Christopher Jackson's

hacks, thoughts, and utter ramblings.

Setting Up a Mail Server on Ubuntu 12.04 Precise

The following is a guide to setup a mail server using: postfix, dovecot, postgres, and roundcube on Ubuntu 12.04 Precise. I assume that you already have apache2 and postgres installed.

Postfix

First let us install Postfix and Sasl by issuing the following command:

1
sudo apt-get install postfix sasl2-bin

You will be asked some questions just leave everything as default, we will configure these packages in the next step. Run the following command to configure postfix:

1
sudo dpkg-reconfigure postfix

Again, you will be asked some questions:
General type of mail configuration? Internet Site
System mail name? example.com
Root and postmaster mail recipient? Leave blank
Other destinations to accept mail for? example.com, localhost.example.com, localhost
Force synchronous updates on mail queue? No
Local networks? Leave default (127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128)
Mailbox size limit (bytes)? 0 (0 stands for unlimited)
Local address extension character? Leave default (+)
Internet protocols to use? ipv4 (most likely)
Next, let’s take care of certificates for TLS. You will be asked several questions during this process. Fill them in as you see fit.

1
2
3
4
5
6
7
8
9
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Now we need to finish configuring Postfix for TLS and SASL. Run the following commands:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = server1.example.com'
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='

Finally, we restart Postfix by issuing the following command:

1
sudo service postfix restart

Postfix Virtual Hosts

If you need to have multiple mail domains on this server follow these instructions. Otherwise skip to the SASL section.


First we need to tell postfix which domains we will use, to do that we create a file to list them in. To do this issue the following commands:

1
2
sudo mkdir /etc/postfix/virtual
sudo touch /etc/postfix/virtual/domains

In file /etc/postfix/virtual/domains you will need to list all the domains that you wish to handle mail for, it might look something like this:

1
2
3
example.com
foo.com
mysite.com

Now we need to setup the mappings between email addresses and local accounts by creating another file. To do this we issue the following command:

1
sudo touch /etc/postfix/virtual/addresses

In file /etc/postfix/virtual/addresses you will need to list the mappings for each email address, it might look something like this:

1
2
3
4
5
6
7
8
9
example.com              DOMAIN
bob@example.com          bob
steve@example.com        steve

foo.com                    DOMAIN
@foo.com                 steve

mysite.com               DOMAIN
@mysite.com              chris

The above examples setup four mappings:
Mail sent to bob@example.com goes to the local user bob.
Mail sent to steve@example.com goes to the local user steve.
Mail sent to @foo.com goes to the local user steve.
Mail sent to
@mysite.com goes to the local user chris.


Now we need to tell postfix to use these settings by updating the /etc/postfix/main.cf file with the following:

1
2
mydestination = $myhostname, /etc/postfix/virtual/domains
virtual_maps  = hash:/etc/postfix/virtual/addresses

We also need to create a hash of the /etc/postfix/virtual/addresses file. To do this we issue the following command:

1
postmap /etc/postfix/virtual/addresses

Now to apply these changes we need to reload postfix, issue the following command:

1
sudo service postfix reload

SASL

Authentication will be done by saslauthd which will need to be configured to support a chrooted Postfix setup.


Fir we need to edit /etc/default/saslauthd and add or change the following settings so that they match:

1
2
START=yes
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Finish up SASL by creating the chroot directory, adding the postfix user to the sasl group, and then starting saslauthd. Run the following commands to do that:

1
2
3
4
mkdir -p /var/spool/postfix/var/run/saslauthd
dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
adduser postfix sasl
/etc/init.d/saslauthd start

Testing Postfix and SASL


At this point, core email services should be up and running. Let’s make sure that you’re in good shape before moving on. First, establish a connection with the mail server by running the following:

1
telnet localhost 25

After establsihing a connection with the Postfix service, run:

1
ehlo localhost

You should see a few lines of output. Make sure that the two most important lines are there:

1
2
3
4
. . .
250-STARTTLS
250-AUTH PLAIN LOGIN
. . .

To exit telnet type

1
quit

Dovecot.

We now need to install and configure Dovecot, set the mailddir parameter, and restart the service to accept the change. To do that run the following commands:

1
2
3
aptitude install dovecot-imapd dovecot-pop3d
perl -pi -e 's/#mail_location =/mail_location = maildir:\/home\/\%u\/Maildir/' /etc/dovecot/conf.d/10-mail.conf
/etc/init.d/dovecot restart

If everything went smoothly you should now be in email nirvana. Each user has their own email account and you can move on to virtual accounts if you desire.


Virtual Accounts

TO DO


Roundcube

In this guide we will be installing Roundcube into directory /var/www/webmail.
First we need to find out what the latest version of Roundcube is. Go to the Roundcube dowload site, here, and notate the version number of the form x.x.x, as we will need this information later. Right click the download button and copy the link. At the time of writing this the version number was 0.8.5 and the download link was http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.8.5/roundcubemail-0.8.5.tar.gz/download.
Now that we have the link and version number we issue the following commands replacing xxx with the version number and http_link with the link we copied.

1
2
3
cd /tmp && wget -O roundcubemail-xxx.tar.gz http_link
sudo tar -xzvf roundcubemail-xxx.tar.gz -C /var/www
sudo mv /var/www/roundcubemail-xxx/ /var/www/webmail

Now we need to fix file ownership for some of the newly created directories by issuing the following commands:

1
2
sudo chown -R www-data.www-data /var/www/webmail/temp
sudo chown -R www-data.www-data /var/www/webmail/logs

Now we need to create the database and database user for Roundcube in postgres. Issue the following commands to do that:

1

Now we’re all set to start the configuration of Roundcube to do that we will use the web based installer. Navigate to the following address in your web browswer:

1
http://localhost/webmail/installer/

From here just following onscreen prompts to configure your Roundcube instance.

References

RoundCube Install
Postfix Virtual Domains

Installing MPICH2 on Solaris 10 (5.10)

1) Download the current stable release of mpich2 from here. Lets pretend the name of the file you downloaded is mpich2.tar.gz
2) Run the following commands to set up an installation directory in your home folder and to unzip the file:
1
2
3
mkdir -p ~/cluster/mpich2-install
gunzip -c mpich2.tar.gz | tar xf -
cd mpich2
3) Time to configure. Run the following command:
1
./configure CFLAGS=-Wa,--divide --enable-fast=O3 --enable-cxx --disable-f77 --disable-fc --prefix=/home/clj5096/cluster/mpich2-install |& tee configure.log
If this completes without error go to the next step, if there are errors consult configure.log to see what went wrong.
4) Time to make. Run the following command:
1
make |& tee make.log
If this completes without error go to the next step, if there are errors consult make.log to see what went wrong.
5) Time to install. Run the following command:
1
make install |& tee install.log
If this completes without error go to the next step, if there are errors consult install.log to see what went wrong.
6) Follow the directions reported in make & make install about setting your LD_LIBRARY_PATH and PATH variables.

Creating Your Own Cluster of VM’s to Run MPI Applications. Using Ubuntu Server 10.04 LTS.

Notes: I’m using VMWare Fusion 3.1, Ubuntu Server 10.04 LTS (64 bit).
1) Create a new virtual machine and install Ubuntu Server 10.04 LTS (64 bit). I used bridged networking for this machine. This machine will be the base for all other nodes on the cluster.

2) Once the virtual machine is created, log in and run the following commands to install the necessary packages:
1
sudo apt-get install openssh-server openssh-client libcr-dev build-essentials libmpich2-dev mpich2 nfs-common port map
3) Now that we have the packages we need lets set up Hydra (mpd replacement). First we need to set up a hosts file.
1
2
3
cd ~
touch hosts
vi hosts
You will need to put an entry for each node on the cluster on a new line in this file. My setup looks like this:
1
2
3
4
5
6
10.0.1.10 ubu0
10.0.1.11 ubu1
10.0.1.12 ubu2
10.0.1.13 ubu3
10.0.1.14 ubu4
10.0.1.15 ubu5
Next we will have to update the /etc/hosts file. My file looks like this:
1
2
3
4
5
6
7
8
9
10
11
12
13
127.0.0.1 localhost
10.0.1.10 ubu0
10.0.1.11 ubu1
10.0.1.12 ubu2
10.0.1.13 ubu3
10.0.1.14 ubu4
10.0.1.15 ubu5
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
4) Now that we have hydra set up. We will now set up the shared directory that we will export with NFS at a later step. Since we are using this VM as our base install we will only set up the client side of the NFS share right now. To do this we will add an entry into /etc/fstab. Run the following command:
1
2
3
4
5
sudo mkdir -p /srv/research
sudo mkdir -p /shared/research
sudo chown `whoami`:`whoami` /srv/research
sudo chown `whoami`:`whoami` /shared/research
echo -e "10.0.1.10:/srv/research\t/shared/research\tnfs\tsoft,intr,rsize=8192,wsize=8192 0 0" | sudo tee -a /etc/fstab
5) Now we will need to set up a ssh key pair that the VM’s will use to communicate with one another without using a password. Run the following commands:
1
2
3
4
5
ssh-keygen -t dsa    # Hit enter a few times until you get back to the prompt
cd ~/.ssh
cat id_dsa.pub >> authorized_keys
rm id_dsa.pub
chmod 400 authorized_keys
6) Now we need to make configuration changes so that we can connect as a client to an NFS share. Run the following commands:
1
2
echo "portmap : ALL" | sudo tee -a /etc/hosts.deny
echo "portmap : 10.0.1.10" | sudo tee -a /etc/hosts.allow
7) We have now finished setting up our base install for the VM. We now want to stop the VM and make as many copies as we need. Once you’ve copied the VM’s start all the copies. On each of them you will need to update /etc/hostname with the appropriate name. Once you have done this shutdown each of them. You will issue the following commands on each host to perform the aforementioned tasks:
1
2
sudo vi /etc/hostname
sudo shutdown -h now
8 ) Now we need to set up a NFS export on the root node of the cluster (for me that is ubu0). To do this run the following commands:
1
2
3
4
5
touch /srv/research/test
sudo apt-get install nfs-kernel-server
echo "/srv/research 10.0.1.0/255.255.255.0(rw,sync,no_subtree_check)" | sudo tee -a /etc/exports
sudo exportfs -ra
sudo mount -a
If all went well you should see a file called “test” in /shared/research.
9) Now bring up the client nodes (the copies) and do the following to make sure everything is working.
First from the root node ssh into all the client nodes to establish an ECDSA key fingerprint. Once you have done this run the following command:
1
mpiexec -f ~/hosts -n 3 hostname
Output should look something like this:
1
2
3
ubu0
ubu2
ubu1
10) That is it you now have a cluster that you can run MPI applications on.

Setting Up Gitweb on Ubuntu Server(10.04) Using Apache2(w/ Vhosts)

Lets say you want to set up gitweb on your server and reach it from git.yoursite.com. Here is what you will need to do. This tutorial assumes that you already have installed apache2 and git using apt-get install.

First you need to install gitweb by running the following command:
1
sudo apt-get install gitweb
Next, you will need to create a virtual host under apache2. My preferred method for doing this is as follows:
1
2
3
sudo touch /etc/apache2/sites-available/git.yoursite.com
cd /etc/apache2/sites-enabled
sudo ln -s ../sites-available/git.yoursite.com xxx-git

Replace the xxx with three integers or you can name the file anything you want. The only thing to be careful about here is apache will load the first file in the directory as the main site. The way to ensure a certain site is loaded before others is to maintain the naming schema of having 3 digits in the front of the file name. You will notice this by the presence of the default site /etc/apache2/sites-enabled/000-default.

Now you will need to fill in the details for the virtual host by copying the following text into file:

/etc/apache2/sites-available/git.yoursite.com
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<VirtualHost *:80>
	ServerName git.yoursite.com
	ServerAlias www.git.yoursite.com
	DocumentRoot "/usr/share/gitweb"

	<Directory /usr/share/gitweb>
		Options FollowSymLinks +ExecCGI
		AddHandler cgi-script .cgi
 		#Allow from all
		#AllowOverride all
		#Order allow,deny
	</Directory>

	<Directory /var/cache/git>
		#Allow from all
	</Directory>
	#RewriteLog /var/log/apache2/rewritegitweb.log
	#RewriteLogLevel 9
	#ErrorLog /var/log/apache2/gitweb.log
</VirtualHost>
The directives that are commented out above are not needed. You may find the log ones at the bottom useful if you’re having issues after the installation. The generated logs make it easier to track down what is going wrong.

Now all you have to do is restart apache
1
sudo apachectl graceful

You should now be able to hit http://git.yoursite.com and see gitweb. Enjoy!

Suppress Live Update Notifications in OSX

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
$ sudo symsched -l

Module         Name                     On  UI  Freq     Day   Time   Args

-------------- ------------------------ --- --- -------- ----- ------ ----

LiveUpdate     Update All Hourly        1   0   Hourly         13:15  "All Products"

$ sudo symsched -d all

$ sudo symsched LiveUpdate "Update All Hourly" 1 0 -hourly 13:15 "All Products" -quiet

$ sudo symsched -lModule         Name                     On  UI  Freq     Day   Time   Args

-------------- ------------------------ --- --- -------- ----- ------ ----

LiveUpdate     Update All Hourly        1   0   Hourly         13:15  "All Products" -quiet
The first and last command give a listing of the scheduled events. The second command deletes all scheduled events. The third command adds a new event in quiet mode. You can changed the flag to -daily or -weekly as well.

OSX Screen Sharing via Command Line

To turn on screen sharing via command line issue the following command.
1
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw mypasswd -restart -agent -privs -all

To turn off screen sharing via command line issue the following command.
1
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off

Creating a Bootable USB for Ubuntu x.x via OSX

Convert the .iso file to .img using the convert option of hdiutil
1
hdiutil convert -format UDRW -o ~/path/to/target.img ~/path/to/ubuntu.iso
Note: OS X tends to put the .dmg ending on the output file automatically.
Run diskutil list to get the current list of devices
Insert your flash media
Run diskutil list again and determine the device node assigned to your flash media (e.g. /dev/disk2)

Run diskutil unmountDisk /dev/diskN (replace N with the disk number from the last command; in the previous example, N would be 2)
Execute the following:
1
sudo dd if=/path/to/downloaded.img of=/dev/rdiskN bs=1m

(replace /path/to/downloaded.img with the path where the image file is located; for example, ./ubuntu.img or ./ubuntu.dmg).
Using /dev/rdisk instead of /dev/disk may be faster.
If you see the error dd: Invalid number ‘1m’, you are using GNU dd. Use the same command but replace bs=1m with bs=1M.
If you see the error dd:/dev/diskN: Resource busy, make sure the disk is not in use. Start the ‘Disk Utility.app’ and unmount (don’t eject) the drive.
Run diskutil eject /dev/diskN and remove your flash media when the command completes

You now have a bootable USB drive to install ubuntu where ever you please.

Change Shell Script on Sun Machines

So if you are a Penn State Harrisburg student you might have been as frustrated as me to find out that you cant change your default shell. Here is a little hack that will run whatever shell you want and not mess up your ability to sftp onto these machines.
1
2
3
cd ~;
mv .cshrc .cshrc_old
vi .cshrc
Put the following into this file.
1
2
3
4
#!/bin/csh
if ( $?prompt ) then
exec /bin/bash
endif
Then put any env info you want into the following file:
1
~/.bash_rc