d/20-imap.conf 
----------------------------- 
protocol imap { 
        mail_plugins = quota imap_quota 
} 

sudo gedit /etc/dovecot/conf.d/20-pop3.conf 
------------------------------ 
protocol pop3 { 
  pop3_uidl_format = %08Xu%08Xv 
  mail_plugins = quota 
} 
sudo gedit /etc/dovecot/conf.d/90-quota.conf 
---------------------------- 
plugin { 
  quota_rule = *:storage=1G 
} 
plugin { 
} 
plugin { 
  quota = dict:User quota::proxy::quota 
} 
plugin { 
} 
sudo gedit /etc/dovecot/dovecot-sql.conf.ext 
-------------------------- 
driver = mysql 
connect = host=localhost dbname=mail user=admin password=123123 
default_pass_scheme = CRAM-MD5 
user_query = SELECT CONCAT('/var/vmail/', maildir) AS home, 2000 AS uid, 2000 AS gid, CONCAT('*:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active='1' 
password_query = SELECT username AS user, password, CONCAT('/var/vmail/', maildir) AS userdb_home, 2000 AS userdb_uid, 2000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = '%u' AND active='1' 
sudo gedit /etc/dovecot/dovecot-dict-sql.conf.ext 
----------------------------- 
connect = host=localhost dbname=mail user=admin password=123123 
map { 
  pattern = priv/quota/storage 
  table = quota2 
  username_field = username 
  value_field = bytes 
} 
map { 
  pattern = priv/quota/messages 
  table = quota2 
  username_field = username 
  value_field = messages 
} 
sudo gedit /etc/pam.d/dovecot 
------------------------- 
#%PAM-1.0 
#auth       required     pam_nologin.so 
#auth       include      password-auth 
#account    include      password-auth 
#session    include      password-auth 
auth    required        pam_unix.so nullok 
account required        pam_unix.so 
CentOS:reboot 
： 
netstat -tlunp | grep ':25' 
netstat -tlunp | grep ':110' 
sudo postfix check //， 
sudo tail 0f /var/log/maillog //maillog 

:http://127.0.0.1/postfixadmin/setup.php 
:admin, admin@pandy8.com, admin, admin 
!，(admin@pandy8.com)， ； 
:http://127.0.0.1/postfixadmin/login.php 
:admin@pandy8.com/admin, 
：pandy8.com； 
：test@pandy8.com 
: 
[pandy@localhost ~]$ telnet localhost 25 
Trying ::1... 
Connected to localhost. 
Escape character is '^]'. 
220 bogon ESMTP Postfix 
ehlo test@pandy8.com<--- 
250-bogon 
250-PIPELINING 
250-SIZE 10240000 
250-VRFY 
250-ETRN 
250-AUTH PLAIN LOGIN CRAM-MD5 
250-AUTH=PLAIN LOGIN CRAM-MD5 
250-ENHANCEDSTATUSCODES 
250-8BITMIME 
250 DSN 
quit 




[pandy@bogon ~]$ telnet localhost 110 
Trying ::1... 
telnet: connect to address ::1: Connection refused 
Trying 127.0.0.1... 
Connected to localhost. 
Escape character is '^]'. 
+OK Dovecot ready. 
user test@pandy8.com<--- 
+OK 
pass test<--
+OK Logged in. 
quit<--- 
+OK Logging out. 
Connection closed by foreign host. 
roundcubemail 
=================================== 
http://superb-dca2.dl.sourceforge.net/project/roundcubemail/roundcubemail/0.9.1/roundcubemail-0.9.1.tar.gz 
:roundcubemail,html 
sudo cp -rf /home/pandy/ /roundcubemail /var/www/html/ 
roundcubemail
mysql -h localhost -uroot -p 
mysql> CREATE DATABASE roundcubemail; 
mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcubemail@localhost IDENTIFIED BY 'pa5swd'; 
mysql> flush privileges; 
mysql

