qvcs-guide-checkins Mailing List for Qmail POP-toaster setup guide
Brought to you by:
graf25
Menu
▾
▴
qvcs-guide-checkins — CVS checkin notifications
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(4) |
Jul
(1) |
Aug
(3) |
Sep
|
Oct
(1) |
Nov
(6) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(1) |
Feb
|
Mar
(3) |
Apr
|
May
|
Jun
(34) |
Jul
(12) |
Aug
(6) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <gr...@us...> - 2003-08-23 03:50:31
|
Update of /cvsroot/qvcs-guide/qvcs-guide/html
In directory sc8-pr-cvs1:/tmp/cvs-serv6283
Modified Files:
index.html
Log Message:
Damn.
Index: index.html
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/html/index.html,v
retrieving revision 1.20
retrieving revision 1.21
diff -C2 -d -r1.20 -r1.21
*** index.html 23 Aug 2003 03:41:18 -0000 1.20
--- index.html 23 Aug 2003 03:50:28 -0000 1.21
***************
*** 123,127 ****
Author and maintainer: Konstantin Riabitsev, <a
href="http://www.mricon.com/">www.mricon.com</a><br> Last
! updated: July-11-2003
</p>
<p>
--- 123,127 ----
Author and maintainer: Konstantin Riabitsev, <a
href="http://www.mricon.com/">www.mricon.com</a><br> Last
! updated: August-22-2003
</p>
<p>
|
|
From: <gr...@us...> - 2003-08-23 03:41:22
|
Update of /cvsroot/qvcs-guide/qvcs-guide/html
In directory sc8-pr-cvs1:/tmp/cvs-serv5248
Modified Files:
index.html
Log Message:
HR it.
Index: index.html
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/html/index.html,v
retrieving revision 1.19
retrieving revision 1.20
diff -C2 -d -r1.19 -r1.20
*** index.html 23 Aug 2003 03:40:57 -0000 1.19
--- index.html 23 Aug 2003 03:41:18 -0000 1.20
***************
*** 148,151 ****
--- 148,152 ----
Your thoughtfulness will be appreciated!
</p>
+ <hr/>
</body>
</html>
|
|
From: <gr...@us...> - 2003-08-23 03:41:01
|
Update of /cvsroot/qvcs-guide/qvcs-guide/html
In directory sc8-pr-cvs1:/tmp/cvs-serv5192
Modified Files:
index.html
Log Message:
Bleh.
Index: index.html
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/html/index.html,v
retrieving revision 1.18
retrieving revision 1.19
diff -C2 -d -r1.18 -r1.19
*** index.html 23 Aug 2003 03:36:24 -0000 1.18
--- index.html 23 Aug 2003 03:40:57 -0000 1.19
***************
*** 142,146 ****
</p>
<p>
! <a href="www.amazon.com/o/registry/NTBOT1E1AO8X">My Amazon Wish List</a>
</p>
<p>
--- 142,147 ----
</p>
<p>
! <a href="http://www.amazon.com/o/registry/NTBOT1E1AO8X">My Amazon
! Wish List</a>
</p>
<p>
|
|
From: <gr...@us...> - 2003-08-23 03:36:51
|
Update of /cvsroot/qvcs-guide/qvcs-guide
In directory sc8-pr-cvs1:/tmp/cvs-serv4694
Modified Files:
qvcs-guide.xml
Log Message:
Prepping for the release.
Index: qvcs-guide.xml
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.xml,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** qvcs-guide.xml 11 Jul 2003 21:29:26 -0000 1.10
--- qvcs-guide.xml 23 Aug 2003 03:36:48 -0000 1.11
***************
*** 25,31 ****
</author>
</authorgroup>
! <edition>&rhl; 9 Edition</edition>
! <pubdate>July 11, 2003</pubdate>
! <releaseinfo>Version: 1.9.1</releaseinfo>
<copyright>
<year>2001-2003</year>
--- 25,31 ----
</author>
</authorgroup>
! <edition>&rhl; &ver; Edition</edition>
! <pubdate>August 22, 2003</pubdate>
! <releaseinfo>Version: 2.0</releaseinfo>
<copyright>
<year>2001-2003</year>
***************
*** 657,660 ****
--- 657,673 ----
</sect1>
<sect1>
+ <title>What's in the name?</title>
+ <para>
+ It is useful to check whether the qmail installer set your
+ hostname correctly. Go into
+ <filename>/etc/qmail/control</filename> and check what the
+ file "<filename>me</filename>" says. It may be
+ empty, or it may contain the FQDN of your server. You want to
+ put the official name of your server in that file,
+ e.g. "mail.yourisp.com" -- it should not remain
+ empty, as that will cause some outgoing mail to bounce.
+ </para>
+ </sect1>
+ <sect1>
<title>Reboot</title>
<para>
***************
*** 831,841 ****
<para>
If you feel edgy about having an automated updater tool
! running on your system, you may leave yum disabled, but then
! please subscribe to the redhat errata notification list, so
! you know when updates are being released. Don't let your server
! become an internet statistic.
</para>
<para>
! To update a system manually, run:
</para>
<programlisting>
--- 844,863 ----
<para>
If you feel edgy about having an automated updater tool
! running on your system, you may leave auto-updating disabled,
! but then I would suggest putting a "yum
! check-update" run into your nightly cron run. The
! following will notify the root user whenever there are updates
! available for the system:
</para>
+ <programlisting>
+ &prompt; <userinput>echo "yum -d 0 check-update" > /etc/cron.daily/yum-check.cron</userinput>
+ &prompt; <userinput>chmod a+x /etc/cron.daily/yum-check.cron</userinput>
+ </programlisting>
<para>
! Evaluate any updates and apply them. Don't let your server
! become a part of the sad Internet cracking statistic.
! </para>
! <para>
! To update your system manually, run:
</para>
<programlisting>
***************
*** 1483,1486 ****
--- 1505,1539 ----
false-positives, meaning that you can lose important email.
</para>
+ <note>
+ <title>Speed things up</title>
+ <para>
+ This little edit will let you speed things up
+ significantly in SpamAssassin. &rhl; &ver; uses Unicode
+ internally, but many Perl programs do not expect to
+ encounter it, and therefore take a LONG time to perform
+ certain queries, such as string matches. To speed things
+ up, it is useful to tell SpamAssassin to always use
+ "en_US" encoding when doing regex matching of
+ strings. Open
+ <filename>/etc/init.d/spamassassin</filename> in your
+ editor, and add one extra line right after the PATH
+ definition:
+ </para>
+ <programlisting>
+ ...
+ [ -f /usr/bin/spamd -o -f /usr/local/bin/spamd ] || exit 0
+ PATH=$PATH:/usr/bin:/usr/local/bin
+ <userinput>LANG=en_US</userinput>
+
+ # See how we were called.
+ ...
+ </programlisting>
+ <para>
+ Save and restart spamassassin by issuing
+ "<command>service spamassassin
+ restart</command>." This should speed things up
+ significantly.
+ </para>
+ </note>
</sect2>
<sect2>
***************
*** 1562,1570 ****
<title>Report your success</title>
<para>
! If you found this Guide useful, please let me know by executing:
</para>
<programlisting>
! &prompt; <userinput>uname -a | mail qvc...@mr... -s 'Thanks'</userinput>
</programlisting>
</sect1>
</chapter>
--- 1615,1634 ----
<title>Report your success</title>
<para>
! If you found this Guide useful, please let me know by sending
! this brief email (replacing {your locality} with the name of
! your town, state, country).
</para>
<programlisting>
! &prompt; <userinput>echo "Greetings from {your locality}!" | mail qvc...@mr... -s "Thanks"</userinput>
</programlisting>
+ <para>
+ Please also consider expressing your gratitude by sending me a
+ gift from my Amazon Wishlist, which you may find on the main
+ website. This will help me leverage the time I put into
+ maintaining this guide and the packages that come with
+ it. After all, this software isn't free as in beer, but free
+ as in "you are free to reward the author
+ accordingly." :)
+ </para>
</sect1>
</chapter>
|
|
From: <gr...@us...> - 2003-08-23 03:36:27
|
Update of /cvsroot/qvcs-guide/qvcs-guide/html
In directory sc8-pr-cvs1:/tmp/cvs-serv4667
Modified Files:
index.html
Log Message:
Prep for release.
Index: index.html
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/html/index.html,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -d -r1.17 -r1.18
*** index.html 11 Jul 2003 21:29:26 -0000 1.17
--- index.html 23 Aug 2003 03:36:24 -0000 1.18
***************
*** 67,70 ****
--- 67,74 ----
Pittsburgh, PA, USA
</li>
+ <li>
+ <a href="http://norrix.netfirms.com/">Norrix Associates</a>,
+ Bombay, India
+ </li>
<li><em><a href="mailto:ic...@du...">Suggest your company</a></em></li>
</ul>
***************
*** 128,145 ****
</p>
<hr />
<p>
! Donations are appreciated. They help me justify the time I spend
! writing these documents and keeping up the package list
! up-to-date. Moreover, I might investigate other options such as
! postfix-openldap-courier-squirrelmail for those who don't like
! qmail. <strong>Note:</strong> since I cannot legally earn money
! in the US, I will re-donate your gift to other organizations of
! my choosing. No, really, trust me -- IRS is the last thing I
! want on my non-immigrant tail. :)
</p>
<p>
! <a href="http://mricon.com/donate/donate.html"><img
! src="https://www.paypal.com/images/x-click-but21.gif"
! border="0" alt="make a donation"/></a>
</p>
</body>
--- 132,149 ----
</p>
<hr />
+ <h2>Make a Gift Donation</h2>
<p>
! Maintaining this guide and the packages takes quite a bit of
! effort. If you find this guide useful and are happy with the way
! your servers are operating, please consider offering a book from
! my Amazon Wish List in return. After all, this software isn't
! free as in beer -- it is free as in "you are free to express
! your gratitude to the author." :)
</p>
<p>
! <a href="www.amazon.com/o/registry/NTBOT1E1AO8X">My Amazon Wish List</a>
! </p>
! <p>
! Your thoughtfulness will be appreciated!
</p>
</body>
|
|
From: <gr...@us...> - 2003-08-23 02:36:54
|
Update of /cvsroot/qvcs-guide/qvcs-guide In directory sc8-pr-cvs1:/tmp/cvs-serv30348 Modified Files: qvcs-9.ks Log Message: Some nice chvts, plus removing automatic setting of language stuff. Index: qvcs-9.ks =================================================================== RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-9.ks,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** qvcs-9.ks 7 Jul 2003 02:42:28 -0000 1.4 --- qvcs-9.ks 23 Aug 2003 02:36:52 -0000 1.5 *************** *** 2,5 **** --- 2,6 ---- # This is a kickstart file to quickly install a qvcs-9 system. # It only asks these questions: + # * language info # * root password # * timezone *************** *** 9,15 **** # install - lang en_US - langsupport en_US.UTF-8 - keyboard us mouse none --device null skipx --- 10,13 ---- *************** *** 25,28 **** --- 23,28 ---- %post + chvt 3 + echo ">>> Performing QVCS Post-Install <<<" echo "Importing public keys" ## *************** *** 66,67 **** --- 66,69 ---- echo "Cleaning up" /usr/bin/yum -y clean packages + echo ">>> QVCS Post-Install complete <<<" + chvt 1 |
|
From: <gr...@us...> - 2003-07-11 21:29:29
|
Update of /cvsroot/qvcs-guide/qvcs-guide/html
In directory sc8-pr-cvs1:/tmp/cvs-serv24002/html
Modified Files:
index.html
Log Message:
Beta is out.
Index: index.html
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/html/index.html,v
retrieving revision 1.16
retrieving revision 1.17
diff -C2 -d -r1.16 -r1.17
*** index.html 11 Jul 2003 03:03:36 -0000 1.16
--- index.html 11 Jul 2003 21:29:26 -0000 1.17
***************
*** 29,35 ****
</ul>
<p>
! You can also peruse the source rpms located here:
</p>
<ul>
<li><a href="srpms/">Source RPMS</a></li>
</ul>
--- 29,36 ----
</ul>
<p>
! You can also peruse the rpms located here:
</p>
<ul>
+ <li><a href="yum/9/">RPMS for Red Hat Linux 9</a></li>
<li><a href="srpms/">Source RPMS</a></li>
</ul>
***************
*** 118,122 ****
Author and maintainer: Konstantin Riabitsev, <a
href="http://www.mricon.com/">www.mricon.com</a><br> Last
! updated: July-10-2003
</p>
<hr />
--- 119,129 ----
Author and maintainer: Konstantin Riabitsev, <a
href="http://www.mricon.com/">www.mricon.com</a><br> Last
! updated: July-11-2003
! </p>
! <p>
! <a href="http://creativecommons.org/licenses/by-nc-sa/1.0/"><img
! alt="Creative Commons License" border="1"
! src="http://creativecommons.org/images/public/somerights.gif"
! /></a>
</p>
<hr />
|
|
From: <gr...@us...> - 2003-07-11 21:29:29
|
Update of /cvsroot/qvcs-guide/qvcs-guide In directory sc8-pr-cvs1:/tmp/cvs-serv24002 Modified Files: Makefile qvcs-guide.xml Added Files: rpm-key.asc Log Message: Beta is out. --- NEW FILE: rpm-key.asc --- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDyYyWERBACFMZKbAn1noh5lt9jvYA7vnyHT815x9roUfh1Vrikw+Tt5tmZV lzVHoZvY/uVXNrorxOaq8VHri64G5kKg6E4XTIqVQfXl7NrxN49N8Kd/WsTDta8I ETbDH6c+cca35c6qXwM0oDBqQZIbieXw6c8jJ9CVv0Wq72wVNEl+H1nPowCgtSwd 6iIRj29C003diQqePWZE4xsD/idvz+VxexhCdsblABD1Gr7svLaetIbmDNrtSx+v ggRu0AcQ++r+6MCHSEkvzIzQrCv/6P68OFoWntBWsFwAnn2wXsPOBkaxNFjaNUAs NhmenqC6iwZuwyudQhAm02+vWppIvVRXwpdEF25NCUnh+auQkW/K4b7kOkuL/eAi M154BACDr7tK4Iobn/8wFAOZKQ5JREvkYEO3MSwmiAZOm9PwocSoB7uC9DRWOcHj fpEI6tQq0ZZWsY8IC+w2SHQjItWNmDsNS9SzPRT6KK5gp1x1qlZozB39IhobxD7y HdkYzoqtQDsE+awYUOStPcE8B5xTf8Yk0k8UvJElag39tWqbU7Q3S29uc3RhbnRp biBSaWFiaXRzZXYgKFJQTSBrZXkpIDxpY29uLXJwbXNAcGh5LmR1a2UuZWR1PohX BBMRAgAXBQI8mMlhBQsHCgMEAxUDAgMWAgECF4AACgkQ569RNR6zk+rsBQCfcZHk 7NeB9Whl7PONkI6sdMl7JtkAoJz0PzDhyic7GXe9jtN8+iZV2W1duQENBDyYyWIQ BACmT3sYY8gtmVB4YdZLtgMOghfNvjafONvHrBmfHKssw/3oA2HsihKCLJ7KlOnH aaUsbayM7TpmfGzqJYYwn3tJEJO11hYhFL5epgFQaD9hroCI5w+o3npHHX0Xm0bV Q+mX91iwYXfmQTwcbzMHZlj+JqZimQDAoyiLXjExFb2ewwADBgQAgJOWSP6taqw8 PQjh+6UC9vjNSP00tFB4VSO24BRscyEecv+v3+FnLHxt20xAPkB6GpAxaSXeNhLe tgGzshFj2QuiLFEN6TUgKRCUN2yZmpmhWTV+JzTPM3OspxhSBCySxQ05LGOaCwvl ZmI8Xj5FtpeNpsg05bmkAnEpagLbX9GIRgQYEQIABgUCPJjJYgAKCRDnr1E1HrOT 6jJXAJwNDZeScrAULBpYrx48aPT2zCWhzQCfSh3ih5/t9RZeIBWH/ZeYZk1HA90= =vRvH -----END PGP PUBLIC KEY BLOCK----- Index: Makefile =================================================================== RCS file: /cvsroot/qvcs-guide/qvcs-guide/Makefile,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** Makefile 11 Jul 2003 03:03:35 -0000 1.13 --- Makefile 11 Jul 2003 21:29:26 -0000 1.14 *************** *** 7,10 **** --- 7,11 ---- HELPERSV=2.0.0 HELPERSDIR=qvcs-helpers-$(HELPERSV) + OSVER=9 all: site qvcs-helpers *************** *** 17,23 **** site: qvcs-guide.pdf qvcs-guide.html ! mkdir -p site/ cp html/*.html html/*.css site/ cp qvcs-guide.xml qvcs-guide.html qvcs-guide.pdf site/ site-commit: site --- 18,27 ---- site: qvcs-guide.pdf qvcs-guide.html ! mkdir -p site/yum/$(OSVER) cp html/*.html html/*.css site/ cp qvcs-guide.xml qvcs-guide.html qvcs-guide.pdf site/ + cp qvcs-$(OSVER).ks qvcs-init site/ + cp yumgroups.xml site/yum/$(OSVER)/ + cp rpm-key.asc site/yum/ site-commit: site Index: qvcs-guide.xml =================================================================== RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.xml,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** qvcs-guide.xml 11 Jul 2003 03:03:35 -0000 1.9 --- qvcs-guide.xml 11 Jul 2003 21:29:26 -0000 1.10 *************** *** 26,31 **** </authorgroup> <edition>&rhl; 9 Edition</edition> ! <pubdate>July 10, 2003</pubdate> ! <releaseinfo>Version: 1.90</releaseinfo> <copyright> <year>2001-2003</year> --- 26,31 ---- </authorgroup> <edition>&rhl; 9 Edition</edition> ! <pubdate>July 11, 2003</pubdate> ! <releaseinfo>Version: 1.9.1</releaseinfo> <copyright> <year>2001-2003</year> *************** *** 578,582 **** command you will need to use the username reported by <command>addvirt</command> instead of "hogwarts_jk" ! (usually it just subsitutes all dots for underscores in the domain name to arrive at the username). Oh, and make it something other than "albus," of course. --- 578,582 ---- command you will need to use the username reported by <command>addvirt</command> instead of "hogwarts_jk" ! (usually it just substitutes all dots for underscores in the domain name to arrive at the username). Oh, and make it something other than "albus," of course. *************** *** 749,753 **** This is the lowest form of administrators -- they can only administer one domain -- their own. You can give a user ! administator privileges by checking "<emphasis>can administer this domain</emphasis>" in the "edit user" screen. --- 749,753 ---- This is the lowest form of administrators -- they can only administer one domain -- their own. You can give a user ! administrator privileges by checking "<emphasis>can administer this domain</emphasis>" in the "edit user" screen. *************** *** 802,805 **** --- 802,813 ---- </sect1> <sect1> + <title>Removing domains</title> + <para> + To remove domains, use "<command>rmvirt + domainname.com</command>". It will optionally back up + configurations for the domain before removing it entirely. + </para> + </sect1> + <sect1> <title>Automated Updates Using Yum</title> <para> *************** *** 828,831 **** --- 836,845 ---- become an internet statistic. </para> + <para> + To update a system manually, run: + </para> + <programlisting> + &prompt; <userinput>yum update</userinput> + </programlisting> </sect1> <sect1> *************** *** 1073,1077 **** </para> <para> ! Let's first of all create a test certificate to practice on. Perform the following actions: </para> --- 1087,1091 ---- </para> <para> ! Let's first of all create a test certificate to practise on. Perform the following actions: </para> *************** *** 1198,1202 **** authorities, then you may skip this part -- the self-signed certificate you created by running <command>make ! stunnel.pem</command> just as secure. </para> <para> --- 1212,1216 ---- authorities, then you may skip this part -- the self-signed certificate you created by running <command>make ! stunnel.pem</command> is just as secure. </para> <para> *************** *** 1399,1403 **** If you have gotten yourself an unresolved dependency to <emphasis>qmail-qmailqueue-patch</emphasis>, then you ! should've paid attention to the part where I was talking about rebuilding qmail to support the advanced features. </para> --- 1413,1417 ---- If you have gotten yourself an unresolved dependency to <emphasis>qmail-qmailqueue-patch</emphasis>, then you ! should have paid attention to the part where I was talking about rebuilding qmail to support the advanced features. </para> *************** *** 1507,1511 **** </sect1> <sect1> ! <title>Subsribe to the mailing lists!</title> <para> No, honestly, do so. Subscribe to the following two mailing lists: --- 1521,1525 ---- </sect1> <sect1> ! <title>Subscribe to the mailing lists!</title> <para> No, honestly, do so. Subscribe to the following two mailing lists: *************** *** 1614,1617 **** --- 1628,1635 ---- &prompt; <userinput>sh qvcs-init</userinput> </programlisting> + <para> + Once this part is done, move on to the "Migrating the + configs" section. + </para> </sect2> </sect1> |
|
From: <gr...@us...> - 2003-07-11 03:03:39
|
Update of /cvsroot/qvcs-guide/qvcs-guide/html
In directory sc8-pr-cvs1:/tmp/cvs-serv2245/html
Modified Files:
faq.html index.html
Log Message:
I think I'm ready for a beta run.
Index: faq.html
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/html/faq.html,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** faq.html 19 Mar 2003 04:32:44 -0000 1.7
--- faq.html 11 Jul 2003 03:03:36 -0000 1.8
***************
*** 6,75 ****
<body>
<h1>QVCS guide FAQ</h1>
- <h2>
- Q: I can't get the "Admin" link to show up, although I'm logged in as
- "elvis"
- </h2>
- <p>
- Vadmin must have a way to figure out which domain you are trying
- to access. In order to do that, it looks at the $HTTP_HOST
- variable set by the apache server. Then it compares the
- $HTTP_HOST to the list of configured domains, and then figures
- out the level of control to give you.
- </p>
- <p>
- The most common problem is when people are still trying out the
- system and access it via a dotted-decimal IP address, or some
- other domain, not actually the one configured with vadmin. When
- vadmin looks at the $HTTP_HOST variable, the domain in there
- doesn't match the list of domains configured with vadmin,
- therefore it can't figure out what access level to give
- you. Therefore, it doesn't give you any access.
- </p>
- <p>
- The solution is obvious -- access the system as actually one of
- the domans you've configured it for. If you can't do that
- because you are still setting the system up, then edit your
- /etc/hosts (on *nix) or c:\windows\hosts or somesuch and
- hard-code the IP address to resolve to your domain name of
- choice (this is on your CLIENT machine, not on your QVCS
- server!).
- </p>
- <p>
- That's how I make my hogwarts.jk domains to work. :) Well, plus
- hogwarts.jk is my internal home network, but that's beside the
- point.
- </p>
- <h2>Q: How do I make a catch-all account?</h2>
- <p>
- Catch-all accounts are special mailboxes or forwarding aliases,
- which will match ANY username that isn't already configured,
- such as any...@do... will go to that catchall account, if
- the user/alias "anything" isn't already defined.
- </p>
- <p>
- VmailMgr provides a catchall account. Just create a
- username/alias "+" (yes, that's a plus). Yeah, it's a bit
- non-obvious. Vadmin-2 will handle this much more gracefully.
- </p>
- <h2>Q: Can I set up autoresponders?</h2>
- <p>
- Short version: Not yet. Soon.
- </p>
- <p>
- Long version: Ask on the list. Someone might be able to help
- you.
- </p>
<h2>Q: Can I have both virtual and real domains on the system?</h2>
<p>
Yes. Make sure AUTHMODULES in /etc/courier-imap/{imapd/pop3d}
! are set to "authvmailmgr authdaemon" and that the "real"
! domain is added to "/etc/qmail/control/locals".
! </p>
! <h2>Q: Squirrelmail won't send out e-mail.</h2>
! <p>
! If it acts as if it just refreshes the screen and loads a
! blank e-mail form, make sure you have enabled file uploads in
! /etc/php.ini and restarted the httpd process. In other words,
! set file_uploads to "on" and run /etc/init.d/httpd restart.
</p>
<h2>Q: I can't send out e-mail!</h2>
--- 6,15 ----
<body>
<h1>QVCS guide FAQ</h1>
<h2>Q: Can I have both virtual and real domains on the system?</h2>
<p>
Yes. Make sure AUTHMODULES in /etc/courier-imap/{imapd/pop3d}
! are set to "authvmailmgr authdaemon" and that the "real" domain
! is added to "/etc/qmail/control/locals". It is also worthy of
! mention that an "elvis" must be a virtual user.
</p>
<h2>Q: I can't send out e-mail!</h2>
***************
*** 108,124 ****
Run <tt>/etc/init.d/qmail restart</tt> after you've done these
modifications.
- </p>
- <h2>Q: Is there going to be a version for Red Hat Linux 8.0?</h2>
- <p>
- No. You really shouldn't be running 8.0 on a production
- server. That's just folly. I'll see how things are around the
- time of 8.1.
- </p>
- <h2>Q: What about SMTP Auth?</h2>
- <p>
- SMTP-AUTH will be officially supported in the release for
- 8.1. Currently, refer to <a
- href="https://sourceforge.net/mailarchive/forum.php?thread_id=1236164&forum_id=8389">this
- message sent to the mailing list a while ago</a>.
</p>
</body>
--- 48,51 ----
Index: index.html
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/html/index.html,v
retrieving revision 1.15
retrieving revision 1.16
diff -C2 -d -r1.15 -r1.16
*** index.html 19 Mar 2003 19:26:33 -0000 1.15
--- index.html 11 Jul 2003 03:03:36 -0000 1.16
***************
*** 1,9 ****
! <html>
<head>
! <title>Qmail-Vmailmgr-Courier-SquirrelMail Installation Guide</title>
<link href="qvcs-guide.css" rel="stylesheet" type="text/css">
</head>
<body>
! <h1>Qmail-Vmailmgr-Courier-SquirrelMail Installation Guide</h1>
<p>Mirrors:</p>
<ul>
--- 1,12 ----
! <!DOCTYPE html
! PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
! "DTD/xhtml1-strict.dtd">
! <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
! <title>Pop-Toaster using Qmail-Vmailmgr-Courier-SquirrelMail</title>
<link href="qvcs-guide.css" rel="stylesheet" type="text/css">
</head>
<body>
! <h1>Pop-Toaster using Qmail-Vmailmgr-Courier-SquirrelMail</h1>
<p>Mirrors:</p>
<ul>
***************
*** 12,61 ****
<li><a href="http://www.dulug.duke.edu/~icon/qvcs-guide/">
www.dulug.duke.edu/~icon/qvcs-quide</a></li>
! <li><a href="http://www.mricon.com/SM/guide/">
! www.mricon.com/SM/guide/</a></li>
</ul>
- <p>
- There are two guides found here. One is written for BSD-ish
- systems, such as OpenBSD, FreeBSD, NetBSD, Slackware... And
- another written for Red Hat Linux.
- </p>
<hr />
! <h3>Guide for BSD systems (unmantained)</h3>
! <p>
! <strong>Attention:</strong> Maintainer needed. Please send
! e-mail to the qvcs-guide-list if you are interested.
! </p>
<p>
This guide is available in the following formats:
</p>
<ul>
! <li><a href="bsd/qvcs-guide.tex">LaTeX source</a></li>
! <li><a href="bsd/qvcs-guide.pdf">PDF</a></li>
! </ul>
! <p>
! There are also the following helper scripts available:
! </p>
! <ul>
! <li><a href="bsd/edrelays.sh.txt">edrelays.sh</a></li>
! <li><a href="bsd/addvirt.sh.txt">addvirt.sh</a></li>
! <li><a href="bsd/rmvirt.sh.txt">rmvirt.sh</a></li>
</ul>
- <hr />
- <h3>Guide for Red Hat Linux systems (updated to 7.3)</h3>
<p>
! This guide is available in the following formats:
</p>
<ul>
! <li><a href="rhl/qvcs-guide.tex">LaTeX source</a></li>
! <li><a href="rhl/qvcs-guide.pdf">PDF</a></li>
</ul>
<p>
! You can also view the list of available RPM packages:
</p>
- <ul>
- <li><a href="RPMS/rh72/current/">Red Hat Linux 7.2</a></li>
- <li><a href="RPMS/rh73/current/">Red Hat Linux 7.3</a></li>
- <li><a href="SRPMS/current/">Source RPMS</a></li>
- </ul>
<hr />
<h2>Free Support</h2>
--- 15,46 ----
<li><a href="http://www.dulug.duke.edu/~icon/qvcs-guide/">
www.dulug.duke.edu/~icon/qvcs-quide</a></li>
! <li><a href="http://mirror.mricon.com/qvcs-guide/">
! mirror.mricon.com/qvcs-guide/</a></li>
</ul>
<hr />
! <h1>Red Hat Linux 9</h1>
<p>
This guide is available in the following formats:
</p>
<ul>
! <li><a href="qvcs-guide.html">HTML (read online)</a></li>
! <li><a href="qvcs-guide.pdf">PDF (print out)</a></li>
! <li><a href="qvcs-guide.xml">DocBook (look at pretty XML)</a></li>
</ul>
<p>
! You can also peruse the source rpms located here:
</p>
<ul>
! <li><a href="srpms/">Source RPMS</a></li>
</ul>
<p>
! <em>Note: if you are looking for a BSD guide, it has been
! discontinued. Please refer to the following resource which
! maintains a build-from-scratch installation guide along the same
! main lines:<br />
! <a href="http://megaz.arbuz.com/?p=qmail_howto">
! http://megaz.arbuz.com/?p=qmail_howto</a>
! </em>
</p>
<hr />
<h2>Free Support</h2>
***************
*** 131,138 ****
<hr />
<p>
! Author and maintainer: <a href="mailto:ic...@du...">Konstantin
! Riabitsev</a>, <a
href="http://www.mricon.com/">www.mricon.com</a><br> Last
! updated: January, 2g3
</p>
<hr />
--- 116,122 ----
<hr />
<p>
! Author and maintainer: Konstantin Riabitsev, <a
href="http://www.mricon.com/">www.mricon.com</a><br> Last
! updated: July-10-2003
</p>
<hr />
***************
*** 144,171 ****
qmail. <strong>Note:</strong> since I cannot legally earn money
in the US, I will re-donate your gift to other organizations of
! my choosing. Organizations donated to so far:
</p>
- <ul>
- <li>
- <a href="http://www.randi.org/">James Randi Educational
- Foundation</a> ($100).
- </li>
- <li>
- <a href="http://www.digitallyimported.com/">Digitally
- Imported</a> ($10).
- </li>
- <li>
- <a href="http://www.xiph.org/">Xiph.org (makers of ogg
- vorbis)</a> ($20).
- </li>
- <li>
- <a href="http://www.eff.org/">Electronic Frontier Foundation</a>
- (~$100 total)
- </li>
- <li>
- <a href="http://www.detroitproject.com/">Detroit Project</a>
- ($50)
- </li>
- </ul>
<p>
<a href="http://mricon.com/donate/donate.html"><img
--- 128,134 ----
qmail. <strong>Note:</strong> since I cannot legally earn money
in the US, I will re-donate your gift to other organizations of
! my choosing. No, really, trust me -- IRS is the last thing I
! want on my non-immigrant tail. :)
</p>
<p>
<a href="http://mricon.com/donate/donate.html"><img
|
|
From: <gr...@us...> - 2003-07-11 03:03:39
|
Update of /cvsroot/qvcs-guide/qvcs-guide In directory sc8-pr-cvs1:/tmp/cvs-serv2245 Modified Files: Makefile qvcs-guide.xml Log Message: I think I'm ready for a beta run. Index: Makefile =================================================================== RCS file: /cvsroot/qvcs-guide/qvcs-guide/Makefile,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** Makefile 20 Jun 2003 20:41:53 -0000 1.12 --- Makefile 11 Jul 2003 03:03:35 -0000 1.13 *************** *** 1,8 **** # $Id$ ! PDFTEX=/usr/bin/pdflatex RSYNC=/usr/bin/rsync RSYNCFLAGS=-avz ! REMOTELOC=gr...@sh...:/home/groups/q/qv/qvcs-guide/htdocs/ HELPERSV=2.0.0 HELPERSDIR=qvcs-helpers-$(HELPERSV) --- 1,8 ---- # $Id$ ! XMLTO=/usr/bin/xmlto RSYNC=/usr/bin/rsync RSYNCFLAGS=-avz ! REMOTELOC=norbert.linux.duke.edu:~/qvcs-guide/ HELPERSV=2.0.0 HELPERSDIR=qvcs-helpers-$(HELPERSV) *************** *** 10,38 **** all: site qvcs-helpers ! pdf: ! for FILE in *.tex; do $(PDFTEX) $$FILE; $(PDFTEX) $$FILE; done ! rm -f *.toc *.aux *.log ! ! clean-all: clean clean-site clean-helpers ! ! clean: ! rm -f *.pdf *.toc *.aux *.log *.dvi ! find -name '*~' -exec rm -f {} \; ! clean-site: clean ! rm -rf site ! site: pdf ! mkdir -p site/bsd cp html/*.html html/*.css site/ ! cp qvcs-guide-bsd.tex site/bsd/qvcs-guide.tex ! mv qvcs-guide-bsd.pdf site/bsd/qvcs-guide.pdf ! for FILE in *.sh.bsd; do \ ! NEWFILE=`echo $$FILE | sed 's/.sh.bsd/.sh.txt/g'`; \ ! cp $$FILE site/bsd/$$NEWFILE; \ ! done ! mkdir -p site/rhl ! cp qvcs-guide-rh7.tex site/rhl/qvcs-guide.tex ! mv qvcs-guide-rh7.pdf site/rhl/qvcs-guide.pdf site-commit: site --- 10,23 ---- all: site qvcs-helpers ! qvcs-guide.pdf: ! $(XMLTO) pdf qvcs-guide.xml ! qvcs-guide.html: ! $(XMLTO) xhtml-nochunks qvcs-guide.xml ! site: qvcs-guide.pdf qvcs-guide.html ! mkdir -p site/ cp html/*.html html/*.css site/ ! cp qvcs-guide.xml qvcs-guide.html qvcs-guide.pdf site/ site-commit: site *************** *** 45,48 **** --- 30,42 ---- tar czvf $(HELPERSDIR).tar.gz $(HELPERSDIR) rm -rf $(HELPERSDIR) + + clean-all: clean clean-site clean-helpers + + clean: + rm -f *.pdf *.html + find -name '*~' -exec rm -f {} \; + + clean-site: + rm -rf site clean-helpers: Index: qvcs-guide.xml =================================================================== RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.xml,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** qvcs-guide.xml 10 Jul 2003 22:26:49 -0000 1.8 --- qvcs-guide.xml 11 Jul 2003 03:03:35 -0000 1.9 *************** *** 596,603 **** install <command>nano</command> by using yum. Nano is a successor to pico and inherits all of its shortcuts. ! <programlisting> &prompt; <userinput>yum install nano</userinput> ! </programlisting> </para> </tip> <para> --- 596,611 ---- install <command>nano</command> by using yum. Nano is a successor to pico and inherits all of its shortcuts. ! </para> ! <programlisting> &prompt; <userinput>yum install nano</userinput> ! </programlisting> ! <para> ! It is useful to know that calling nano with a "-w" ! flag will turn off automatic line wrapping. Good for files ! where you have to type a very long line without it wrapping: </para> + <programlisting> + &prompt; <userinput>nano -w filename.conf</userinput> + </programlisting> </tip> <para> *************** *** 822,831 **** </sect1> <sect1> ! <title>Backup</title> ! <para>I NEED CONTENT!</para> ! </sect1> ! <sect1> ! <title>Restore</title> ! <para>I NEED CONTENT!</para> </sect1> <sect1> --- 830,853 ---- </sect1> <sect1> ! <title>Keeping in Time</title> ! <para> ! It is important for a mailserver to have its clock set ! correctly, otherwise there may be problems with messages being ! timestamped incorrectly. This will help keep your clock in ! sync with the central network time authority. Create a file ! <filename>/etc/cron.hourly/rdate.cron</filename> and put the ! following in it: ! </para> ! <programlisting> ! #!/bin/sh ! # Synchronize the time with nist.gov ! (/usr/bin/rdate -s time.nist.gov) && (/sbin/hwclock --systohc) ! </programlisting> ! <para> ! Then set the execute permissions: ! </para> ! <programlisting> ! &prompt; <userinput>chmod 755 /etc/cron.hourly/rdate.cron</userinput> ! </programlisting> </sect1> <sect1> *************** *** 849,852 **** --- 871,995 ---- </para> </sect1> + <sect1> + <title>Backup</title> + <para> + There are many backup systems out there, so I will not cover + them in this little foray. Instead, I will tell you which + parts to back up, and it will be up to you to come up with a + method. + </para> + <para> + The following files and/or directories need to be backed up in + a cookie-cutter &qvcs; system. If you make additions or + modifications, you will need to make sure they are reflected + in this list. + </para> + <note> + <para> + Some of the files in this list include the ones created or + modified in the advanced section. If you did not add + advanced features, your system may lack some of these + entries. + </para> + </note> + <programlisting> + /etc/passwd + /etc/shadow + /etc/group + /etc/sslcert.pem + /etc/sysconfig/spamassassin + /etc/sysconfig/iptables + /etc/hosts.* + /etc/xinetd.d/smtp + /etc/ssh/*_key* + /etc/httpd + /etc/vadmin + /etc/squirrelmail + /etc/qmail + /etc/courier-imap + /etc/vmailmgr + /var/lib/vadmin + /var/lib/squirrelmail + /var/qmail/queue + /home/dom + /root + </programlisting> + </sect1> + <sect1> + <title>Restore</title> + <para> + If your system has crashed and you have to reinstall + everything from scratch, here is how you would go about it. + </para> + <procedure> + <step> + <para> + <emphasis>Install a vanilla system</emphasis>. + Just create a vanilla &rhl; &ver; setup. DO NOT use the + kickstart provided with the guide, as there are some + delicate issues with qmail usernames having to match the + userids. + </para> + </step> + <step> + <para> + <emphasis>Restore the backup files</emphasis>. Restore + them over the existing tree. For example, if your backup + is in <filename>/home/bak.tar.gz</filename>, then you + would restore it like this: + </para> + <programlisting> + &prompt; <userinput>cd /</userinput> + &prompt; <userinput>tar xzvf /home/bak.tar.gz</userinput> + </programlisting> + </step> + <step> + <para> + <emphasis>Run qvcs-init</emphasis>. Refer to the install + section of this guide. It will wordily complain about + creating .rpmnew files, but that's exactly what you want. + </para> + </step> + <step> + <para> + <emphasis>Run qvcs-install</emphasis>. However, skip all + sections except the last two -- where it enables/disables + services and removes sendmail. + </para> + </step> + <step> + <para> + If your system utilized advanced features + </para> + <substeps> + <step> + <para> + <emphasis>Reinstall the custom qmail + RPM</emphasis>. If you have backed up your + custom-built Qmail RPM, you should install it now, + otherwise download and rebuild again. Refer to the + appropriate section of this guide. + </para> + </step> + <step> + <para> + <emphasis>Reinstall the filter group</emphasis>. + Perform the following actions: + </para> + <programlisting> + &prompt; <userinput>yum groupinstall "QVCS Filter"</userinput> + &prompt; <userinput>chkconfig spamassassin on</userinput> + &prompt; <userinput>service spamassassin start</userinput> + &prompt; <userinput>qmail-scanner-reconfigure --assumeyes</userinput> + </programlisting> + </step> + </substeps> + </step> + </procedure> + <para> + This should be it. After these steps are done, your system + should be reinstalled. + </para> + </sect1> </chapter> <!-- #################################################################### --> *************** *** 894,898 **** download, so prepare to be patient. Once all these steps are complete, you have successfully installed a modified version ! of qmail, necessary for the advanced configurations. </para> </sect2> --- 1037,1044 ---- download, so prepare to be patient. Once all these steps are complete, you have successfully installed a modified version ! of qmail, necessary for the advanced configurations. You ! might find it useful to backup this custom RPM, so in case ! you have to reinstall your system you don't have to go ! through this again. </para> </sect2> *************** *** 1400,1408 **** </sect1> <sect1> ! <title>Thank you and good luck! ;)</title> <para> If you found this Guide useful, please let me know by executing: </para> ! v <programlisting> &prompt; <userinput>uname -a | mail qvc...@mr... -s 'Thanks'</userinput> </programlisting> --- 1546,1554 ---- </sect1> <sect1> ! <title>Report your success</title> <para> If you found this Guide useful, please let me know by executing: </para> ! <programlisting> &prompt; <userinput>uname -a | mail qvc...@mr... -s 'Thanks'</userinput> </programlisting> *************** *** 1425,1430 **** clean. </para> <sect1> ! <title>Upgrading via Upgrading</title> <para> This path will let you upgrade your system using Red Hat --- 1571,1580 ---- clean. </para> + <para> + In either case the process should take hardly more than an hour, + largely dependent on your network speed. + </para> <sect1> ! <title>Upgrading via an Upgrade</title> <para> This path will let you upgrade your system using Red Hat *************** *** 1465,1628 **** </programlisting> </sect2> <sect2> ! <title>Migrating the configs</title> <para> ! Several packages have changed their configurations pretty ! dramatically, most notably SquirrelMail (version change from ! 1.2 to 1.4), Vadmin (from 1.0 to 1.9), Courier-IMAP (from ! 1.4 to 2.0), and Apache (from 1.3 to 2.0). Migrating your ! configurations is going to take some effort. </para> ! <sect3> ! <title>Apache</title> ! <para> ! You cannot use the old httpd configs at all, so you will ! need to do the following: ! </para> ! <programlisting> &prompt; <userinput>cd /etc/httpd/conf</userinput> &prompt; <userinput>mv httpd.conf httpd.conf.old</userinput> &prompt; <userinput>mv httpd.conf.rpmnew httpd.conf</userinput> ! </programlisting> ! <para> ! If your 7.3 system was being used ! <emphasis>solely</emphasis> as a cookie-cutter &qvcs; ! install, that's all you have to do -- the rest will be ! taken care of by <command>qvcs-install</command>. If, ! however, you have been serving some things other than just ! webmail from your webserver, you will need to peruse your ! old apache configuration file and manually migrate ! settings from there to the Apache-2.0 new configuration ! format. ! </para> ! <note> ! <para> ! It is no longer necessary to add an ! <varname>Include</varname> statement for vadmin in your ! httpd.conf -- it is now done automatically in the ! <filename>/etc/httpd/conf.d</filename> directory. ! </para> ! </note> ! </sect3> ! <sect3> ! <title>SquirrelMail</title> ! <para> ! If you have been using any additional plugins for ! Squirrelmail that you have installed on your own, you will ! need to check if newer versions exist that are known to ! work on Squirrelmail-1.4. Other than that, you should not ! have to change anything -- configuration will be taken ! care of by <command>qvcs-install</command>. ! </para> ! <para> ! It is also worthy of mention that SquirrelMail now lives ! in <filename>/usr/share/squirrelmail</filename> instead of ! <filename>/var/www/squirrelmail</filename>, so be sure to ! make appropriate edits if you have any software (like ! extra plugins) that expect to find squirrelmail in the old ! location. ! </para> ! </sect3> ! <sect3> ! <title>Vadmin</title> ! <para> ! This one is going to take a little effort. Storage format ! has changed between 1.0 and 1.9 (2.0 beta), so a few ! things need to be taken care of before your old ! preferences can be used. ! </para> <para> ! First of all, go into <filename>/etc/vadmin</filename> and ! perform the following: </para> ! <programlisting> &prompt; <userinput>cd /etc/vadmin</userinput> &prompt; <userinput>mv apache.inc.rpmsave /etc/httpd/conf.d/vadmin.conf</userinput> ! </programlisting> ! <para> ! Now open ! <filename>/etc/httpd/conf.d/vadmin.conf</filename> in your ! editor and change the path in the ! <varname>Directory</varname> directive from ! <filename>/var/www/squirrelmail/plugins/vadmin</filename> ! to the new location of squirrelmail install: ! </para> ! <programlisting> <Directory "/usr/share/squirrelmail"> ! </programlisting> ! <para> ! Now do the following to set some permissions that ! vadmin-1.9 expects to find. ! </para> ! <programlisting> &prompt; <userinput>chown -R root:apache /var/lib/vadmin</userinput> &prompt; <userinput>chmod -R g+w /var/lib/vadmin</userinput> ! </programlisting> ! <para> ! Now, finally, open ! <filename>/etc/vadmin/vadmin.conf</filename> in your ! editor and change the following things: in the ! <varname>[auth]</varname> section change the ! <varname>elvis</varname> setting to reflect the real ! elvises that vadmin has defined (if you don't remember, ! look in <filename>/var/lib/vadmin/cross-admins/</filename> ! for any username files that contain "elvis" as ! the only thing in it. After that, locate a commented-out ! <varname>[upgrade]</varname> section and remove all ! semicolons to enable the upgrading of domain preferences ! on the fly. ! </para> ! </sect3> ! <sect3> ! <title>Courier-IMAP</title> ! <para> ! Only a small edit is required: ! </para> ! <programlisting> &prompt; <userinput>cd /etc/courier-imap</userinput> &prompt; <userinput>mv imapd-ssl.rpmnew imapd-ssl</userinput> &prompt; <userinput>mv pop3d-ssl.rpmnew pop3d-ssl</userinput> ! </programlisting> ! </sect3> ! <sect3> ! <title>Iptables</title> ! <para> ! Firewalling software has largely migrated from ipchains to ! iptables, so do the following: ! </para> ! <programlisting> &prompt; <userinput>chkconfig ipchains off</userinput> &prompt; <userinput>chkconfig iptables on</userinput> ! </programlisting> ! </sect3> ! <sect3> ! <title>qvcs-install</title> ! <para> ! Now that you have done all of the above, you can run ! <command>qvcs-install</command> to take care of various ! little settings that are needed for &qvcs;. Every step of ! the program will ask you for confirmation before making ! any changes, so if you are sure you don't want it to touch ! certain things, you can skip those parts. ! </para> ! <programlisting> &prompt; <userinput>qvcs-install</userinput> ! </programlisting> ! </sect3> ! <sect3> ! <title>Done</title> ! <para> ! That should be it! Reboot now and once your machine comes ! up, you should be able to continue using it as if nothing ! happened. If something is not working, please send email ! to the support mailing list so your problem can be looked ! into. ! </para> ! </sect3> </sect2> <sect2> ! <title>Upgrading via a Reinstall</title> <para> ! I NEED CONTENT! </para> </sect2> --- 1615,1850 ---- </programlisting> </sect2> + </sect1> + <sect1> + <title>Upgrading Via a Reinstall</title> + <para> + Besides leaving your system nice and squeaky-clean, it also + allows you to minimize your downtime if you leave the old + system running while you install and prepare the new one. + </para> <sect2> ! <title>Preparing</title> <para> ! Before you reinstall, you will need to prepare and back up ! your data. Before you back up, perform the following ! operation (this is not mandatory, but this is better for me, ! since after the reinstall and restore the upgraded and ! reinstalled systems will be in the same state with regards ! to saved config files): </para> ! <programlisting> ! &prompt; <userinput>rpm -e vadmin php-mcrypt squirrelmail vmailmgr-php qvcs-helpers</userinput> ! </programlisting> ! <para> ! Now back up the data and store it somewhere safe. To see ! which files you should back up, refer to the ! "Backup" section of this guide -- the files are ! pretty much identical, except some of them will be missing ! on your system, since it's an earlier setup. ! </para> ! </sect2> ! <sect2> ! <title>Reinstalling</title> ! <para> ! Reinstall the machine using the "Installation" ! section of this guide. DO NOT use kickstart for this, as you ! will run into qmail username problems when you start ! restoring the data. Just install a vanilla &rhl; &ver; ! system. ! </para> ! </sect2> ! <sect2> ! <title>Restoring</title> ! <para> ! Once your fresh installation boots up, log in as root, copy ! over your backup data (a good place to put it is in ! <filename>/home</filename> since that partition usually has ! plenty of space) and then restore it over your existing ! tree. For example, if your backup is in ! <filename>/home/bak.tar.gz</filename>, you would use the ! following to restore: ! </para> ! <programlisting> ! &prompt; <userinput>cd /</userinput> ! &prompt; <userinput>tar xzvf /home/bak.tar.gz</userinput> ! </programlisting> ! <para> ! Now run <command>qvcs-init</command>: ! </para> ! <programlisting> ! &prompt; <userinput>wget &qvcsbase;/qvcs-init</userinput> ! &prompt; <userinput>sh qvcs-init</userinput> ! </programlisting> ! <para> ! It will complain loudly about creating tons of .rpmnew ! files, but that's to be expected. Once ! <command>qvcs-init</command> finishes, you should be more or ! less at the same point as if you upgraded your system, so ! proceed with migrating the configs. ! </para> ! </sect2> ! </sect1> ! <sect1> ! <title>Migrating the configs</title> ! <para> ! Several packages have changed their configurations pretty ! dramatically, most notably SquirrelMail (version change from ! 1.2 to 1.4), Vadmin (from 1.0 to 1.9), Courier-IMAP (from 1.4 ! to 2.0), and Apache (from 1.3 to 2.0). Migrating your ! configurations is going to take some effort. ! </para> ! <sect2> ! <title>Apache</title> ! <para> ! You cannot use the old httpd configs at all, so you will ! need to do the following: ! </para> ! <programlisting> &prompt; <userinput>cd /etc/httpd/conf</userinput> &prompt; <userinput>mv httpd.conf httpd.conf.old</userinput> &prompt; <userinput>mv httpd.conf.rpmnew httpd.conf</userinput> ! </programlisting> ! <para> ! If your 7.3 system was being used ! <emphasis>solely</emphasis> as a cookie-cutter &qvcs; ! install, that's all you have to do -- the rest will be taken ! care of by <command>qvcs-install</command>. If, however, you ! have been serving some things other than just webmail from ! your webserver, you will need to peruse your old apache ! configuration file and manually migrate settings from there ! to the Apache-2.0 new configuration format. ! </para> ! <note> <para> ! It is no longer necessary to add an ! <varname>Include</varname> statement for vadmin in your ! httpd.conf -- it is now done automatically in the ! <filename>/etc/httpd/conf.d</filename> directory. </para> ! </note> ! </sect2> ! <sect2> ! <title>SquirrelMail</title> ! <para> ! If you have been using any additional plugins for ! Squirrelmail that you have installed on your own, you will ! need to check if newer versions exist that are known to ! work on Squirrelmail-1.4. Other than that, you should not ! have to change anything -- configuration will be taken ! care of by <command>qvcs-install</command>. ! </para> ! <para> ! It is also worthy of mention that SquirrelMail now lives ! in <filename>/usr/share/squirrelmail</filename> instead of ! <filename>/var/www/squirrelmail</filename>, so be sure to ! make appropriate edits if you have any software (like ! extra plugins) that expect to find squirrelmail in the old ! location. ! </para> ! </sect2> ! <sect2> ! <title>Vadmin</title> ! <para> ! This one is going to take a little effort. Storage format ! has changed between 1.0 and 1.9 (2.0 beta), so a few things ! need to be taken care of before your old preferences can be ! used. ! </para> ! <para> ! First of all, go into <filename>/etc/vadmin</filename> and ! perform the following: ! </para> ! <programlisting> &prompt; <userinput>cd /etc/vadmin</userinput> &prompt; <userinput>mv apache.inc.rpmsave /etc/httpd/conf.d/vadmin.conf</userinput> ! </programlisting> ! <para> ! Now open <filename>/etc/httpd/conf.d/vadmin.conf</filename> ! in your editor and change the path in the ! <varname>Directory</varname> directive from ! <filename>/var/www/squirrelmail/plugins/vadmin</filename> to ! the new location of squirrelmail install: ! </para> ! <programlisting> <Directory "/usr/share/squirrelmail"> ! </programlisting> ! <para> ! Now do the following to set some permissions that vadmin-1.9 ! expects to find. ! </para> ! <programlisting> &prompt; <userinput>chown -R root:apache /var/lib/vadmin</userinput> &prompt; <userinput>chmod -R g+w /var/lib/vadmin</userinput> ! </programlisting> ! <para> ! Now, finally, open ! <filename>/etc/vadmin/vadmin.conf</filename> in your editor ! and change the following things: in the ! <varname>[auth]</varname> section change the ! <varname>elvis</varname> setting to reflect the real elvises ! that vadmin has defined (if you don't remember, look in ! <filename>/var/lib/vadmin/cross-admins/</filename> for any ! username files that contain "elvis" as the only ! thing in it. After that, locate a commented-out ! <varname>[upgrade]</varname> section and remove all ! semicolons to enable the upgrading of domain preferences on ! the fly. ! </para> ! </sect2> ! <sect2> ! <title>Vmailmgr</title> ! <para> ! This step is only relevant if you have reinstalled, not ! upgraded. A very small edit is needed: ! </para> ! <programlisting> ! &prompt; <userinput>cd /etc/vmailmgr</userinput> ! &prompt; <userinput>mv socket-file.rpmnew socket-file</userinput> ! </programlisting> ! </sect2> ! <sect2> ! <title>Courier-IMAP</title> ! <para> ! Only a small edit is required here as well: ! </para> ! <programlisting> &prompt; <userinput>cd /etc/courier-imap</userinput> &prompt; <userinput>mv imapd-ssl.rpmnew imapd-ssl</userinput> &prompt; <userinput>mv pop3d-ssl.rpmnew pop3d-ssl</userinput> ! </programlisting> ! </sect2> ! <sect2> ! <title>Iptables</title> ! <para> ! This step is only relevant is you have upgraded instead of ! doing a full reinstall. Firewalling software has largely ! migrated from ipchains to iptables, so do the following: ! </para> ! <programlisting> &prompt; <userinput>chkconfig ipchains off</userinput> &prompt; <userinput>chkconfig iptables on</userinput> ! </programlisting> ! </sect2> ! <sect2> ! <title>qvcs-install</title> ! <para> ! Now that you have done all of the above, you can run ! <command>qvcs-install</command> to take care of various ! little settings that are needed for &qvcs;. Every step of ! the program will ask you for confirmation before making any ! changes, so if you are sure you don't want it to touch ! certain things, you can skip those parts. ! </para> ! <programlisting> &prompt; <userinput>qvcs-install</userinput> ! </programlisting> </sect2> <sect2> ! <title>Done</title> <para> ! That should be it! Reboot now and once your machine comes ! up, you should be able to continue using it as if nothing ! happened. If something is not working, please send email to ! the support mailing list so your problem can be looked into. </para> </sect2> *************** *** 1708,1714 **** <para> <application>libmcrypt</application>: This is a set of ! encryption libraries used by vadmin plugin. Vadmin uses ! libmcrypt to encrypt the passwords before storing them on ! the hard drive for enhanced security. </para> </listitem> --- 1930,1944 ---- <para> <application>libmcrypt</application>: This is a set of ! encryption libraries used by vadmin plugin. Vadmin can ! optionally use libmcrypt to encrypt the passwords before ! storing them on the hard drive for enhanced security. By ! default it uses a builtin rc4 function. ! </para> ! </listitem> ! <listitem> ! <para> ! <application>libmcrypt-devel</application>: This package is ! not installed by default and is only provided for the sake ! of completeness. </para> </listitem> *************** *** 1728,1736 **** <listitem> <para> ! <application>vadmin</application>: Vadmin is a plugin for ! squirrelmail which makes administering vmailmgr virtual ! domains a part of squirrelmail. It has some very nice ! features like the ability to add/remove users, set quotas or ! account expiration dates, etc. </para> </listitem> --- 1958,1966 ---- <listitem> <para> ! <application>squirrelmail-vadmin</application>: Vadmin is a ! plugin for squirrelmail which makes administering vmailmgr ! virtual domains a part of squirrelmail. It has some very ! nice features like the ability to add/remove users, set ! quotas or account expiration dates, etc. </para> </listitem> *************** *** 1745,1750 **** <para> <application>qvcs-helpers</application>: This package has a ! few helper scripts which come with this guide. They will be ! explained later. </para> </listitem> --- 1975,1979 ---- <para> <application>qvcs-helpers</application>: This package has a ! few helper scripts which come with this guide. </para> </listitem> *************** *** 1754,1757 **** --- 1983,2021 ---- and installer that makes installing software and keeping your server updated very easy. + </para> + </listitem> + <listitem> + <para> + <application>bglibs</application>: This package is not + installed by default, but is needed to build several other + packages. Unless you rebuild some packages from source RPMs, + you do not need this. + </para> + </listitem> + <listitem> + <para> + <application>nano</application>: This is a small editor + written to mimic <application>pico</application> which is no + longer shipping with many systems. + </para> + </listitem> + <listitem> + <para> + <application>maildrop</application>: Part of the qvcs-filter + package set, it is used by qmail-scanner. + </para> + </listitem> + <listitem> + <para> + <application>tnef</application>: A small application that + will unpack Microsoft-style attachments. Useful for virus + and spam scanning. Part of the qvcs-filter set. + </para> + </listitem> + <listitem> + <para> + <application>qmail-scanner</application>: An alternative + qmail-queue implementation that allows invoking spamassassin + and various virus scanners. Part of the qvcs-filter package set. </para> </listitem> |
|
From: <gr...@us...> - 2003-07-10 22:26:52
|
Update of /cvsroot/qvcs-guide/qvcs-guide
In directory sc8-pr-cvs1:/tmp/cvs-serv31394
Modified Files:
qvcs-guide.xml
Log Message:
Small changes.
Index: qvcs-guide.xml
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.xml,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** qvcs-guide.xml 10 Jul 2003 04:24:29 -0000 1.7
--- qvcs-guide.xml 10 Jul 2003 22:26:49 -0000 1.8
***************
*** 888,891 ****
--- 888,892 ----
&prompt; <userinput>cd /usr/src/redhat/RPMS/i386</userinput>
&prompt; <userinput>rpm -Uvh --replacepkgs --replacefiles qmail-1.03*.rpm</userinput>
+ &prompt; <userinput>service qmail restart</userinput>
</programlisting>
<para>
***************
*** 917,921 ****
</sect2>
</sect1>
-
<sect1>
<title>Encrypted Communication (SSL)</title>
--- 918,921 ----
***************
*** 996,1009 ****
<title>Enabling SSL in Courier-IMAP</title>
<para>
! The helpful courier-imap has already generated some SSL
! certs for itself to use, but we'll need to replace them with
! the centralized one, so there is only one ssl certificate on
! the machine:
</para>
<programlisting>
! &prompt; <userinput>cd /usr/share/courier-imap</userinput>
! &prompt; <userinput>rm imapd.pem pop3d.pem</userinput>
! &prompt; <userinput>ln -s /etc/sslcert.pem imapd.pem</userinput>
! &prompt; <userinput>ln -s /etc/sslcert.pem pop3d.pem</userinput>
&prompt; <userinput>service courier-imap restart</userinput>
</programlisting>
--- 996,1003 ----
<title>Enabling SSL in Courier-IMAP</title>
<para>
! Simple enough:
</para>
<programlisting>
! &prompt; <userinput>ln -s /etc/sslcert.pem /etc/courier-imap/sslcert.pem</userinput>
&prompt; <userinput>service courier-imap restart</userinput>
</programlisting>
***************
*** 1288,1292 ****
spamassassin. The following command will reconfigure it (you
do not have to answer the yes-no questions if you run with
! --assumeyes).
</para>
<programlisting>
--- 1282,1287 ----
spamassassin. The following command will reconfigure it (you
do not have to answer the yes-no questions if you run with
! --assumeyes, even though it may look like it is waiting for
! your input).
</para>
<programlisting>
***************
*** 1409,1413 ****
If you found this Guide useful, please let me know by executing:
</para>
! <programlisting>
&prompt; <userinput>uname -a | mail qvc...@mr... -s 'Thanks'</userinput>
</programlisting>
--- 1404,1408 ----
If you found this Guide useful, please let me know by executing:
</para>
! v <programlisting>
&prompt; <userinput>uname -a | mail qvc...@mr... -s 'Thanks'</userinput>
</programlisting>
***************
*** 1475,1480 ****
Several packages have changed their configurations pretty
dramatically, most notably SquirrelMail (version change from
! 1.2 to 1.4), Vadmin (from 1.0 to 1.9), Courier-Imap (from
! 1.4 to 1.7), and Apache (from 1.3 to 2.0). Migrating your
configurations is going to take some effort.
</para>
--- 1470,1475 ----
Several packages have changed their configurations pretty
dramatically, most notably SquirrelMail (version change from
! 1.2 to 1.4), Vadmin (from 1.0 to 1.9), Courier-IMAP (from
! 1.4 to 2.0), and Apache (from 1.3 to 2.0). Migrating your
configurations is going to take some effort.
</para>
***************
*** 1573,1577 ****
look in <filename>/var/lib/vadmin/cross-admins/</filename>
for any username files that contain "elvis" as
! the only thing in them. After that, locate a commented-out
<varname>[upgrade]</varname> section and remove all
semicolons to enable the upgrading of domain preferences
--- 1568,1572 ----
look in <filename>/var/lib/vadmin/cross-admins/</filename>
for any username files that contain "elvis" as
! the only thing in it. After that, locate a commented-out
<varname>[upgrade]</varname> section and remove all
semicolons to enable the upgrading of domain preferences
***************
*** 1609,1613 ****
the program will ask you for confirmation before making
any changes, so if you are sure you don't want it to touch
! certain things, you can skip these parts.
</para>
<programlisting>
--- 1604,1608 ----
the program will ask you for confirmation before making
any changes, so if you are sure you don't want it to touch
! certain things, you can skip those parts.
</para>
<programlisting>
|
|
From: <gr...@us...> - 2003-07-10 04:24:32
|
Update of /cvsroot/qvcs-guide/qvcs-guide In directory sc8-pr-cvs1:/tmp/cvs-serv8159 Modified Files: qvcs-guide.xml Log Message: Many small stylistic fixes, plus an upgrading section. Index: qvcs-guide.xml =================================================================== RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.xml,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** qvcs-guide.xml 9 Jul 2003 03:13:58 -0000 1.6 --- qvcs-guide.xml 10 Jul 2003 04:24:29 -0000 1.7 *************** *** 10,14 **** <!ENTITY qvcsbase "http://mirror.mricon.com/qvcs-guide"> <!ENTITY prompt "<prompt>[root@mail root]#</prompt>"> - <!ENTITY gtprompt "<prompt>></prompt>"> ]> --- 10,13 ---- *************** *** 27,31 **** </authorgroup> <edition>&rhl; 9 Edition</edition> [...1153 lines suppressed...] + <title>Done</title> + <para> + That should be it! Reboot now and once your machine comes + up, you should be able to continue using it as if nothing + happened. If something is not working, please send email + to the support mailing list so your problem can be looked + into. + </para> + </sect3> + </sect2> + <sect2> + <title>Upgrading via a Reinstall</title> + <para> + I NEED CONTENT! + </para> + </sect2> + </sect1> </chapter> <!-- APPENDIXES --> |
|
From: <gr...@us...> - 2003-07-09 19:09:05
|
Update of /cvsroot/qvcs-guide/qvcs-guide
In directory sc8-pr-cvs1:/tmp/cvs-serv12768
Modified Files:
qvcs-init
Log Message:
Better dis way.
Index: qvcs-init
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-init,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** qvcs-init 7 Jul 2003 02:41:55 -0000 1.6
--- qvcs-init 9 Jul 2003 19:09:03 -0000 1.7
***************
*** 46,52 ****
echo "Getting necessary packages from mirror.linux.duke.edu"
/bin/rpm -U http://mirror.linux.duke.edu/pub/redhat/linux/9/en/os/i386/RedHat/RPMS/libxml2-2.5.4-1.i386.rpm
! if ! /bin/rpm -q libxml2-python >/dev/null; then
! /bin/rpm -U http://mirror.linux.duke.edu/pub/redhat/linux/9/en/os/i386/RedHat/RPMS/libxml2-python-2.5.4-1.i386.rpm
! fi
fi
--- 46,52 ----
echo "Getting necessary packages from mirror.linux.duke.edu"
/bin/rpm -U http://mirror.linux.duke.edu/pub/redhat/linux/9/en/os/i386/RedHat/RPMS/libxml2-2.5.4-1.i386.rpm
! fi
! if ! /bin/rpm -q libxml2-python >/dev/null; then
! /bin/rpm -U http://mirror.linux.duke.edu/pub/redhat/linux/9/en/os/i386/RedHat/RPMS/libxml2-python-2.5.4-1.i386.rpm
fi
|
|
From: <gr...@us...> - 2003-07-09 03:21:33
|
Update of /cvsroot/qvcs-guide/qvcs-guide In directory sc8-pr-cvs1:/tmp/cvs-serv15977 Removed Files: qvcs-guide.tex Log Message: bye-bye, tex. --- qvcs-guide.tex DELETED --- |
|
From: <gr...@us...> - 2003-07-09 03:14:03
|
Update of /cvsroot/qvcs-guide/qvcs-guide
In directory sc8-pr-cvs1:/tmp/cvs-serv14761
Modified Files:
qvcs-guide.xml yumgroups.xml
Log Message:
Done, except for proofing and upgrade path.
Index: qvcs-guide.xml
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.xml,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** qvcs-guide.xml 30 Jun 2003 11:42:04 -0000 1.5
--- qvcs-guide.xml 9 Jul 2003 03:13:58 -0000 1.6
***************
*** 603,609 ****
editor and locate the [auth] section. Change the
<varname>elvis</varname> parameter to reflect the virtual user
! that you have just added. For a <varname>domain</varname> add
! the domain name that you have just created using
! <command>addvirt</command>. E.g. for me that would be:
</para>
<programlisting>
--- 603,609 ----
editor and locate the [auth] section. Change the
<varname>elvis</varname> parameter to reflect the virtual user
! that you have just added. Note, that an elvis user
! <emphasis>must</emphasis> be a virtual user, or you won't be
! able to get domain editing access.
</para>
<programlisting>
***************
*** 612,616 ****
force_https = yes
elvis = albus@hogwarts.jk
- domain = hogwarts.jk
</programlisting>
</sect1>
--- 612,615 ----
***************
*** 629,633 ****
<Directory "/usr/share/squirrelmail">
SetEnv CRYPTO_HASH_LINE "Draco Dormiens Nunquam Titillandus"
! SetEnv MCRYPT_ALGO "blowfish"
</Directory>
</programlisting>
--- 628,632 ----
<Directory "/usr/share/squirrelmail">
SetEnv CRYPTO_HASH_LINE "Draco Dormiens Nunquam Titillandus"
! SetEnv MCRYPT_ALGO "rc4_builtin"
</Directory>
</programlisting>
***************
*** 635,641 ****
<para>
You can set the <varname>MCRYPT_ALGO</varname> to something
! other than "blowfish" if you
! wish. "Blowfish" is a good fast algorithm, but you
! may choose among the following:
<simplelist type="inline">
<member>blowfish</member>
--- 634,640 ----
<para>
You can set the <varname>MCRYPT_ALGO</varname> to something
! other than "rc4_builtin" if you want stronger
! encryption than rc4. "Blowfish" is a good fast
! algorithm, but you may choose among the following:
<simplelist type="inline">
<member>blowfish</member>
***************
*** 692,696 ****
deleting users, activating domains, setting quotas, etc. To
log in, surf to
! <userinput>https://mail.hogwarts.jk</userinput> and log in as
the user you have specified as "elvis" in vadmin
configuration. Once you log in, click on "options"
--- 691,695 ----
deleting users, activating domains, setting quotas, etc. To
log in, surf to
! <userinput>https://mail.hogwarts.jk/</userinput> and log in as
the user you have specified as "elvis" in vadmin
configuration. Once you log in, click on "options"
***************
*** 698,725 ****
presented somewhere on the page.
</para>
- <note>
- <para>
- If you are not seeing an "Administrator Interface"
- option, check the following two things:
- <orderedlist>
- <listitem>
- <para>
- Make sure you are logging in as the user specified as
- "elvis".
- </para>
- </listitem>
- <listitem>
- <para>
- Make sure you are logging in to the domain you have
- specified in the [auth]->domain section of
- <filename>vadmin.conf</filename>. It can be a
- subdomain -- does not really matter, but at some point
- they have to match. See "A note on DNS" in
- the previous chapter for some tips.
- </para>
- </listitem>
- </orderedlist>
- </para>
- </note>
<para>
The administrator interface starts with a login screen. Type
--- 697,700 ----
***************
*** 806,809 ****
--- 781,812 ----
</para>
</sect1>
+ <sect1>
+ <title>Automated Updates Using Yum</title>
+ <para>
+ The tool we have used for installation --
+ <application>yum</application> is an automated
+ installer/updater that is a free substitute for up2date. One
+ of the most important aspects of running a server is keeping
+ it constantly patched, so any security vulnerabilities are
+ closed as soon as Red Hat issues fixes.
+ </para>
+ <para>
+ If your installation is more or less a vanilla setup of
+ &qvcs;, then you might consider enabling automated nightly
+ updates of your system, so any errata packages are applied as
+ soon as they are released. To do so, run:
+ </para>
+ <programlisting>
+ &prompt; <userinput>chkconfig yum on</userinput>
+ &prompt; <userinput>service yum start</userinput>
+ </programlisting>
+ <para>
+ If you feel edgy about having an automated updater tool
+ running on your system, you may leave yum disabled, but then
+ please subscribe to the redhat errata notification list, so
+ you know when updates are being released. Don't let your server
+ become an internet statistic. :)
+ </para>
+ </sect1>
</chapter>
<chapter>
***************
*** 821,825 ****
piece of software, is not entirely free in terms of freedom of
use. It comes with a fairly restrictive license, which in part
! prohibits me from distributing modified versions. Due to this
restriction I am unable to ship a binary package that enables
most of the advanced features that are mentioned in this
--- 824,828 ----
piece of software, is not entirely free in terms of freedom of
use. It comes with a fairly restrictive license, which in part
! prohibits me from distributing modifications. Due to this
restriction I am unable to ship a binary package that enables
most of the advanced features that are mentioned in this
***************
*** 839,842 ****
--- 842,846 ----
</para>
<note>
+ <title>Backslashes</title>
<para>
I am using backslashes in the following set of commands to
***************
*** 929,933 ****
--- 933,1065 ----
email (SSL interface for the webmail is discussed later).
</para>
+ <para>
+ So, once you have decided on which domain name you are going
+ to use as your main SSL host, go ahead and fill out the
+ "Common Name" field in the test certificate. I'll
+ use "mail.quibbler.jk" for my examples.
+ </para>
</note>
+ <para>
+ Once you're done, you will see a
+ <filename>stunnel.pem</filename> in that directory. A good
+ place for it to be is <filename>/etc/sslcert.pem</filename> so
+ it can be easily backed up.
+ </para>
+ <programlisting>
+ &prompt; <userinput>mv stunnel.pem /etc/sslcert.pem</userinput>
+ </programlisting>
+ <sect2>
+ <title>Enabling SSL in Qmail</title>
+ <para>
+ Qmail never runs as user root, so we will need to change the
+ ownership on the ssl certificate to that of user
+ "qmaild":
+ </para>
+ <programlisting>
+ &prompt; <userinput>chown qmaild /etc/sslcert.pem</userinput>
+ &prompt; <userinput>chmod u-w /etc/sslcert.pem</userinput>
+ &prompt; <userinput>ln -s /etc/sslcert.pem /etc/qmail/control/servercert.pem</userinput>
+ &prompt; <userinput>service qmail restart</userinput>
+ </programlisting>
+ </sect2>
+ <sect2>
+ <title>Enabling SSL in Courier-IMAP</title>
+ <para>
+ The helpful courier-imap has already generated some SSL
+ certs for itself to use, but we'll need to replace them with
+ the centralized one, so there is only one ssl certificate on
+ the machine:
+ </para>
+ <programlisting>
+ &prompt; <userinput>cd /usr/share/courier-imap</userinput>
+ &prompt; <userinput>rm imapd.pem pop3d.pem</userinput>
+ &prompt; <userinput>ln -s /etc/sslcert.pem imapd.pem</userinput>
+ &prompt; <userinput>ln -s /etc/sslcert.pem pop3d.pem</userinput>
+ &prompt; <userinput>service courier-imap restart</userinput>
+ </programlisting>
+ </sect2>
+ <sect2>
+ <title>Enabling SSL in Apache</title>
+ <para>
+ Almost the exact same set of actions for Apache.
+ </para>
+ <programlisting>
+ &prompt; <userinput>cd /etc/httpd/conf</userinput>
+ &prompt; <userinput>rm ssl.crt/server.crt ssl.key/server.key</userinput>
+ &prompt; <userinput>ln -s /etc/sslcert.pem ssl.crt/server.crt</userinput>
+ &prompt; <userinput>ln -s /etc/sslcert.pem ssl.key/server.key</userinput>
+ &prompt; <userinput>service httpd restart</userinput>
+ </programlisting>
+ </sect2>
+ <sect2>
+ <title>Vadmin And SSL Enforcement</title>
+ <para>
+ You may wish to enforce SSL in vadmin, so all your clients
+ are redirected to an SSL site. Open
+ <filename>/etc/vadmin/vadmin.conf</filename> in your editor
+ and locate a commented-out section called
+ "[redirect]". Remove the semicolons and change it
+ so it looks like so:
+ </para>
+ <programlisting>
+ [redirect]
+ https = yes
+ host = mail.quibbler.jk
+ path = /
+ </programlisting>
+ <para>
+ Now if you go to mail.hogwarts.jk, it will transparently
+ redirect you to https://mail.quibbler.jk/, thus ensuring
+ that all your communication with the server is secured.
+ </para>
+ </sect2>
+ <sect2>
+ <title>Obtaining a Real SSL Certificate</title>
+ <para>
+ Depending on how serious you want to be, you might want to
+ go ahead and obtain a real SSL certificate, as sold by the
+ Certification Authorities. Obtaining an SSL certificate is
+ usually a painful and expensive process -- they run for
+ about $150 per year per hostname. Several companies provide
+ CA services; for more information go to <ulink
+ url="http://www.whichssl.com/">www.whichssl.com</ulink>. If
+ you are not worried about your clients seeing warning
+ messages in their browsers about unrecognized signing
+ authorities, then you may skip this part -- your self-signed
+ certificate is just as secure.
+ </para>
+ <para>
+ Trained monkeys working at the CA companies should be able
+ to walk you through the process once you have decided that
+ you want a real certificate and picked which company you
+ want to spend money with. Once you have the real certificate
+ made out for the domain name that you have picked, you will
+ need to make a .pem file out of the .crt and .key parts
+ (unless they can give you a .pem file in the first
+ place). This is done by simply concatenating the .crt and
+ .key files together. E.g.:
+ </para>
+ <programlisting>
+ &prompt; <userinput>cat server.key server.crt > sslcert.pem</userinput>
+ </programlisting>
+ <para>
+ If your key is protected by a passphrase, you will need to
+ remove it before making a .pem, as otherwise every time the
+ server restarts you will need to enter the passphrase
+ manually, plus qmail SSL will simply not work. To remove the
+ passphrase, perform the following actions:
+ </para>
+ <programlisting>
+ &prompt; <userinput>openssl rsa -in server.key -out nopass.key</userinput>
+ &prompt; <userinput>mv nopass.key server.key</userinput>
+ </programlisting>
+ <para>
+ Once you have the sslcert.pem file, just replace our
+ self-signed certificate in
+ <filename>/etc/sslcert.pem</filename> and restart the
+ services (qmail, courier-imap, httpd). Congratulations,
+ you've now officially sold your soul to the big business. :)
+ </para>
+ </sect2>
</sect1>
***************
*** 1025,1034 ****
</programlisting>
</sect2>
</sect1>
</chapter>
!
!
!
!
--- 1157,1392 ----
</programlisting>
</sect2>
+ <sect2>
+ <title>Authenticated SMTP</title>
+ <note>
+ <para>
+ You will need SSL enabled for Qmail in order for this to
+ work, so refer to the previous section if you haven't yet
+ done this.
+ </para>
+ </note>
+ <para>
+ Naturally, if your clients tend to travel and bring their
+ laptops with them, then specifying the allowed IP ranges is
+ not going to work. Authenticated SMTP allows relaying of
+ email messages only for people who already have accounts on
+ the server. In fact, this is the preferred way of relaying
+ these days.
+ </para>
+ <para>
+ Open <filename>/etc/xinetd.d/smtp</filename> in your
+ favorite browser and edit the server-args line so it looks
+ like so (<emphasis>NOTE: The following is all on one
+ line!</emphasis>):
+ </para>
+ <programlisting>
+ server_args = /var/qmail/bin/tcp-env -R /var/qmail/bin/qmail-smtpd mail.quibbler.jk /usr/bin/chk_vmauth
+ </programlisting>
+ <para>
+ Naturally, replace "mail.quibbler.jk" with the
+ name of your mail server (the one specified in the SSL
+ certificate). After you're done editing that file, run:
+ </para>
+ <programlisting>
+ &prompt; <userinput>service xinetd restart</userinput>
+ </programlisting>
+ </sect2>
+ </sect1>
+ <sect1>
+ <title>Email filtering</title>
+ <para>
+ This seems to be a popular request, and &qvcs; is certainly
+ capable of providing the infrastructure needed for
+ this. However, let me start with a huge warning.
+ </para>
+ <warning>
+ <title>Huge Warning</title>
+ <para>
+ Email filtering requires some <productname>VERY BEEFY
+ HARDWARE</productname>. If your mail server sees some
+ significant email traffic, and I'm talking upwards of 5-10
+ thousand emails a day, you will want to have some serious
+ iron for hardware, especially in terms of RAM and processor
+ speed. If you have less than 1G of high-speed memory, the
+ server performance will degrade significantly, and anyone
+ putting a less-than AMD/P4 2GHz for this will regret
+ their foolishness. You have been forewarned.
+ </para>
+ </warning>
+ <sect2>
+ <title>Packages</title>
+ <para>
+ You will need a set of packages for filtering email, namely
+ <application>qmail-scanner</application>. We will use yum to
+ get them.
+ </para>
+ <programlisting>
+ &prompt; <userinput>yum groupinstall "QVCS Filter"</userinput>
+ </programlisting>
+ <note>
+ <para>
+ If you have gotten yourself an unresolved dependency to
+ qmail-qmailqueue-patch, then you should've paid attention
+ to the part where I was talking about rebuilding qmail to
+ support the advanced features.
+ </para>
+ </note>
+ </sect2>
+ <sect2>
+ <title>Spamassassin</title>
+ <para>
+ Now let's enable spamassassin. Since we are using virtual
+ users, there are certain things we will need to turn off in
+ order for it not to complain. Open
+ <filename>/etc/sysconfig/spamassassin</filename> in your
+ editor and change the <varname>SPAMDOPTIONS</varname> line
+ to be the following:
+ </para>
+ <programlisting>
+ SPAMDOPTIONS="-d -c -a -x -u nobody"
+ </programlisting>
+ <para>
+ Now let's start it:
+ </para>
+ <programlisting>
+ &prompt; <userinput>chkconfig spamassassin on</userinput>
+ &prompt; <userinput>service spamassassin start</userinput>
+ </programlisting>
+ <para>
+ Now let's tell qmail-scanner that it can use
+ spamassassin. The following command will reconfigure it (you
+ don't have to answer the questions if you run with
+ --assumeyes).
+ </para>
+ <programlisting>
+ &prompt; <userinput>qmail-scanner-reconfigure --assumeyes</userinput>
+ </programlisting>
+ <para>
+ Not done yet! Now you have to edit
+ <filename>/etc/hosts.allow</filename> and change your
+ tcp-env : ALL line as follows:
+ </para>
+ <programlisting>
+ tcp-env: ALL : setenv QMAILQUEUE /var/qmail/bin/qmail-scanner-queue.pl
+ </programlisting>
+ <para>
+ Now you've done it!
+ </para>
+ </sect2>
+ <sect2>
+ <title>How to filter out spam</title>
+ <para>
+ If you now look at the headers of your email messages, you
+ will see something like this:
+ </para>
+ <programlisting>
+ Received: from luna@quibbler.jk by peeves by uid 500 with qmail-scanner-1.16
+ (spamassassin: 2.44. Clear:SA:0(0.4/5.0):.
+ Processed in 3.495582 secs); 09 Jul 2003 02:53:49 -0000
+ X-Spam-Status: No, hits=0.4 required=5.0
+ </programlisting>
+ <para>
+ The key here is the header
+ <varname>X-Spam-Status</varname>. All you have to do is
+ configure your email client to look for that header, and if
+ it contains "Yes", either move the message into
+ the Junk folder, or assign it a low priority. Simply
+ deleting messages marked as <varname>X-Spam-Status:
+ Yes</varname> is not at all advised, as any automated system
+ will have false-positives, meaning that you can lose
+ important email.
+ </para>
+ </sect2>
+ <sect2>
+ <title>Virus filtering</title>
+ <para>
+ You can also use <application>qmail-scanner</application> to
+ set up virus scanning, but that is not covered here. Feel
+ free to ask around on the lists, perhaps someone has done
+ it.
+ </para>
+ </sect2>
</sect1>
</chapter>
! <chapter>
! <title>Finalizing it all</title>
! <para>
! Your mail system is set up. If you have encountered any problems
! during the install, then consult the documentation provided with
! the misbehaving component -- it will most likely tell you whom
! to contact for support. If everything is running smoothly and
! you are happy with your system, then congratulations -- you've
! got yourself one of the best solutions for a pop-toaster out
! there.
! </para>
! <sect1>
! <title>Why this is not recommended for large systems</title>
! <para>
! The only reason this is not recommended for large systems is
! because SquirrelMail is currently not very scalable -- you
! cannot easily run it on a server farm, since both SquirrelMail
! and Vadmin save their preferences onto the HDD (a trade-off
! for not requiring a database engine). However, if you decide
! not to use SquirrelMail/Vadmin, then Qmail-VmailMgr-Courier is
! definitely a strong enough solution to be run on high-demand
! servers, but this has its own set of requirements and is not
! covered under this guide.
! </para>
! </sect1>
! <sect1>
! <title>Subsribe to the mailing lists!</title>
! <para>
! No, honestly, do so. Subscribe to the following two mailing lists:
! </para>
! <itemizedlist>
! <listitem>
! <para>
! <email>qvc...@li...</email>
! </para>
! </listitem>
! <listitem>
! <para>
! <email>qvc...@li...</email>
! </para>
! </listitem>
! </itemizedlist>
!
! <para>
! The first one will notify you when newer RPMs become
! available, and the second one will tell you of any other
! happenings. To subscribe to these lists please go to the
! qvcs-guide website, at <ulink
! url="&qvcsbase;">&qvcsbase;</ulink>.
! </para>
! </sect1>
! <sect1>
! <title>Corrections and Comments</title>
! <para>
! If you've found a mistake in this document which you would
! like to correct, or would just like to comment on something,
! please send a message to
! <email>qvc...@li...</email> so I can
! make the correction or read your comments. You may also check
! the qvcs-guide website at <ulink
! url="&qvcsbase;">&qvcsbase;</ulink> for the latest version of
! this document.
! </para>
! </sect1>
! <sect1>
! <title>Thank you and good luck! ;)</title>
! <para>
! If you found this Guide useful, please let me know by executing:
! </para>
! <programlisting>
! &prompt; <userinput>uname -a | mail ic...@du... -s 'Thanks'</userinput>
! </programlisting>
! </sect1>
! </chapter>
! <chapter>
! <title>Going from 7.3 to 9</title>
! <para>
! Lots of pain and suffering.
! </para>
! </chapter>
Index: yumgroups.xml
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/yumgroups.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** yumgroups.xml 26 Jun 2003 15:04:08 -0000 1.3
--- yumgroups.xml 9 Jul 2003 03:13:58 -0000 1.4
***************
*** 41,47 ****
</group>
<group>
! <id>qvcs-advanced</id>
! <name>QVCS Advanced</name>
! <description>Advanced QVCS packages</description>
<uservisible>true</uservisible>
<grouplist>
--- 41,47 ----
</group>
<group>
! <id>qvcs-filter</id>
! <name>QVCS Filter</name>
! <description>QVCS packages needed for Email Filtering</description>
<uservisible>true</uservisible>
<grouplist>
|
|
From: <gr...@us...> - 2003-07-07 02:42:52
|
Update of /cvsroot/qvcs-guide/qvcs-guide/helpers In directory sc8-pr-cvs1:/tmp/cvs-serv8941 Modified Files: qvcs-helpers.spec Log Message: Require mod_ssl. Index: qvcs-helpers.spec =================================================================== RCS file: /cvsroot/qvcs-guide/qvcs-guide/helpers/qvcs-helpers.spec,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** qvcs-helpers.spec 25 Jun 2003 00:54:11 -0000 1.7 --- qvcs-helpers.spec 7 Jul 2003 02:42:49 -0000 1.8 *************** *** 15,19 **** BuildArch: noarch Requires: qmail vmailmgr courier-imap lokkit squirrelmail-vadmin ! Requires: shadow-utils %description --- 15,19 ---- BuildArch: noarch Requires: qmail vmailmgr courier-imap lokkit squirrelmail-vadmin ! Requires: shadow-utils mod_ssl %description |
|
From: <gr...@us...> - 2003-07-07 02:42:31
|
Update of /cvsroot/qvcs-guide/qvcs-guide In directory sc8-pr-cvs1:/tmp/cvs-serv8918 Modified Files: qvcs-9.ks Log Message: Clean up after we're done. Index: qvcs-9.ks =================================================================== RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-9.ks,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** qvcs-9.ks 25 Jun 2003 22:41:33 -0000 1.3 --- qvcs-9.ks 7 Jul 2003 02:42:28 -0000 1.4 *************** *** 64,65 **** --- 64,67 ---- echo "Installing the QVCS group" /usr/bin/yum -y groupinstall QVCS + echo "Cleaning up" + /usr/bin/yum -y clean packages |
|
From: <gr...@us...> - 2003-07-07 02:41:58
|
Update of /cvsroot/qvcs-guide/qvcs-guide In directory sc8-pr-cvs1:/tmp/cvs-serv8795 Modified Files: qvcs-init Log Message: Clean after we're done. Index: qvcs-init =================================================================== RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-init,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** qvcs-init 25 Jun 2003 01:23:59 -0000 1.5 --- qvcs-init 7 Jul 2003 02:41:55 -0000 1.6 *************** *** 59,62 **** --- 59,65 ---- echo "Installing the QVCS group" /usr/bin/yum -y groupinstall QVCS + echo + echo "Cleaning up" + /usr/bin/yum -y clean packages echo |
|
From: <gr...@us...> - 2003-06-30 11:42:08
|
Update of /cvsroot/qvcs-guide/qvcs-guide
In directory sc8-pr-cvs1:/tmp/cvs-serv9233
Modified Files:
qvcs-guide.xml
Log Message:
Some stuff.
Index: qvcs-guide.xml
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** qvcs-guide.xml 27 Jun 2003 02:26:01 -0000 1.4
--- qvcs-guide.xml 30 Jun 2003 11:42:04 -0000 1.5
***************
*** 28,32 ****
<edition>&rhl; 9 Edition</edition>
<pubdate>TBA</pubdate>
! <releaseinfo>1.90</releaseinfo>
<copyright>
<year>2001-2003</year>
--- 28,32 ----
<edition>&rhl; 9 Edition</edition>
<pubdate>TBA</pubdate>
! <releaseinfo>Version: 1.90</releaseinfo>
<copyright>
<year>2001-2003</year>
***************
*** 880,884 ****
<para>
Once this step is done, you are ready to configure the
! advanced features of &qvcs;
</para>
</sect2>
--- 880,884 ----
<para>
Once this step is done, you are ready to configure the
! advanced features of &qvcs;.
</para>
</sect2>
***************
*** 888,893 ****
<title>Encrypted Communication (SSL)</title>
<para>
! I AM HERE
</para>
</sect1>
--- 888,933 ----
<title>Encrypted Communication (SSL)</title>
<para>
! You will most likely want to configure the SSL on your newly
! installed machine. It is already enabled for the most part,
! but not at all configured. First thing you will need is an SSL
! certificate.
! </para>
! <para>
! Let's first of all create a test certificate to practice
! on. Perform the following actions:
! </para>
! <programlisting>
! &prompt; <userinput>cd /usr/share/ssl/certs</userinput>
! &prompt; <userinput>make stunnel.pem</userinput>
! </programlisting>
! <para>
! The program will ask you some questions, the most important of
! which is "Common Name". That would be the host name
! of your server, but before we do that, let's have a bit of a
! segue.
</para>
+ <note>
+ <title>SSL And Virtual Hosts</title>
+ <para>
+ Doing SSL on virtual hosts is tricky because the client
+ machine will check whether the hostname of the server
+ matches the "common name" listed in the
+ certificate it provides during the "SSL
+ Handshake". If these two do not match, the client will
+ either drop the connection, or present the user with a very
+ large, very obnoxious, and very visible SSL certificate
+ warning.
+ </para>
+ <para>
+ The solution is to pick a consistent host name for your
+ mailserver that would both be convenient and reflect upon
+ your company as the provider of the service. I.e. if you are
+ known as "The Quibbler Data Express", you will
+ want to make "mail.quibbler.jk" as the common name
+ for your SSL certificate. This is the address you will give
+ out to all your clients for their outgoing and incoming
+ email (SSL interface for the webmail is discussed later).
+ </para>
+ </note>
</sect1>
|
|
From: <gr...@us...> - 2003-06-27 02:26:04
|
Update of /cvsroot/qvcs-guide/qvcs-guide In directory sc8-pr-cvs1:/tmp/cvs-serv1637 Modified Files: qvcs-guide.xml Log Message: Night's work. Index: qvcs-guide.xml =================================================================== RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.xml,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** qvcs-guide.xml 26 Jun 2003 21:55:46 -0000 1.3 --- qvcs-guide.xml 27 Jun 2003 02:26:01 -0000 1.4 *************** *** 10,17 **** --- 10,19 ---- <!ENTITY qvcsbase "http://mirror.mricon.com/qvcs-guide"> <!ENTITY prompt "<prompt>[root@mail root]#</prompt>"> + <!ENTITY gtprompt "<prompt>></prompt>"> ]> <book> <bookinfo> + <!-- $Id$ --> <title> POP-Toaster using Qmail, Vmailmgr, Courier, and Squirrelmail *************** *** 25,30 **** </authorgroup> <edition>&rhl; 9 Edition</edition> ! <pubdate>$Date$</pubdate> ! <releaseinfo>$Revision$</releaseinfo> <copyright> <year>2001-2003</year> --- 27,32 ---- </authorgroup> <edition>&rhl; 9 Edition</edition> ! <pubdate>TBA</pubdate> ! <releaseinfo>1.90</releaseinfo> <copyright> <year>2001-2003</year> *************** *** 732,736 **** </sect1> <sect1> ! <title>Admins and Admins</title> <para> There are three levels of admins in Vadmin. There is a --- 734,738 ---- </sect1> <sect1> ! <title>Elvises, Admins, Cross-Admins, Oh My!</title> <para> There are three levels of admins in Vadmin. There is a *************** *** 805,808 **** --- 807,994 ---- </sect1> </chapter> + <chapter> + <title>Advanced Configuration</title> + <para> + At this point you have a system that provides the skeleton of a + full email solution. However, you will probably want to take + this further and add some features useful for a modern email + service. + </para> + <sect1> + <title>Life with Qmail</title> + <para> + <application>Qmail</application>, although an open-source + piece of software, is not entirely free in terms of freedom of + use. It comes with a fairly restrictive license, which in part + prohibits me from distributing modified versions. Due to this + restriction I am unable to ship a binary package that enables + most of the advanced features that are mentioned in this + section. There is no solution, only a workaround. + </para> + <sect2> + <title>Rebuilding the Source RPM</title> + <para> + Thankfully, I am not prohibited from shipping a source RPM, + so you will need to perform the following steps in order to + get yourself a nice qmail package with useful features + enabled. + </para> + <para> + The process of rebuilding the RPM involves the following + steps: + </para> + <note> + <para> + I am using backslashes in the following set of commands to + make them fit sanely on a printed page. When you perform + these steps, it is not necessary to use the backslashes, + just continue typing everything on one line. + </para> + </note> + <programlisting> + &prompt; <userinput>wget &qvcsbase;/qmail.src.rpm</userinput> + &prompt; <userinput>yum install rpm-build gcc openssl-devel</userinput> + &prompt; <userinput>rpmbuild --rebuild --define 'qmailq 1' \</userinput> + >prompt; <userinput>--define 'smtpauth 1' --define 'bigdns 1' \</userinput> + >prompt; <userinput>qmail.src.rpm</userinput> + &prompt; <userinput>cd /usr/src/redhat/RPMS/i386</userinput> + &prompt; <userinput>rpm -Uvh --replacepkgs --replacefiles \</userinput> + >prompt; <userinput>qmail-1.03*.rpm qmail-initscripts*.rpm</userinput> + </programlisting> + <para> + "Yum install" step is going to be a bit of a + download, so prepare to be patient. Once all these steps are + complete, you have successfully installed a modified version + of qmail, necessary for the advanced configurations. + </para> + </sect2> + <sect2> + <title>Disabling automated qmail updates in yum</title> + <para> + You will want to disable automatic updates of qmail in yum, + otherwise the next time I push out a newer version of qmail, + it will override your custom-built binary. To do that, open + <filename>/etc/yum.conf</filename> in your editor, and add + the following line in the <varname>[main]</varname> section + right under "distroverpkg=redhat-release": + </para> + <programlisting> + ... + distroverpkg=redhat-release + <userinput>exclude=qmail qmail-initscripts</userinput> + </programlisting> + <para> + Once this step is done, you are ready to configure the + advanced features of &qvcs; + </para> + </sect2> + </sect1> + + <sect1> + <title>Encrypted Communication (SSL)</title> + <para> + I AM HERE + </para> + </sect1> + + <sect1> + <title>Selective Relaying</title> + <para> + Selective relaying is a method of allowing certain + "trusted" incoming email messages to be sent further + along to their final destination. You don't want + <emphasis>ALL</emphasis> messages to be relayed, as that would + quickly make your server the target for relaying spam, but you + might want to enable this for your clients. If you want your + users to be able to use your mailserver when they send + outgoing email (not just via the webmail interface, that is), + read this part. + </para> + <sect2> + <title>Origin-based relaying</title> + <para> + Let's say you have a certain range of IP addresses that your + users send email from. This range of addresses is therefore + a "trusted subnet" and we can configure our + mailserver to accept email from this origin without any + further questioning and relay the messages to wherever they + need to go. + </para> + <para> + We will use tcp wrappers for selective relaying. Open the + <filename>/etc/hosts.allow</filename> file in your editor: it + should currently have the following entries: + </para> + <programlisting> + tcp-env: 127.0.0.1 : setenv RELAYCLIENT + tcp-env: ALL + </programlisting> + <para> + Let's say that we want everyone from our trusted network to + send their outgoing e-mail through our mailserver. If our + trusted network is <varname>192.168.1.0/24</varname>, then + we would change <filename>/etc/hosts.allow</filename> as + follows: + </para> + <programlisting> + tcp-env: 127.0.0.1 192.168.1. : setenv RELAYCLIENT + tcp-env: ALL + </programlisting> + <para> + If we only had a fraction of class C, we could change it as + follows: + </para> + <programlisting> + tcp-env: 127.0.0.1 192.168.1.0/255.255.255.128 : setenv RELAYCLIENT + tcp-env: ALL + </programlisting> + <para> + or, we could limit it by domain name, like so: + </para> + <programlisting> + tcp-env: 127.0.0.1 .hogwarts.jk : setenv RELAYCLIENT + tcp-env: ALL + </programlisting> + <para> + This would mean that any host with IP address resolving to + "somehost.hogwarts.jk" would be allowed to relay + e-mail. + </para> + <para> + If you have a lot of relaying rules, keeping them all on one + line might get tedious. In this case you may create a + separate file with all the allowed hosts and networks in + it. For example, put all your rules in the file + <filename>/etc/relay.rules</filename>, so it contains + something like this: + </para> + <programlisting> + 127.0.0.1 + .hogwarts.jk + 192.168.1.0/255.255.255.128 + rosmerta.hogsmeade.jk + </programlisting> + <para> + and change <filename>/etc/hosts.allow</filename> to contain + the following entries: + </para> + <programlisting> + tcp-env: /etc/relay.rules : setenv RELAYCLIENT + tcp-env: ALL + </programlisting> + <para> + For more information about various patterns read the manual + page for tcp wrappers. You can view it by executing: + </para> + <programlisting> + &prompt; <userinput>man hosts.allow</userinput> + </programlisting> + </sect2> + </sect1> + </chapter> + + + + |
|
From: <gr...@us...> - 2003-06-26 21:57:34
|
Update of /cvsroot/qvcs-guide/qvcs-guide
In directory sc8-pr-cvs1:/tmp/cvs-serv1029
Modified Files:
qvcs-guide.xml
Log Message:
Day's work.
Index: qvcs-guide.xml
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** qvcs-guide.xml 25 Jun 2003 22:41:33 -0000 1.2
--- qvcs-guide.xml 26 Jun 2003 21:55:46 -0000 1.3
***************
*** 463,467 ****
<para>
If you are on a slow network, or are not comfortable with
! using kicstart installations, you may use &rhl; &ver;
distribution CDs to install your &qvcs; pop-toaster.
</para>
--- 463,467 ----
<para>
If you are on a slow network, or are not comfortable with
! using kickstart installations, you may use &rhl; &ver;
distribution CDs to install your &qvcs; pop-toaster.
</para>
***************
*** 469,476 ****
The install process is simple enough. Just follow the setup
process, paying attention to the partitioning scheme we have
! discussed above, and when it gets to package installation
! select "Custom" and then <emphasis>uncheck all
! groups in the selection screen</emphasis>. For this
! installation we only want the core of the operating system.
</para>
<para>
--- 469,476 ----
The install process is simple enough. Just follow the setup
process, paying attention to the partitioning scheme we have
! discussed above. When it gets to package installation select
! "Custom" and then <emphasis>uncheck all groups in
! the selection screen</emphasis>. For this installation we
! only want the core of the operating system.
</para>
<para>
***************
*** 489,638 ****
</para>
<para>
! Once <application>qvcs-init</application> finishes, reboot
! the machine so unneeded services can be removed and
! necessary ones started. Once your machine comes back up,
! both kickstarted and manual installations should be at the
! same point.
</para>
</sect2>
</sect1>
<sect1>
- <title>Romantic getaway</title>
- <para>
- Let me explain in more detail what we just installed. There
- are overall 14 packages that constitute the qvcs system:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <application>qmail</application>: This is the package with
- all main qmail binaries. Qmail is an
- <acronym>MTA</acronym> and <acronym>MDA</acronym>, which
- stands for "Mail Transport Agent" and "Mail
- Delivery Agent". It was written with security in mind
- and hasn't had a single security exploit in many
- years. Moreover, the author of this package has set up a
- prize of $1000 to anyone who can find a security flaw in
- qmail -- this prize has gone unclaimed in years.
- <footnote>
- <para>
- Just in case you are wondering: yes, I do have a
- permission to distribute this rpm. See <command>rpm
- -qi qmail</command> for more information.
- </para>
- </footnote>
- </para>
- </listitem>
- <listitem>
- <para>
- <application>qmail-initscripts</application>: This package
- contains initialization and xinetd scripts for qmail,
- written specifically for &rhl;.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>courier-imap</application>: Courier-Imap is a
- very well-done IMAP server which was written specifically
- to work with "Maildir" mail storage system used
- by qmail. It is very fast, very standards compliant, and
- takes very little space in your computer's memory.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>vmailmgr</application>: This is the Virtual
- Mail Manager for qmail -- it is also an
- <acronym>MDA</acronym> and allows you to have
- "virtual" e-mail users without giving said users
- shell access on your system, which can often lead to
- security compromises.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>vmailmgr-courier-imap</application>: This
- small package adds an authentication module to
- courier-imap which allows it to work with virtual users
- set up by vmailmgr.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>vmailmgr-daemon</application>: A small
- package containing a special binary which lets vmailmgrd
- communicate with other daemons, like perl or php in our
- case.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>ucspi-unix</application>: This is a support
- package for vmailmgr-daemon and allows creating UNIX
- sockets on the system for communication between daemons.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>libmcrypt</application>: This is a set of
- encryption libraries used by vadmin plugin. Vadmin uses
- libmcrypt to encrypt the passwords before storing them on
- the hard drive for enhanced security.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>php-mcrypt</application>: A shared library
- file which ties libmcrypt to php and provides php
- encryption functions.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>squirrelmail</application>: This is a great
- IMAP-based php webmail system.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>vadmin</application>: Vadmin is a plugin for
- squirrelmail which makes administering vmailmgr virtual
- domains a part of squirrelmail. It has some very nice
- features like the ability to add/remove users, set quotas
- or account expiration dates, etc.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>qmail-autoresponder</application>: This
- package allows setting up autoresponders through the
- squirrelmail (vadmin) interface.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>qvcs-helpers</application>: This package has
- a few helper scripts which come with this guide. They will
- be explained later.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>yum</application>: This is an automated
- updater and installer that makes installing software and
- keeping your server updated very easy.
- </para>
- </listitem>
- </itemizedlist>
- <para>
- And no, the title of this section doesn't have anything to do
- with any of it. It simply states what I would rather be doing
- right now instead of writing this guide. :)
- </para>
- </sect1>
- <sect1>
<title>QVCS-install</title>
<para>
! After the initial installation is completed, we need to run
<command>qvcs-install</command> in order to configure the
system for our purposes.
--- 489,501 ----
</para>
<para>
! Once <application>qvcs-init</application> finishes, you
! should be at the same point as after the kickstart install.
</para>
</sect2>
</sect1>
<sect1>
<title>QVCS-install</title>
<para>
! Now, after the core of &qvcs; is installed, we need to run
<command>qvcs-install</command> in order to configure the
system for our purposes.
***************
*** 646,650 ****
best thing about it is the fact that it will save backup
copies of the files it overwrites into
! <filename>/var/lib/qvcs-install</filename> so you can always
restore old configurations if you find it necessary.
</para>
--- 509,513 ----
best thing about it is the fact that it will save backup
copies of the files it overwrites into
! <filename>/var/lib/qvcs</filename> so you can always
restore old configurations if you find it necessary.
</para>
***************
*** 679,683 ****
<para>
The first virtual domain requires some effort, but only
! relatively to the others. Here is how we would proceed.
</para>
<note>
--- 542,546 ----
<para>
The first virtual domain requires some effort, but only
! relative to the others. Here is how to go about it.
</para>
<note>
***************
*** 711,717 ****
command you will need to use the username reported by the
resulting command instead of "hogwarts_jk" (usually
! it just subsitutes all dots for underscores in the domain to
! arrive at the username). Oh, and make it something other than
! "albus."
</para>
<programlisting>
--- 574,580 ----
command you will need to use the username reported by the
resulting command instead of "hogwarts_jk" (usually
! it just subsitutes all dots for underscores in the domain name
! to arrive at the username). Oh, and make it something other
! than "albus," of course.
</para>
<programlisting>
***************
*** 719,727 ****
<prompt>[hogwarts_jk@mail hogwarts_jk]$ </prompt><userinput>vadduser albus</userinput>
<prompt>[hogwarts_jk@mail hogwarts_jk]$ </prompt><userinput>exit</userinput>
- &prompt; <userinput>service qmail restart</userinput>
</programlisting>
</sect1>
<sect1>
! <title>Editing <filename>vadmin.conf</filename></title>
<tip>
<para>
--- 582,589 ----
<prompt>[hogwarts_jk@mail hogwarts_jk]$ </prompt><userinput>vadduser albus</userinput>
<prompt>[hogwarts_jk@mail hogwarts_jk]$ </prompt><userinput>exit</userinput>
</programlisting>
</sect1>
<sect1>
! <title>Editing <filename>/etc/vadmin/vadmin.conf</filename></title>
<tip>
<para>
***************
*** 741,745 ****
that you have just added. For a <varname>domain</varname> add
the domain name that you have just created using
! "addvirt". E.g. for me that would be:
</para>
<programlisting>
--- 603,607 ----
that you have just added. For a <varname>domain</varname> add
the domain name that you have just created using
! <command>addvirt</command>. E.g. for me that would be:
</para>
<programlisting>
***************
*** 751,754 ****
--- 613,937 ----
</programlisting>
</sect1>
+ <sect1>
+ <title>Editing <filename>/etc/httpd/conf.d/vadmin.conf</filename></title>
+ <para>
+ This apache include file provides a secret hash string that
+ will be used to encrypt your vadmin data. Right now it says
+ "LLAMA" but go ahead and change it to something
+ other than that. It can be any string of any length and
+ contain any characters as long as they aren't quotes. Lines
+ from your favorite songs or books are a good choice. For
+ example:
+ </para>
+ <programlisting>
+ <Directory "/usr/share/squirrelmail">
+ SetEnv CRYPTO_HASH_LINE "Draco Dormiens Nunquam Titillandus"
+ SetEnv MCRYPT_ALGO "blowfish"
+ </Directory>
+ </programlisting>
+ <tip>
+ <para>
+ You can set the <varname>MCRYPT_ALGO</varname> to something
+ other than "blowfish" if you
+ wish. "Blowfish" is a good fast algorithm, but you
+ may choose among the following:
+ <simplelist type="inline">
+ <member>blowfish</member>
+ <member>twofish</member>
+ <member>tripledes</member>
+ <member>gost</member>
+ <member>serpent</member>
+ </simplelist>, and others. Consult libmcrypt documentation
+ for more info.
+ </para>
+ </tip>
+ </sect1>
+ <sect1>
+ <title>Reboot</title>
+ <para>
+ Well, you're done! Reboot to enable the new configurations.
+ </para>
+ <programlisting>
+ &prompt; <userinput>reboot</userinput>
+ </programlisting>
+ </sect1>
+ <sect1>
+ <title>A note on DNS</title>
+ <para>
+ DNS is not covered in this guide, but it would be as easy as
+ pointing "mail.hogwarts.jk" to the IP address of
+ your server. Same goes for all other mail.domainname.com
+ settings -- as long as you point them at the IP address of
+ your brand new &qvcs; system, you are set. Oh, and, of course,
+ don't forget to <command>addvirt</command> them.
+ </para>
+ <tip>
+ <para>
+ If you are just playing around with your system and don't
+ feel like mucking with DNS quite yet, you can edit the
+ resolver on your local computer to point to a certain IP
+ address so your browser knows where to go. In Linux/UN*X
+ this would be in <filename>/etc/hosts</filename>, while for
+ windows the file is somewhere in
+ <filename>C:\WINDOWS\system32</filename>. Google for
+ "<userinput>/etc/hosts windows</userinput>" for
+ more information.
+ </para>
+ </tip>
+ </sect1>
</chapter>
+ <chapter>
+ <title>Administering your system</title>
+ <sect1>
+ <title>Logging in to Vadmin</title>
+ <para>
+ <application>Vadmin Plugin for Squirrelmail</application> is a
+ tool written to simplify mundane tasks such as adding and
+ deleting users, activating domains, setting quotas, etc. To
+ log in, surf to
+ <userinput>https://mail.hogwarts.jk</userinput> and log in as
+ the user you have specified as "elvis" in vadmin
+ configuration. Once you log in, click on "options"
+ and find the "Administrator Interface" link
+ presented somewhere on the page.
+ </para>
+ <note>
+ <para>
+ If you are not seeing an "Administrator Interface"
+ option, check the following two things:
+ <orderedlist>
+ <listitem>
+ <para>
+ Make sure you are logging in as the user specified as
+ "elvis".
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Make sure you are logging in to the domain you have
+ specified in the [auth]->domain section of
+ <filename>vadmin.conf</filename>. It can be a
+ subdomain -- does not really matter, but at some point
+ they have to match. See "A note on DNS" in
+ the previous chapter for some tips.
+ </para>
+ </listitem>
+ </orderedlist>
+ </para>
+ </note>
+ <para>
+ The administrator interface starts with a login screen. Type
+ in your mailbox password (the same password you used to log in
+ to <application>Squirrelmail</application>). The next screen
+ will prompt you for the domain password -- it's the one you
+ used when creating the virtual domain using the
+ <command>addvirt</command> command. Once you submit the
+ password, it will be stored on the server in an encrypted
+ format.
+ </para>
+ </sect1>
+ <sect1>
+ <title>Admins and Admins</title>
+ <para>
+ There are three levels of admins in Vadmin. There is a
+ superuser (lovingly referred to as "elvis"),
+ cross-admins, and "lowly" admins. Here are the main
+ differences.
+ </para>
+ <sect2>
+ <title>Elvis</title>
+ <para>
+ Elvis has access to all virtual domains configured on the
+ system -- it's the "root" in terms of system
+ accounts. Elvis is also the only user who can administer
+ cross-admins.
+ </para>
+ </sect2>
+ <sect2>
+ <title>Cross-admins</title>
+ <para>
+ Cross-admins are users who can administer more than one
+ domain, just in case you have users who own
+ several. Cross-admin setup tools in Vadmin allow you to set
+ up who these users are and which domains they have access
+ to.
+ </para>
+ </sect2>
+ <sect2>
+ <title>Lowly Admins</title>
+ <para>
+ This is the lowest form of administrators -- they can only
+ administer one domain -- their own. You can give a user
+ administator privileges by checking "can administer
+ this domain" in the "edit user" screen.
+ </para>
+ </sect2>
+ </sect1>
+ <sect1>
+ <title>Domain Limits</title>
+ <para>
+ This version of Vadmin introduces the option to limit how much
+ control lower admins have over certain domains. For example,
+ you as elvis can specify how many mailboxes there are allowed
+ in a domain, how much maximum quota a user can have, how many
+ messages they are allowed to have in their inbox, etc. There
+ are two levels of domain limits -- the ones set up by an
+ elvis, and another set up by a cross-administrator. The latter
+ cannot override the master limits as specified by the
+ superuser.
+ </para>
+ </sect1>
+ <sect1>
+ <title>Root Email</title>
+ <para>
+ We need to set up the address for root, otherwise important
+ system messages will go into the bit bucket. To do this, edit
+ <filename>/etc/aliases.qmail</filename> and uncomment the last
+ line, changing "mark" to some real address. Then do
+ the following:
+ </para>
+ <programlisting>
+ &prompt; <userinput>ln -s /etc/aliases.qmail /etc/aliases</userinput>
+ &prompt; <userinput>newaliases</userinput>
+ </programlisting>
+ <para>
+ Remember to run <command>newaliases</command> every time you
+ edit <filename>/etc/aliases</filename>, otherwise the system
+ will be unaware of the changes. Also note that
+ <filename>/etc/aliases</filename> can only be used for real
+ users, not virtual users. Use vadmin to set up the aliases and
+ forwards for the latter.
+ </para>
+ </sect1>
+ </chapter>
+
+
+ <!-- APPENDIXES -->
+ <appendix>
+ <title>Description of Packages</title>
+ <para>
+ Let me explain in more detail what we just installed. There
+ are overall 14 packages that constitute the qvcs system:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <application>qmail</application>: This is the package with
+ all main qmail binaries. Qmail is an <acronym>MTA</acronym>
+ and <acronym>MDA</acronym>, which stands for "Mail
+ Transport Agent" and "Mail Delivery
+ Agent". It was written with security in mind and hasn't
+ had a single security exploit in many years. Moreover, the
+ author of this package has set up a prize of $1000 to anyone
+ who can find a security flaw in qmail -- this prize has gone
+ unclaimed in years.
+ <footnote>
+ <para>
+ Just in case you are wondering: yes, I do have a
+ permission to distribute this rpm. See <command>rpm -qi
+ qmail</command> for more information.
+ </para>
+ </footnote>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>qmail-initscripts</application>: This package
+ contains initialization and xinetd scripts for qmail,
+ written specifically for &rhl;.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>courier-imap</application>: Courier-Imap is a
+ very well-done IMAP server which was written specifically to
+ work with "Maildir" mail storage system used by
+ qmail. It is very fast, very standards compliant, and takes
+ very little space in your computer's memory.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>vmailmgr</application>: This is the Virtual
+ Mail Manager for qmail -- it is also an
+ <acronym>MDA</acronym> and allows you to have
+ "virtual" e-mail users without giving said users
+ shell access on your system, which can often lead to
+ security compromises.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>vmailmgr-courier-imap</application>: This small
+ package adds an authentication module to courier-imap which
+ allows it to work with virtual users set up by vmailmgr.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>vmailmgr-daemon</application>: A small package
+ containing a special binary which lets vmailmgrd communicate
+ with other daemons, like perl or php in our case.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>ucspi-unix</application>: This is a support
+ package for vmailmgr-daemon and allows creating UNIX sockets
+ on the system for communication between daemons.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>libmcrypt</application>: This is a set of
+ encryption libraries used by vadmin plugin. Vadmin uses
+ libmcrypt to encrypt the passwords before storing them on
+ the hard drive for enhanced security.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>php-mcrypt</application>: A shared library file
+ which ties libmcrypt to php and provides php encryption
+ functions.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>squirrelmail</application>: This is a great
+ IMAP-based php webmail system.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>vadmin</application>: Vadmin is a plugin for
+ squirrelmail which makes administering vmailmgr virtual
+ domains a part of squirrelmail. It has some very nice
+ features like the ability to add/remove users, set quotas or
+ account expiration dates, etc.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>qmail-autoresponder</application>: This package
+ allows setting up autoresponders through the squirrelmail
+ (vadmin) interface.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>qvcs-helpers</application>: This package has a
+ few helper scripts which come with this guide. They will be
+ explained later.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>yum</application>: This is an automated updater
+ and installer that makes installing software and keeping
+ your server updated very easy.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </appendix>
</book>
|
|
From: <gr...@us...> - 2003-06-26 18:32:34
|
Update of /cvsroot/qvcs-guide/qvcs-guide
In directory sc8-pr-cvs1:/tmp/cvs-serv30430
Modified Files:
qvcs-guide.tex
Log Message:
Grrr.
Index: qvcs-guide.tex
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.tex,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** qvcs-guide.tex 25 Jun 2003 22:41:33 -0000 1.2
--- qvcs-guide.tex 26 Jun 2003 18:32:31 -0000 1.3
***************
*** 1,5043 ****
! \FOT{3}\Seq%
! {\def\PageNumberFormat%
! {1}\def\PageNumberRestart%
! {0}\def\PageTwoSide%
! {1}\def\TwoSideStartOnRight%
! {1}\def\PageNColumns%
! {1}\def\PageColumnSep%
! {14.4\p@}\def\PageBalanceColumns%
! {0}\def\WritingMode%
! {lefttoright}\def\InputWhitespaceTreatment%
[...6207 lines suppressed...]
! Make sure the signatures verify. If they do, then run:
!
! \begin{verbatim}
! [root@mail root]# rpm -Uvh php-mcrypt-*.rpm vadmin-*.rpm
! [root@mail root]# rpm -Fvh *.rpm
! [root@mail root]# cd /etc
! [root@mail root]# tar xzvf vadmin.tar.gz
! [root@mail root]# rm vadmin.tar.gz
! [root@mail root]# alternatives --auto mta
! \end{verbatim}
!
! If it worked, remember to offer a sacrifice to the GNU gods by
! microwaving a Windows XP CD. :)
!
! %%%% FDL %%%%
!
! \pagebreak
! \input{fdl.tex}
!
! \end{document}
|
|
From: <gr...@us...> - 2003-06-26 15:41:41
|
Update of /cvsroot/qvcs-guide/qvcs-guide
In directory sc8-pr-cvs1:/tmp/cvs-serv27254
Modified Files:
yumgroups.xml
Log Message:
Removing advanced devel.
Index: yumgroups.xml
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/yumgroups.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** yumgroups.xml 26 Jun 2003 15:02:15 -0000 1.2
--- yumgroups.xml 26 Jun 2003 15:04:08 -0000 1.3
***************
*** 54,69 ****
</packagelist>
</group>
- <group>
- <id>qvcs-advanced-devel</id>
- <name>QVCS Advanced Development</name>
- <description>Advanced QVCS Development</description>
- <uservisible>true</uservisible>
- <grouplist>
- <groupreq>qvcs-base</groupreq>
- <groupreq>qvcs-advanced</groupreq>
- </grouplist>
- <packagelist>
- <packagereq type="default">maildrop-devel</packagereq>
- </packagelist>
- </group>
</comps>
--- 54,56 ----
|
|
From: <gr...@us...> - 2003-06-26 15:08:12
|
Update of /cvsroot/qvcs-guide/qvcs-guide
In directory sc8-pr-cvs1:/tmp/cvs-serv26950
Modified Files:
yumgroups.xml
Log Message:
Adding nano.
Index: yumgroups.xml
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/yumgroups.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** yumgroups.xml 24 Jun 2003 20:34:24 -0000 1.1
--- yumgroups.xml 26 Jun 2003 15:02:15 -0000 1.2
***************
*** 24,27 ****
--- 24,28 ----
<packagereq type="default">qmail-autoresponder</packagereq>
<packagereq type="default">yum</packagereq>
+ <packagereq type="optional">nano</packagereq>
</packagelist>
</group>
|
|
From: <gr...@us...> - 2003-06-25 22:41:37
|
Update of /cvsroot/qvcs-guide/qvcs-guide
In directory sc8-pr-cvs1:/tmp/cvs-serv2547
Modified Files:
qvcs-9.ks qvcs-guide.tex qvcs-guide.xml
Log Message:
Day's work.
Index: qvcs-9.ks
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-9.ks,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** qvcs-9.ks 25 Jun 2003 14:13:40 -0000 1.2
--- qvcs-9.ks 25 Jun 2003 22:41:33 -0000 1.3
***************
*** 19,23 ****
authconfig --enableshadow --enablemd5
bootloader --location=mbr
- #reboot
%packages
--- 19,22 ----
Index: qvcs-guide.tex
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.tex,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** qvcs-guide.tex 25 Jun 2003 03:57:21 -0000 1.1
--- qvcs-guide.tex 25 Jun 2003 22:41:33 -0000 1.2
***************
*** 1,1192 ****
! \documentclass{article}
! \usepackage{rcs}
! \usepackage{url}
! \RCS $Date$
! \RCS $Revision$
! \RCS $Author$
!
! \usepackage{fancyheadings}
! \pagestyle{fancy}
! \cfoot{\small{Revision \RCSRevision{}, as of \RCSDate{} by \RCSAuthor{}}}
[...6207 lines suppressed...]
! {323}}\Par%
! {\def\fSize%
! {9\p@}\def\LineSpacing%
! {9.9\p@}\def\LineSpacingFactor%
! {0}\def\StartIndent%
! {48\p@}\def\StartIndentFactor%
! {0}\def\fFamName{Courier-New}\def\fWeight%
! {medium}\def\fPosture%
! {upright}\def\FirstLineStartIndent%
! {0\p@}\def\FirstLineStartIndentFactor%
! {0}\def\Lines%
! {asis}\def\InputWhitespaceTreatment%
! {preserve}}
! [auth]
! ~~~~method~=~user
! ~~~~force\char95{}https~=~no
! ~~~~elvis~=~albus@hogwarts.jk
! ~~~~domain~=~hogwarts.jk
! ~~~~~~~~\endPar{}\endNode{}\endPar{}\endSeq{}\endDisplayGroup{}\endNode{}\endSeq{}\endDisplayGroup{}\endNode{}\endSeq{}\endSpS{}\endNode{}\endSeq{}\endNode{}\endNode{}\endSeq{}\endFOT{}
\ No newline at end of file
Index: qvcs-guide.xml
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** qvcs-guide.xml 25 Jun 2003 03:57:21 -0000 1.1
--- qvcs-guide.xml 25 Jun 2003 22:41:33 -0000 1.2
***************
*** 6,9 ****
--- 6,13 ----
<!ENTITY rhl "<trademark>Red Hat</trademark> <productname>Linux</productname>">
<!ENTITY qvcs "<acronym>QVCS</acronym>">
+ <!ENTITY ver "9">
+ <!ENTITY rhbase "http://redhat.linux.duke.edu/pub/redhat/linux/9/en/os/i386">
+ <!ENTITY qvcsbase "http://mirror.mricon.com/qvcs-guide">
+ <!ENTITY prompt "<prompt>[root@mail root]#</prompt>">
]>
***************
*** 47,51 ****
&qvcs; tie-in as the best small to mid-class server
solution. This document is written for &rhl; systems running
! OS version 9.
</para>
</abstract>
--- 51,55 ----
&qvcs; tie-in as the best small to mid-class server
solution. This document is written for &rhl; systems running
! &ver;.
</para>
</abstract>
***************
*** 86,92 ****
This guide will help you configure and set up a similar system.
</para>
- </chapter>
- <chapter id="software">
- <title>The Software</title>
<sect1>
<title>OSes, Packages, and Disclaimers</title>
--- 90,93 ----
***************
*** 96,100 ****
every distribution. This guide is aimed at &rhl;, and is
based on a set of binary packages provided with it. If you are
! running something other than &rhl; version 9, or like building
stuff from source, please consult the following document:
<ulink url="http://megaz.arbuz.com/?p=qmail_howto">
--- 97,101 ----
every distribution. This guide is aimed at &rhl;, and is
based on a set of binary packages provided with it. If you are
! running something other than &rhl; &ver;, or like building
stuff from source, please consult the following document:
<ulink url="http://megaz.arbuz.com/?p=qmail_howto">
***************
*** 115,350 ****
</important>
</sect1>
<sect1>
! <title>From Zero to 60 in 30 minutes</title>
<para>
! This section will walk you through a generic &rhl;
! installation process. The system we are going to install is
! going to aim <emphasis>exclusively</emphasis> at being a mail
! server running nothing but virtual servers and webmail
! interface (so-called "pop-toaster"). If you are
! planning to use your system for any other services, you can
! still glance through this installation part for hints and
! caveats, but your install will differ from the one outlined
! below.
</para>
<sect2>
! <title>Considering the hardware</title>
<para>
! This setup is aimed at low- to middle-low-end installations,
! hence we will be VERY relaxed about our hardware
! requirements. Nevertheless, there are several important
! things to consider. First of all, we need to make sure that
! our server is capable of handling peak loads, such as happen
! at times when a new outlook virus hits the Internet (you
! HAVE banned outlook from your company's systems, right?
! <emphasis>RIGHT?</emphasis>). Another thing to consider is
! how many clients you are planning to support, together with
! how much maximum space you are going to allow them to have.
</para>
<para>
! Overall, we are looking at three different variables --
! memory amount, processor speed, and hard drive space. Let's
! consider a setup with <emphasis>500</emphasis> clients max
! and look at all three of these variables.
</para>
! <sect3>
! <title>HDD space</title>
! <para>
! A sensible amount of mail quota to allow per client would
! be about 50Mb, so the amount of hard drive space we will
! require just for our 500 clients' e-mails would be around
! 25Gb. That's not all, though, as we will need to consider
! the amount of hard drive space that we will require for
! the mail queue.
! </para>
! <para>
! Let's imagine that we've been hit with a virus that mails
! itself to a hundred people and all 500 our clients got
! infected because we've stupidly allowed Outlook on our
! network (gee, did I come across as biased? :)). If the
! virus is around 100Kb in size, that means that the total
! amount of traffic a single client will generate will be
! around 10Mb. Multiply that by 500, and we arrive at a
! staggering 5Gb of traffic just to handle that virus. Since
! qmail will spend a good deal of time making connections,
! we will want to make sure that there is plenty of space to
! queue all of these requests. What this means is that we
! will have to allow around 5-7Gb of space for queuing,
! which brings us to 30-35Gb of total space for the mail
! subsystem.
! </para>
<para>
! The OS itself will actually require very little space --
! no more than 500Mb for everything we will need, including
! virtual web-servers preferences and other miscellaneous
! data.
</para>
<para>
! After we allow about one more gigabyte for system swap
! space, we arrive at 35-40Gb overall HDD space needed for
! our installation with 500 clients. Re-calculate the
! requirements for your number of clients using the
! following formula:
</para>
! <segmentedlist>
! <title>Space considerations</title>
! <segtitle>User space</segtitle>
! <segtitle>Qmail queue</segtitle>
! <segtitle>System and swap</segtitle>
! <seglistitem>
! <seg>N*50Mb</seg>
! <seg>N*10Mb</seg>
! <seg>1.5GB</seg>
! </seglistitem>
! </segmentedlist>
<para>
! Whether you decide to choose SCSI or IDE is up to you, but
! you should consider that most common HDD activity will be
! accessing and moving small files, something that high-RPM
! SCSI drives do best. Depending on how redundant you want
! to be (which generally depends on how pissed off your
! clients can get, times the amount of downtime), you might
! consider creating a RAID array to mirror all your data.
</para>
<para>
! If you do decide to go with <acronym>RAID</acronym>, then
! my advice would be to get 1 small IDE drive for the
! system, and 3 SCSI drives for a RAID-1 array (1 active, 1
! mirror, and 1 spare). Granted, this setup will be more
! expensive, but believe me, you will sleep MUCH better at
! night.
</para>
! </sect3>
! <sect3>
! <title>RAM requirements</title>
<para>
! The amount of RAM we will require depends on the number of
! simultaneous connections we are going to have to our
! server. This largely depends on the environment you are
! setting this up for.
</para>
<para>
! If you are creating this setup for your company, then it's
! a good possibility that a good chunk of these 500 will be
! accessing your system simultaneously, especially around
! 9am in the morning when people first arrive at work and
! check their e-mail. If, however, you are an ISP and your
! clients are mostly home-users, then the amount of
! simultaneous connections your server is likely to
! experience would be MUCH lower, since people will tend to
! check their e-mail at various times during the day.
</para>
<para>
! Let's approximate -- if you are setting up a server for
! your company, the likely peak usage would be around 90% of
! all your clients. The amount of memory each request will
! consume depends largely on what kind of connection it is
! -- <application>smtp</application> and
! <application>imap</application> require very small amounts
! of memory for each connection, within a few hundred
! kilobytes each. Webmail requests, however, are very
! memory-hungry and will likely gobble up a hefty chunk of
! RAM -- around 5Mb per each request. However, the good
! thing about webmail is that each request lasts only a few
! seconds, so even if 200 people decide to connect to your
! server at around the same time, it's unlikely that there
! will be any more than 50 http processes running
! simultaneously.
</para>
<para>
! But let's be pessimistic and allow for freaky
! coincidences. Let's imagine that all of your 500 clients
! decided to connect to your server at roughly the same
! time, and our apache daemon spawned 150 processes,
! consuming 5Mb each. That brings the memory usage up to
! 750Mb. The system itself consumes about 50Mb of your
! memory, so at peak loads we will be consuming around 800Mb
! of RAM. If you want your server to be snappy at all times,
! you will need to have at least that much memory in your
! box, however, if you decide that such coincidence is not
! very likely and you'd rather save on extra memory, you can
! settle on 512Mb and let the swapping process catch the
! rest.
</para>
<para>
! If, however, you are an ISP with most clients being
! home-users, you are not likely to experience more than
! 10% of your clients trying to connect at the same
! time. The memory requirement would be more relaxed, and it
! is likely that 256Mb of memory will suffice for
! you. Nevertheless, it's always better to have more memory,
! than less, so you are still encouraged to use 512Mb for
! 500 clients.
</para>
<para>
! In general, to calculate how much memory you will need use the
! following formulas:
</para>
! <segmentedlist>
! <title>RAM considerations</title>
! <segtitle>For a company</segtitle>
! <segtitle>For an ISP with home-users</segtitle>
! <seglistitem>
! <seg>N/3*5+50</seg>
! <seg>N/10*5+50</seg>
! </seglistitem>
! </segmentedlist>
<para>
! For 500 users these values will be 880Mb and 300Mb
! respectively. If you are going to rely on swapping, you
! can bring those values down to 512Mb and 256Mb.
</para>
! </sect3>
! <sect3>
! <title>CPU requirements</title>
<para>
! None of the processes are very CPU-intensive, actually,
! and you are not very likely to bottleneck at the processor
! level. The only exception would be when someone tries to
! sort a mailbox with thousands of e-mails in it, but I
! believe that is punishable by law in most countries
! anyway. The best way to avoid this is to set up message
! count quotas. Overall, I would recommend using something
! like a 1.5 GHz and above system for our 500 users, so our
! calculation formula would look something like so:
</para>
! <segmentedlist>
! <title>CPU Considerations</title>
! <segtitle>Lower end</segtitle>
! <segtitle>Higher end</segtitle>
! <seglistitem>
! <seg>N*1.5+800</seg>
! <seg>N*2+1000</seg>
! </seglistitem>
! </segmentedlist>
<para>
! I'm using the +800 method simply because I think that if
! you decide to use something less than a 800Mhz system, you
! are likely to be plagued by various problems related to
! aging hardware.
</para>
! </sect3>
! <sect3>
! <title>Other stuff</title>
<para>
! I am not covering networking environment and bandwidth,
! since you will likely have to stick with what you already
! have anyway. A common 100Base-T network card will suffice
! in terms of a NIC. However, you should consider
! implementing some sort of a backup solution to make sure
! that you don't lose your job or go out of business when
! your server catches on fire and you find it reduced to
! cinders when you come to work one lovely Monday morning. I
! have only good words to say about Amanda <ulink
! url="http://www.amanda.org/">http://www.amanda.org/</ulink>,
! or you may choose some of the many alternatives.
</para>
<para>
! Refer to the section on "What to back up"
! further in the document for the list of directories to
! include in your backup run.
</para>
! </sect3>
! </sect2>
</sect1>
</chapter>
--- 116,753 ----
</important>
</sect1>
+
+ </chapter>
+ <chapter id="install">
+ <title>Installation: From Zero to 60 in 30 minutes</title>
+ <para>
+ This section will walk you through a generic &rhl; installation
+ process. The system we are going to install is going to aim
+ <emphasis>exclusively</emphasis> at being a mail server running
+ nothing but virtual servers and webmail interface (so-called
+ "pop-toaster"). If you are planning to use your system
+ for any other services, you can still glance through this
+ installation part for hints and caveats, but your install will
+ differ from the one outlined below.
+ </para>
<sect1>
! <title>Considering the hardware</title>
<para>
! This setup is aimed at low- to middle-low-end installations,
! hence we will be VERY relaxed about our hardware
! requirements. Nevertheless, there are several important things
! to consider. First of all, we need to make sure that our
! server is capable of handling peak loads, such as happen at
! times when a new outlook virus hits the Internet (you HAVE
! banned outlook from your company's systems, right?
! <emphasis>RIGHT?</emphasis>). Another thing to consider is how
! many clients you are planning to support, together with how
! much maximum space you are going to allow them to have.
! </para>
! <para>
! Overall, we are looking at three different variables -- memory
! amount, processor speed, and hard drive space. Let's consider
! a setup with <emphasis>500</emphasis> clients max and look at
! all three of these variables.
</para>
<sect2>
! <title>HDD space</title>
<para>
! A sensible amount of mail quota to allow per client would be
! about 50Mb, so the amount of hard drive space we will
! require just for our 500 clients' e-mails would be around
! 25Gb. That's not all, though, as we will need to consider
! the amount of hard drive space that we will require for the
! mail queue.
</para>
<para>
! Let's imagine that we've been hit with a virus that mails
! itself to a hundred people and all 500 our clients got
! infected because we've stupidly allowed Outlook on our
! network (gee, did I come across as biased? :)). If the virus
! is around 100Kb in size, that means that the total amount of
! traffic a single client will generate will be around
! 10Mb. Multiply that by 500, and we arrive at a staggering
! 5Gb of traffic just to handle that virus. Since qmail will
! spend a good deal of time making connections, we will want
! to make sure that there is plenty of space to queue all of
! these requests. What this means is that we will have to
! allow around 5-7Gb of space for queuing, which brings us to
! 30-35Gb of total space for the mail subsystem.
</para>
! <para>
! The OS itself will actually require very little space -- no
! more than 1Gb for everything we will need, including virtual
! web-servers, preferences and other miscellaneous data.
! </para>
! <para>
! After we allow about one more gigabyte for system swap
! space, we arrive at 35-40Gb overall HDD space needed for our
! installation with 500 clients. Re-calculate the requirements
! for your number of clients using the following formula:
! </para>
! <segmentedlist>
! <title>HDD considerations</title>
! <segtitle>User space</segtitle>
! <segtitle>Qmail queue</segtitle>
! <segtitle>System and swap</segtitle>
! <seglistitem>
! <seg>N*50Mb</seg>
! <seg>N*10Mb</seg>
! <seg>1.5GB</seg>
! </seglistitem>
! </segmentedlist>
! <para>
! Whether you decide to choose SCSI or IDE is up to you, but
! you should consider that most common HDD activity will be
! accessing and moving small files, something that high-RPM
! SCSI drives do best. Depending on how redundant you want to
! be (which generally depends on how pissed off your clients
! can get, times the amount of downtime), you might consider
! creating a RAID array to mirror all your data.
! </para>
! <para>
! If you do decide to go with <acronym>RAID</acronym>, then my
! advice would be to get 1 small IDE drive for the system, and
! 3 SCSI drives for a RAID-1 array (1 active, 1 mirror, and 1
! spare). Granted, this setup will be more expensive, but
! believe me, you will sleep MUCH better at night.
! </para>
! </sect2>
! <sect2>
! <title>RAM requirements</title>
! <para>
! The amount of RAM we will require depends on the number of
! simultaneous connections we are going to have to our
! server. This largely depends on the environment you are
! setting this up for.
! </para>
! <para>
! If you are creating this setup for your company, then it's a
! good possibility that a good chunk of these 500 will be
! accessing your system simultaneously, especially around 9am
! in the morning when people first arrive at work and check
! their e-mail. If, however, you are an ISP and your clients
! are mostly home-users, then the amount of simultaneous
! connections your server is likely to experience would be
! MUCH lower, since people will tend to check their e-mail at
! various times during the day.
! </para>
! <para>
! Let's approximate -- if you are setting up a server for your
! company, the likely peak usage would be around 90% of all
! your clients. The amount of memory each request will consume
! depends largely on what kind of connection it is --
! <application>smtp</application> and
! <application>imap</application> require very small amounts
! of memory for each connection, within a few hundred
! kilobytes each. Webmail requests, however, are very
! memory-hungry and will likely gobble up a hefty chunk of RAM
! -- around 5Mb per each request. However, the good thing
! about webmail is that each request lasts only a few seconds,
! so even if 200 people decide to connect to your server at
! around the same time, it's unlikely that there will be any
! more than 50 http processes running simultaneously.
! </para>
! <para>
! But let's be pessimistic and allow for freaky
! coincidences. Let's imagine that all of your 500 clients
! decided to connect to your server at roughly the same time,
! and our apache daemon spawned 150 processes, consuming 5Mb
! each. That brings the memory usage up to 750Mb. The system
! itself consumes about 50Mb of your memory, so at peak loads
! we will be consuming around 800Mb of RAM. If you want your
! server to be snappy at all times, you will need to have at
! least that much memory in your box, however, if you decide
! that such coincidence is not very likely and you'd rather
! save on extra memory, you can settle on 512Mb and let the
! swapping process catch the rest.
! </para>
! <para>
! If, however, you are an ISP with most clients being
! home-users, you are not likely to experience more than 10%
! of your clients trying to connect at the same time. The
! memory requirement would be more relaxed, and it is likely
! that 256Mb of memory will suffice for you. Nevertheless,
! it's always better to have more memory, than less, so you
! are still encouraged to use 512Mb for 500 clients.
! </para>
! <para>
! In general, to calculate how much memory you will need use
! the following formulas:
! </para>
! <segmentedlist>
! <title>RAM considerations</title>
! <segtitle>For a company</segtitle>
! <segtitle>For an ISP with home-users</segtitle>
! <seglistitem>
! <seg>N/3*5+50</seg>
! <seg>N/10*5+50</seg>
! </seglistitem>
! </segmentedlist>
! <para>
! For 500 users these values will be 880Mb and 300Mb
! respectively. If you are going to rely on swapping, you can
! bring those values down to 512Mb and 256Mb.
! </para>
! </sect2>
! <sect2>
! <title>CPU requirements</title>
! <para>
! None of the processes are very CPU-intensive, actually, and
! you are not very likely to bottleneck at the processor
! level. The only exception would be when someone tries to
! sort a mailbox with thousands of e-mails in it, but I
! believe that is punishable by law in most countries
! anyway. The best way to avoid this is to set up message
! count quotas. Overall, I would recommend using something
! like a 1.5 GHz and above system for our 500 users, so our
! calculation formula would look something like so:
! </para>
! <segmentedlist>
! <title>CPU Considerations</title>
! <segtitle>Lower end</segtitle>
! <segtitle>Higher end</segtitle>
! <seglistitem>
! <seg>N*1.5+800</seg>
! <seg>N*2+1000</seg>
! </seglistitem>
! </segmentedlist>
! <para>
! I'm using the +800 method simply because I think that if
! you decide to use something less than a 800Mhz system, you
! are likely to be plagued by various problems related to
! aging hardware.
! </para>
! </sect2>
! <sect2>
! <title>Other stuff</title>
! <para>
! I am not covering networking environment and bandwidth,
! since you will likely have to stick with what you already
! have anyway. A common 100Base-T network card will suffice in
! terms of a NIC. However, you should consider implementing
! some sort of a backup solution to make sure that you don't
! lose your job or go out of business when your server catches
! on fire and you find it reduced to cinders when you come to
! work one lovely Monday morning. I have only good words to
! say about Amanda <ulink
! url="http://www.amanda.org/">http://www.amanda.org/</ulink>,
! or you may choose some of the many alternatives.
! </para>
! <para>
! Refer to the section on "What to back up" further
! in the document for the list of directories to include in
! your backup run.
! </para>
! </sect2>
! </sect1>
! <sect1>
! <title>Installing &rhl; &ver;</title>
! <para>
! There are two ways to do it. One is to get installation CDs
! and go through the installation process yourself, and another
! one is to use kickstart for a network install of a
! cookie-cutter QVCS system. In any case you will need the
! following information.
! </para>
! <sect2>
! <title>Partitioning</title>
! <para>
! You need to have at least 4 partitions:
! <simplelist type="inline">
! <member>/</member>
! <member>swap</member>
! <member>/var</member>
! <member>/home</member>
! </simplelist>.
! </para>
! <para>
! Use the calculations we just did in the previous section to
! come up with appropriate partition sizes, and create the
! "/home" partition last letting it use the rest of
! the remaining disk space. If you're making a RAID-1, utilize
! <application>Disk Druid's</application> nice RAID'ing
! features.
! </para>
! <para>
! For our example, the partitions would look like so, for a
! 40Gb HDD:
! </para>
! <programlisting>
! / - 1Gb
! swap - 1024Mb
! /var - 7Gb
! /home - the rest
! </programlisting>
! </sect2>
! <sect2>
! <title>Installing using kickstart</title>
! <para>
! Kickstart installations make the process extremely easy (or
! hard, depending on which part you are comfortable with). You
! will need either a bootable CD to start the process, or two
! floppies for the network install. Easiest is to burn a
! <filename>boot.iso</filename> image, which can be found
! here: <ulink url="&rhbase;/images/"> &rhbase;/images/
! </ulink>. ISO images can be burnt onto a CD from most
! OSes. If you have disk 1 of the &rhl; &ver; set, you can use
! it for this purpose as well.
! </para>
! <para>
! Boot from a CD that you have just created and when you get
! to a line that says "<prompt>boot:</prompt>", type
! in the following:
! </para>
! <para>
! <prompt>boot:</prompt> <userinput>linux
! ks=&qvcsbase;/qvcs-&ver;.ks</userinput>
! </para>
! <para>
! A text-based installation should start, and the only three
! questions you will need to answer would be:
! </para>
! <itemizedlist>
! <listitem>
! <para>
! how to partition the system (see the previous section
! for info)
! </para>
! </listitem>
! <listitem>
! <para>what time zone you are located in</para>
! </listitem>
! <listitem>
! <para>
! what your root password is
! </para>
! </listitem>
! </itemizedlist>
! <para>
! After you have answered all three of the above questions,
! the installation will chug along, unless something is
! horribly wrong with the installation source.
! </para>
! <para>
! Once all the packages have installed, you will be presented
! with a seemingly blank blue screen -- kickstart will be
! executing post-installation routines, such as updating your
! system to the latest &rhl; &ver; errata and installing
! &qvcs; packages. To see what is going on in more detail,
! press
! <keycombo>
! <keycap>Alt</keycap>
! <keycap>F3</keycap>
! </keycombo>
! which will switch you to a different console. You will see a
! whole lot of headers being downloaded, then a few packages
! updated and installed. After a little while
! post-installation will be finished, and you can switch back
! to the main installation console,
! <keycombo>
! <keycap>Alt</keycap>
! <keycap>F1</keycap>
! </keycombo>
! to reboot your machine after the installation.
! </para>
! <warning>
<para>
! If kickstart will not work for you, perhaps because of
! some problems with the network or installation servers,
! please refer to the next section on how to install the
! machine from distribution CDs.
</para>
+ </warning>
+ </sect2>
+ <sect2>
+ <title>Installing from &rhl; &ver; CDs</title>
+ <para>
+ If you are on a slow network, or are not comfortable with
+ using kicstart installations, you may use &rhl; &ver;
+ distribution CDs to install your &qvcs; pop-toaster.
+ </para>
+ <para>
+ The install process is simple enough. Just follow the setup
+ process, paying attention to the partitioning scheme we have
+ discussed above, and when it gets to package installation
+ select "Custom" and then <emphasis>uncheck all
+ groups in the selection screen</emphasis>. For this
+ installation we only want the core of the operating system.
+ </para>
+ <para>
+ Once the installation is complete, reboot, login as root,
+ and perform the following actions:
+ </para>
+ <programlisting>
+ &prompt; <userinput>wget &qvcsbase;/qvcs-init</userinput>
+ &prompt; <userinput>sh qvcs-init</userinput>
+ </programlisting>
+ <para>
+ <application>Qvcs-init</application> will install the public
+ keys, download the automated updater tool called
+ "yum", update your machine to the latest &rhl;
+ errata for &ver;, and install the QVCS group of packages.
+ </para>
+ <para>
+ Once <application>qvcs-init</application> finishes, reboot
+ the machine so unneeded services can be removed and
+ necessary ones started. Once your machine comes back up,
+ both kickstarted and manual installations should be at the
+ same point.
+ </para>
+ </sect2>
+ </sect1>
+ <sect1>
+ <title>Romantic getaway</title>
+ <para>
+ Let me explain in more detail what we just installed. There
+ are overall 14 packages that constitute the qvcs system:
+ </para>
+ <itemizedlist>
+ <listitem>
<para>
! <application>qmail</application>: This is the package with
! all main qmail binaries. Qmail is an
! <acronym>MTA</acronym> and <acronym>MDA</acronym>, which
! stands for "Mail Transport Agent" and "Mail
! Delivery Agent". It was written with security in mind
! and hasn't had a single security exploit in many
! years. Moreover, the author of this package has set up a
! prize of $1000 to anyone who can find a security flaw in
! qmail -- this prize has gone unclaimed in years.
! <footnote>
! <para>
! Just in case you are wondering: yes, I do have a
! permission to distribute this rpm. See <command>rpm
! -qi qmail</command> for more information.
! </para>
! </footnote>
</para>
! </listitem>
! <listitem>
<para>
! <application>qmail-initscripts</application>: This package
! contains initialization and xinetd scripts for qmail,
! written specifically for &rhl;.
</para>
+ </listitem>
+ <listitem>
<para>
! <application>courier-imap</application>: Courier-Imap is a
! very well-done IMAP server which was written specifically
! to work with "Maildir" mail storage system used
! by qmail. It is very fast, very standards compliant, and
! takes very little space in your computer's memory.
</para>
! </listitem>
! <listitem>
<para>
! <application>vmailmgr</application>: This is the Virtual
! Mail Manager for qmail -- it is also an
! <acronym>MDA</acronym> and allows you to have
! "virtual" e-mail users without giving said users
! shell access on your system, which can often lead to
! security compromises.
</para>
+ </listitem>
+ <listitem>
<para>
! <application>vmailmgr-courier-imap</application>: This
! small package adds an authentication module to
! courier-imap which allows it to work with virtual users
! set up by vmailmgr.
</para>
+ </listitem>
+ <listitem>
<para>
! <application>vmailmgr-daemon</application>: A small
! package containing a special binary which lets vmailmgrd
! communicate with other daemons, like perl or php in our
! case.
</para>
+ </listitem>
+ <listitem>
<para>
! <application>ucspi-unix</application>: This is a support
! package for vmailmgr-daemon and allows creating UNIX
! sockets on the system for communication between daemons.
</para>
+ </listitem>
+ <listitem>
<para>
! <application>libmcrypt</application>: This is a set of
! encryption libraries used by vadmin plugin. Vadmin uses
! libmcrypt to encrypt the passwords before storing them on
! the hard drive for enhanced security.
</para>
+ </listitem>
+ <listitem>
<para>
! <application>php-mcrypt</application>: A shared library
! file which ties libmcrypt to php and provides php
! encryption functions.
</para>
! </listitem>
! <listitem>
<para>
! <application>squirrelmail</application>: This is a great
! IMAP-based php webmail system.
</para>
! </listitem>
! <listitem>
<para>
! <application>vadmin</application>: Vadmin is a plugin for
! squirrelmail which makes administering vmailmgr virtual
! domains a part of squirrelmail. It has some very nice
! features like the ability to add/remove users, set quotas
! or account expiration dates, etc.
</para>
! </listitem>
! <listitem>
<para>
! <application>qmail-autoresponder</application>: This
! package allows setting up autoresponders through the
! squirrelmail (vadmin) interface.
</para>
! </listitem>
! <listitem>
<para>
! <application>qvcs-helpers</application>: This package has
! a few helper scripts which come with this guide. They will
! be explained later.
</para>
+ </listitem>
+ <listitem>
<para>
! <application>yum</application>: This is an automated
! updater and installer that makes installing software and
! keeping your server updated very easy.
</para>
! </listitem>
! </itemizedlist>
! <para>
! And no, the title of this section doesn't have anything to do
! with any of it. It simply states what I would rather be doing
! right now instead of writing this guide. :)
! </para>
! </sect1>
! <sect1>
! <title>QVCS-install</title>
! <para>
! After the initial installation is completed, we need to run
! <command>qvcs-install</command> in order to configure the
! system for our purposes.
! </para>
! <programlisting>
! &prompt; <userinput>qvcs-install</userinput>
! </programlisting>
! <para>
! This tool will configure the system software for some default
! settings, suitable for running the base &qvcs; install. The
! best thing about it is the fact that it will save backup
! copies of the files it overwrites into
! <filename>/var/lib/qvcs-install</filename> so you can always
! restore old configurations if you find it necessary.
! </para>
! <para>
! Once this step is done, you are ready to configure your system
! for actual use.
! </para>
! </sect1>
! </chapter>
! <chapter id="config-basic">
! <title>Basic Configuration</title>
! <para>
! Let's go ahead and configure your system so it's suitable for
! your purposes.
! </para>
! <note>
! <title>Examples</title>
! <para>
! For the sake of providing examples, I will be using the
! following virtual domains to make the narrative easier to
! follow:
! <simplelist type="inline">
! <member>hogwarts.jk</member>
! <member>theministry.jk</member>
! <member>quidditch.jk</member>
! </simplelist>
! (what Harry Potter addiction?).
! </para>
! </note>
! <sect1>
! <title>Creating the first virtual domain</title>
! <para>
! The first virtual domain requires some effort, but only
! relatively to the others. Here is how we would proceed.
! </para>
! <note>
! <para>
! If you are getting "<computeroutput>command not
! found</computeroutput>" errors, make sure you are
! logged in as root. If you have used <command>su</command> to
! become root, make sure you use "<command>su
! -</command>" to enable the root environment.
! </para>
! </note>
! <programlisting>
! &prompt; <userinput>addvirt hogwarts.jk</userinput>
! </programlisting>
! <para>
! The <command>addvirt</command> script will ask you for a
! password. Remember it, as you will need it to enable the
! domain in vadmin. Make sure it's a good password, too, as it
! is a system password and though the account is marked as
! <command>/sbin/nologin</command> during creation, having poor
! passwords is one of the main reasons servers get cracked.
! </para>
! <para>
! Now we need to create the first virtual user. To do that,
! let's become the domain "master user" and use the
! <command>vadduser</command> command to create the virtual
! account. If you look at the output of the "addvirt"
! command, you will notice something to the matter of
! "<computeroutput>Creating new domain user
! "theministry_jk"</computeroutput>. In the next
! command you will need to use the username reported by the
! resulting command instead of "hogwarts_jk" (usually
! it just subsitutes all dots for underscores in the domain to
! arrive at the username). Oh, and make it something other than
! "albus."
! </para>
! <programlisting>
! &prompt; <userinput>su -s /bin/bash - hogwarts_jk</userinput>
! <prompt>[hogwarts_jk@mail hogwarts_jk]$ </prompt><userinput>vadduser albus</userinput>
! <prompt>[hogwarts_jk@mail hogwarts_jk]$ </prompt><userinput>exit</userinput>
! &prompt; <userinput>service qmail restart</userinput>
! </programlisting>
! </sect1>
! <sect1>
! <title>Editing <filename>vadmin.conf</filename></title>
! <tip>
! <para>
! The only editor that comes with your machine is
! <command>vi</command>. If it gives you the creeps, you can
! install <command>nano</command> by using yum. Nano is a
! successor to pico and inherits all of its shortcuts.
! <programlisting>
! &prompt; <userinput>yum install nano</userinput>
! </programlisting>
! </para>
! </tip>
! <para>
! Open <filename>/etc/vadmin/vadmin.conf</filename> in your
! editor and locate the [auth] section. Change the
! <varname>elvis</varname> parameter to reflect the virtual user
! that you have just added. For a <varname>domain</varname> add
! the domain name that you have just created using
! "addvirt". E.g. for me that would be:
! </para>
! <programlisting>
! [auth]
! method = user
! force_https = yes
! elvis = albus@hogwarts.jk
! domain = hogwarts.jk
! </programlisting>
</sect1>
</chapter>
|
![https://www.paypal.com/images/x-click-but21.gif"](https://www.paypal.com/images/x-click-but21.gif"){kind=link}
![http://creativecommons.org/images/public/somerights.gif"](http://creativecommons.org/images/public/somerights.gif"){kind=link}