:http://dev.mysql.com/downloads/tools/workbench/ 
:http://download.softagency.net/MySQL/Downloads/MySQLGUITools/ 
：roundcubemail/SQL/mysql.initial.sql 
roundcubemail 
Roundcubemail 
 
cd /var/www/html/roundcubemail/config/ 
sudo cp db.inc.php.dist db.inc.php 
sudo gedit db.inc.php 
： 
$rcmail_config['db_dsnw'] = 'mysql://roundcubemail:pa5swd@localhost/roundcubemail'; 

sudo cp main.inc.php.dist main.inc.php 
sudo gedit main.inc.php 

$rcmail_config['default_host'] = 'localhost'; 
$rcmail_config['username_domain'] = 'pandy8.com'; 
$rcmail_config['mail_domain'] = 'mail.pandy8.com'; 
$rcmail_config['smtp_server'] = 'localhost'; 
$rcmail_config['product_name'] = 'RH Webmail'; 
httpd: 
sudo service httpd restart; 
：http://127.0.0.1/roundcubemail/ 
:test@pandy8.com/test 

postfixadmin 
Roundcube：http://trac.roundcube.net/wiki/Plugin_Repository

managesieve

sudo yum -y install dovecot-pigeonhole 
dovecot
/etc/dovecot/dovecot.conf： 
sudo gedit /etc/dovecot/dovecot.conf 
protocols = pop3 imap sieve 

etc/dovecot/conf.d/15-lda.conf

sudo gedit /etc/dovecot/conf.d/15-lda.conf 
mail_plugins = quota sieve 
dovecot 
sudo service dovecot restart 
Dovecot 4190： 
netstat -tunlp | grep 4190 
tcp        0      0 0.0.0.0:4190                0.0.0.0:*                   LISTEN      2188/dovecot 
managesieve config.inc.php，： 
[root@mail config]#cd /var/www/html/roundcubemail/plugins/managesieve/ 
[root@mail managesieve]# cp config.inc.php.dist config.inc.php 
[root@mail managesieve]# gedit config.inc.php 
 
$rcmail_config['managesieve_port'] = 4190; 

/var/www/html/config/main.inc.php 
sudo gedit /var/www/html/roundcubemail/config/main.inc.php  
$rcmail_config['plugins'] = array('managesieve'); 

Managesieve 
 
Roundcube Webmail :http://blog.dvxj.com/pandola/roundcube-webmail-plugins.html 
$rcmail_config['plugins'] = array('managesieve','password','filesystem_attachments', 'emoticons', 'example_addressbook', 'message_highlight','jqueryui','globaladdressbook','userinfo','markasjunk','enigma','vcard_attachments','help'); 
sudo cp -rf /home/pandy/下载/global-address-book /var/www/html/roundcubemail/plugins/ 
compose_addressbook: sudo cp -rf /home/pandy/下载/compose_addressbook /var/www/html/roundcubemail/plugins/ 
message_highlight：
sudo cp -rf /home/pandy/下载/message_highlight /var/www/html/roundcubemail/plugins/ 
sudo gedit /var/www/html/roundcubemail/config/main.inc.php 
$rcmail_config['skin'] = 'larry'; // $rcmail_config['skin'] = 'classic'; 






sudo gedit /etc/dovecot/dovecot.conf 

# If you want to specify ports for each service, you will need to configure 
# these settings inside the protocol imap/pop3 { ... } section, so you can 
# specify different ports for IMAP/POP3. For example: 
# protocol imap { 
# listen = *:10143 
# ssl_listen = *:10943 
# .. 
# } 
# protocol pop3 { 
# listen = *:10100 
# .. 
# } 



If you get errors Mailbox doesn't exist: INBOX 
  vim /etc/dovecot/conf.d/10-mail.conf 
  mail_location = maildir:%hMaildir, 4httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName 

:/etc/httpd/conf/httpd.conf 
5. :sudo gedit /var/log/maillog 
6.: 
Error: user test@pandy8.com: Initialization failed: Initializing mail storage from mail_location setting failed: mkdir(/var/vmail/pandy8.com/test/Maildir) failed: Permission denied (euid=2000(vmail) egid=2000(vmail) missing +w perm: /var/vmail/pandy8.com, euid is not dir owner) 
7. : 
postfix/local[2670]: 74CD9281454: to=<test@pandy8.com>, relay=local, delay=0.33, delays=0.11/0.17/0/0.05, dsn=5.1.1, status=bounced (unknown user: "test") 
http://stackoverflow.com/questions/18377813/postfix-status-bounced-unknown-user-myuser 
mydestination = localhost 
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain