Migrasi mailserver
Version 1.0
Author: gtoms<henry at gultom dot or dot id>
Last edited 23/03/2008
-Mailserver lama tetap up menjelang diistirahatkan.
-Instal sistem operasi mailserver baru menggunakan sistem operasi
linux dengan distro kesayangan saya yaitu : mbah Debian
yang saat ini sudah versi 4.0 dengan kode nama Etch.
-Install dan konfigurasi software pendukung pada mailserver baru. Dalam hal
ini : qmail+patch, daemontools, ucspi-tcp untuk pop3, postfix untuk smtp, vpopmail,
courier, postgrey, vqadmin, mysql, apache, php, sqwebmail, mailgraph, pflogsumm,
fail2ban,dll.
- Menyesuaikan konfigurasi qmail(/etc/qmail dan /var/qmail) dan postfix (/etc/postfix)
- Memindahkan /home/vpopmail/domains dari mailserver lama ke /home/vpopmail/domains
mailserver baru
- Memindahkan /var/lib/mysql/vpopmail dari mailserver lama ke /var/lib/mysql/vpopmail
mailserver baru
- Mengganti ip mailserver baru menjadi ip mailserver lama, mailserver lama down,
untuk selanjutnya mailserver baru Trial dan Live
- Optimalkan firewal pada mailserver baru
- Terapkan rsync untuk backup transfer
data dari mailserver baru ke mailserver lama
- Monitoring & Maintenance
Saya menggunakan installer Debian Network install from a minimal CD(netinst)
sebesar 180 MB, dan di burn ke cdrom, lalu hanya menginstall system nya saja
dan software-software pendukung diinstall menyusul melalui repositori debian
atau dari official situs software tersebut.
Uuntuk sebuah mailserver cukuplah menset partisi sbb:
/
swap
/home
Untuk Instalasi Sistem operasi Linux Debian 4.0 bisa melihat langkah dan screenshotnya
di :
http://www.howtoforge.com/perfect_setup_debian_etch
tidak semua dalam langkah di website itu saya terapkan, jadi sesuaikan sesuai
kebiasaan kita menginstall server debian dengan hasil yang sudah kita ketahui
sebelumnya.
Menginstall sistem operasi Debian itu tidalah sulit jika sudah memahami prosesnya,
tinggal enter dan mengikuti petunjuk instalasi. Update network mirrornya menggunakan
repositori di Indonesia bisa ke vlsm.org atau indika.net.id keduanya terdaftar
di Network Mirror pada Debian installer Netinst.
Kalau proses instalasi sistem operasi saya berada didalam ruang server dan
berdiri didepan monitor mailserver baru sambil kedinginan, maka proses instalasi
dan konfigurasi software pendukungnya saya lebih memilih pakai remote lewat
pc saya di luar ruang server sehinga bisa duduk dan tidak kedinginan, berikut
copy paste dari konsol yang sempat terdokumentasikan dan beberapa bagian ada
yg tidak terdokumentasi atau telah saya edit :
===========================================================================
Melengkapi instalasi sistem operasi Debian :
mail-server:/home/gtoms/netqmail-1.06# apt-get install build-essential
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
binutils cpp cpp-4.1 dpkg-dev g++ g++-4.1 gcc gcc-4.1 libc6-dev libssp0 libstdc++6-4.1-dev
linux-kernel-headers
Suggested packages:
binutils-doc cpp-doc gcc-4.1-locales debian-keyring gcc-4.1-doc lib64stdc++6
manpages-dev autoconf automake1.9 libtool flex bison gdb gcc-doc
libc6-dev-amd64 lib64gcc1 lib64ssp0 glibc-doc libstdc++6-4.1-doc
Recommended packages:
bzip2 libmudflap0-dev
The following NEW packages will be installed:
binutils build-essential cpp cpp-4.1 dpkg-dev g++ g++-4.1 gcc gcc-4.1 libc6-dev
libssp0 libstdc++6-4.1-dev linux-kernel-headers
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 14.4MB of archives.
After unpacking 53.1MB of additional disk space will be used.
Do you want to continue [Y/n]? y
.........skip..........
...........................
Setelah konfigurasi instalasi sistem operasi berjalan lancar termasuk
setting /etc/network/interfaces dan /etc/resolv.conf, dilanjutkan instalasi
service POP3 yang dalam mailserver ini dijalankan oleh Qmail+patch dkk.
Pedoman untuk instalasi ini bisa di cek di : Life
with qmail, a guide for qmail.
Tidak semua dalam langkah-langkah di Life with qmail di terapkan, jadi
kita sesuaikan sesuai evironment server yang kita inginkan.
mail-server:/home/gtoms# wget -c http://www.qmail.org/netqmail-1.06.tar.gz
--13:36:51-- http://www.qmail.org/netqmail-1.06.tar.gz
=> `netqmail-1.06.tar.gz'
Resolving www.qmail.org... 192.203.178.37
Connecting to www.qmail.org|192.203.178.37|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 260,941 (255K) [application/x-tar]
100%[==============================================================>] 260,941 10.74K/s ETA 00:00
13:37:27 (7.81 KB/s) - `netqmail-1.06.tar.gz' saved [260941/260941]
mail-server:/home/gtoms# wget -c http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
--13:38:32-- http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
=> `ucspi-tcp-0.88.tar.gz'
Resolving cr.yp.to... 131.193.36.21
Connecting to cr.yp.to|131.193.36.21|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 53,019 (52K) [application/x-gzip]
100%[================================================================>] 53,019 5.98K/s ETA 00:00
13:38:42 (5.98 KB/s) - `ucspi-tcp-0.88.tar.gz' saved [53019/53019]
mail-server:/home/gtoms# wget -c http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
--13:38:47-- http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
=> `daemontools-0.76.tar.gz'
Resolving cr.yp.to... 131.193.36.21
Connecting to cr.yp.to|131.193.36.21|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 36,975 (36K) [application/x-gzip]
100%[=================================================================>] 36,975 17.25K/s
mail-server:/home/gtoms# mkdir /var/qmail
mail-server:/home/gtoms# mkdir /etc/qmail
mail-server:/home/gtoms# ln -s /etc/qmail /var/qmail/control
mail-server:/home/gtoms# ls
daemontools-0.76.tar.gz gtoms netqmail-1.06.tar.gz ucspi-tcp-0.88.tar.gz
mail-server:/home/gtoms# tar zxvf netqmail-1.05.tar.gz
Pindah ke direktori netqmail-1.06 :
mail-server:/home/gtoms/netqmail-1.06# cp INSTALL.ids IDS
mail-server:/home/gtoms/netqmail-1.06# nano IDS
pw groupadd nofiles
pw useradd qmaild -g nofiles -d /var/qmail -s /nonexistent
pw useradd alias -g nofiles -d /var/qmail/alias -s /nonexistent
pw useradd qmaill -g nofiles -d /var/qmail -s /nonexistent
pw useradd qmailp -g nofiles -d /var/qmail -s /nonexistent
pw groupadd qmail
pw useradd qmailq -g qmail -d /var/qmail -s /nonexistent
pw useradd qmailr -g qmail -d /var/qmail -s /nonexistent
pw useradd qmails -g qmail -d /var/qmail -s /nonexistent
mail-server:/home/gtoms/netqmail-1.06# chmod 700 IDS
mail-server:/home/gtoms/netqmail-1.06# ./IDS
mail-server:/home/gtoms/netqmail-1.06#
mail-server:/home/gtoms/netqmail-1.06/other-patches# wget -c http://www.shupp.org/patches/netqmail-maildir++.patch
--13:59:47-- http://www.shupp.org/patches/netqmail-maildir++.patch
=> `netqmail-maildir++.patch'
Resolving www.shupp.org... 70.87.156.10
Connecting to www.shupp.org|70.87.156.10|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 39,971 (39K) [text/plain]
100%[==============================================================================>] 39,971 18.21K/s
13:59:55 (18.19 KB/s) - `netqmail-maildir++.patch' saved [39971/39971]
mail-server:/home/gtoms/netqmail-1.06/other-patches# cd ..
mail-server:/home/gtoms/netqmail-1.06# patch < /home/gtoms/netqmail-1.06/other-patches/netqmail-maildir++.patch
patching file Makefile
patching file TARGETS
patching file maildirflags.c
patching file maildirgetquota.c
patching file maildirgetquota.h
patching file maildirmisc.h
patching file maildiropen.c
patching file maildirparsequota.c
patching file maildirquota.c
patching file maildirquota.h
patching file numlib.h
patching file overmaildirquota.c
patching file qmail-local.c
patching file qmail-pop3d.c
patching file strpidt.c
patching file strtimet.c
mail-server:/home/gtoms/netqmail-1.06# make setup check
.....skip....................
.........................
cat qmail-limits.9 \
| sed s}QMAILHOME}"`head -1 conf-qmail`"}g \
| sed s}BREAK}"`head -1 conf-break`"}g \
| sed s}SPAWN}"`head -1 conf-spawn`"}g \
> qmail-limits.7
nroff -man qmail-limits.7 > qmail-limits.0
nroff -man qmail-log.5 > qmail-log.0
cat qmail-control.9 \
| sed s}QMAILHOME}"`head -1 conf-qmail`"}g \
| sed s}BREAK}"`head -1 conf-break`"}g \
| sed s}SPAWN}"`head -1 conf-spawn`"}g \
> qmail-control.5
nroff -man qmail-control.5 > qmail-control.0
nroff -man qmail-header.5 > qmail-header.0
cat qmail-users.9 \
| sed s}QMAILHOME}"`head -1 conf-qmail`"}g \
| sed s}BREAK}"`head -1 conf-break`"}g \
| sed s}SPAWN}"`head -1 conf-spawn`"}g \
> qmail-users.5
nroff -man qmail-users.5 > qmail-users.0
cat dot-qmail.9 \
| sed s}QMAILHOME}"`head -1 conf-qmail`"}g \
| sed s}BREAK}"`head -1 conf-break`"}g \
| sed s}SPAWN}"`head -1 conf-spawn`"}g \
> dot-qmail.5
nroff -man dot-qmail.5 > dot-qmail.0
nroff -man qmail-command.8 > qmail-command.0
nroff -man tcp-environ.5 > tcp-environ.0
nroff -man maildir.5 > maildir.0
nroff -man mbox.5 > mbox.0
nroff -man addresses.5 > addresses.0
nroff -man envelopes.5 > envelopes.0
nroff -man forgeries.7 > forgeries.0
./install
./instcheck
mail-server:/home/gtoms/netqmail-1.06#
mail-server:/home/gtoms# tar zxvf ucspi-tcp-0.88.tar.gz
mail-server:/home/gtoms# cd ucspi-tcp-0.88
mail-server:/home/gtoms/ucspi-tcp-0.88#patch < /home/gtoms/netqmail-1.06/other-patches/ucspi-tcp-0.88.errno.patch
patching file error.h
mail-server:/home/gtoms/ucspi-tcp-0.88#make
......skip.........
......................
chmod 755 mconnect
./choose cl tryvfork fork.h1 fork.h2 > fork.h
./compile mconnect-io.c
./load mconnect-io unix.a byte.a
./compile addcr.c
./load addcr unix.a byte.a
./compile delcr.c
./load delcr unix.a byte.a
./compile fixcrio.c
./load fixcrio time.a unix.a byte.a
./compile rblsmtpd.c
./compile commands.c
./load rblsmtpd commands.o dns.a time.a unix.a byte.a \
`cat socket.lib`
cat warn-auto.sh rts.sh \
| sed s}HOME}"`head -1 conf-home`"}g \
> rts
chmod 755 rts
./compile install.c
./compile hier.c
./compile auto-str.c
auto-str.c:9: warning: conflicting types for built-in function âputsâ
./load auto-str unix.a byte.a
./auto-str auto_home `head -1 conf-home` > auto_home.c
./compile auto_home.c
./load install hier.o auto_home.o unix.a byte.a
./compile instcheck.c
./load instcheck hier.o auto_home.o unix.a byte.a
mail-server:/home/gtoms/ucspi-tcp-0.88#
mail-server:/home/gtoms/ucspi-tcp-0.88# make setup check
./install
./instcheck
mail-server:/home/gtoms/ucspi-tcp-0.88#
mail-server:/home/gtoms# tar zxvf daemontools-0.76.tar.gz
mail-server:/home/gtoms# cd /admin/daemontools-0.76
mail-server:/home/gtoms/admin/daemontools-0.76# cd src
mail-server:/home/gtoms/admin/daemontools-0.76/src# patch < /home/gtoms/netqmail-1.06/other-patches/daemontools-0.76.errno.patch
patching file error.h
mail-server:/home/gtoms/admin/daemontools-0.76/src#
mail-server:/home/gtoms/admin/daemontools-0.76/src#cd ..
mail-server:/home/gtoms/admin/daemontools-0.76/src#package/install
..........skip.....................
.....................................
supervise.c:102: warning: passing argument 2 of âexecveâ from incompatible
pointer type
./load supervise deepsleep.o time.a unix.a byte.a
./compile svc.c
./load svc unix.a byte.a
./compile svok.c
./load svok unix.a byte.a
./compile svscan.c
svscan.c: In function âstartâ:
svscan.c:104: warning: passing argument 3 of âpathexec_runâ from
incompatible pointer type
svscan.c:123: warning: passing argument 3 of âpathexec_runâ from
incompatible pointer type
./load svscan unix.a byte.a
rm -f svscanboot
cat warn-auto.sh svscanboot.sh \
| sed s}HOME}"`head -1 home`"}g \
> svscanboot
chmod 555 svscanboot
./compile svstat.c
./load svstat time.a unix.a byte.a
./compile tai64n.c
./load tai64n timestamp.o time.a unix.a byte.a
./compile tai64nlocal.c
./load tai64nlocal unix.a byte.a
env - /bin/sh rts.tests 2>&1 | cat -v > rts
rm -f sysdeps
cat systype compile load >> sysdeps
grep sysdep direntry.h >> sysdeps
grep sysdep haswaitp.h >> sysdeps
grep sysdep hassgact.h >> sysdeps
grep sysdep hassgprm.h >> sysdeps
grep sysdep select.h >> sysdeps
grep sysdep uint64.h >> sysdeps
grep sysdep iopause.h >> sysdeps
grep sysdep hasmkffo.h >> sysdeps
grep sysdep hasflock.h >> sysdeps
grep sysdep hasshsgr.h >> sysdeps
Copying commands into ./command...
Creating symlink daemontools -> daemontools-0.76...
Making command links in /command...
Making compatibility links in /usr/local/bin...
Creating /service...
Adding svscanboot to inittab...
init should start svscan now.
mail-server:/home/gtoms/admin/daemontools-0.76#
mail-server:/home/gtoms# ps ax | grep read
9 ? S< 0:00 [kthread]
2869 ? S 0:00 readproctitle service errors: ........................................................................................................................................
4858 pts/0 S+ 0:00 grep read
mail-server:/home/gtoms# ps -ef | grep svscan
root 8643 1 0 14:14 ? 00:00:00 /bin/sh /command/svscanboot
root 8645 8643 0 14:14 ? 00:00:00 svscan /service
root 8648 4914 0 14:15 pts/0 00:00:00 grep svscan
mail-server:/home/gtoms/admin/daemontools-0.76# cd /var/qmail
mail-server:/var/qmail# ls
alias bin boot control doc man queue users
mail-server:/var/qmail# nano rc
#!/bin/sh
# Using stdout for logging
# Using control/defaultdelivery from qmail-local to deliver messages by default
exec env - PATH="/var/qmail/bin:$PATH" \
qmail-start "`cat /var/qmail/control/defaultdelivery`"
mail-server:/var/qmail# chmod 755 /var/qmail/rc
mail-server:/var/qmail# mkdir /var/log/qmail
mail-server:/etc/qmail# nano defaultdelivery
./Maildir
mail-server:/etc/qmail# cd /var/qmail/control
mail-server:/var/qmail/control# ls
defaultdelivery
mail-server:/var/qmail/control# cd /var/qmail/control
mail-server:/var/qmail/control# ls
defaultdelivery
mail-server:/var/qmail/control# touch /var/qmail/control/locals
mail-server:/var/qmail/control# ls
defaultdelivery locals
mail-server:/var/qmail/control# mkdir -p /var/qmail/supervise/qmail-pop3d
mail-server:/var/qmail/control# nano /var/qmail/supervise/qmail-pop3d/run
mail-server:/var/qmail/control# mkdir /var/qmail/supervise/qmail-pop3d/log
mail-server:/var/qmail/control# mkdir /var/qmail/supervise/qmail-pop3d/log/run
mail-server:/var/qmail/control# nano /var/qmail/supervise/qmail-pop3d/log/run
mail-server:/var/qmail/control# chmod +t /var/qmail/supervise/qmail-pop3d
mail-server:/var/qmail/control# mkdir /var/log/qmail/pop3d
mail-server:/var/qmail/control# chown qmaill /var/log/qmail/pop3d
mail-server:/var/qmail/control# chmod 755 /var/qmail/supervise/qmail-pop3d/run
mail-server:/var/qmail/control# chmod 755 /var/qmail/supervise/qmail-pop3d/log/run
mail-server:/var/qmail/control# ln -s /var/qmail/supervise/qmail-pop3d /service
mail-server:/var/qmail/control#
mail-server:/home/gtoms# cd /etc/init.d/
mail-server:/etc/init.d# nano qmail-pop3d
mail-server:/etc/init.d# chmod 755 /etc/init.d/qmail-pop3d
Untuk menjalankan POP3 : /etc/init.d/qmail-pop3d start
Instalasi Mysql Server sebagai database server account email virtual
dan alias, Mail server yang dibangun harus dapat mendukung virtual domain. Semua
informasi mengenai virtual domain tersimpan pada database MySQL.
mail-server:/var/qmail# apt-get install mysql-server mysql-client mysql-common
libmysqlclient15-dev
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
libdbd-mysql-perl libdbi-perl libmysqlclient15off libnet-daemon-perl libplrpc-perl
mysql-client-5.0 mysql-server-5.0 psmisc zlib1g-dev
Suggested packages:
dbishell libcompress-zlib-perl tinyca
The following NEW packages will be installed:
libdbd-mysql-perl libdbi-perl libmysqlclient15-dev libmysqlclient15off libnet-daemon-perl
libplrpc-perl mysql-client mysql-client-5.0 mysql-common
mysql-server mysql-server-5.0 psmisc zlib1g-dev
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 42.9MB of archives.
After unpacking 113MB of additional disk space will be used.
Do you want to continue [Y/n]? y
0% [Connecting to debian.indika.net.id]
Setting up libdbd-mysql-perl (3.0008-1) ...
Setting up mysql-client-5.0 (5.0.32-7etch5) ...
Setting up psmisc (22.3-1) ...
Setting up mysql-server-5.0 (5.0.32-7etch5) ...
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
Setting up zlib1g-dev (1.2.3-13) ...
Setting up libmysqlclient15-dev (5.0.32-7etch5) ...
Setting up mysql-client (5.0.32-7etch5) ...
Setting up mysql-server (5.0.32-7etch5) ...
Instalasi Vpopmail : Vpopmail adalah aplikasi yang menyediakan fasilitas
virtual domain untuk mail server.
Membuat user dan group ID untuk vpopmail, sesuaikan dengan ID di mailserver
lama bisa di cek di /etc/passwd
mail-server:/home/gtoms# groupadd -g xxxxx vchkpw
mail-server:/home/gtoms# useradd -u xxxx -g yyyyy -d /home/vpopmail -s /bin/false
vpopmail
mail-server:/home/gtoms# tar zxvf vpopmail-5.4.25.tar.gz
mail-server:/home/gtoms/vpopmail-5.4.25#./configure --enable-ip-alias-domains=y
--enable-sqlincdir=/usr/include/mysql --enable-libdir=/usr/lib --enable-large-site=n
--enable-ucspi-dir=../ucspi-tcp-0.88 --enable-logging=y --enable-vpopuser=vpopmail
--enable-vpopgroup=vchkpw --enable-auth-module=mysql --disable-passwd --enable-clear-passwd
--enable-auth-logging --enable-sql-logging --enable-valias --disable-mysql-limits
........skip...............
........................
checking whether any discontinued --enable commands have been used... no
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: executing depfiles commands
vpopmail 5.4.25
Current settings
---------------------------------------
vpopmail directory = /home/vpopmail
domains directory = /home/vpopmail/domains
uid = 65010
gid = 60002
roaming users = OFF --disable-roaming-users (default)
password learning = OFF --disable-learn-passwords (default)
md5 passwords = ON --enable-md5-passwords (default)
file locking = ON --enable-file-locking (default)
vdelivermail fsync = OFF --disable-file-sync (default)
make seekable = ON --enable-make-seekable (default)
clear passwd = ON --enable-clear-passwd (default)
user dir hashing = ON --enable-users-big-dir (default)
address extensions = OFF --disable-qmail-ext (default)
ip alias = ON --enable-ip-alias-domains
onchange script = OFF --disable-onchange-script (default)
auth module = mysql --enable-auth-module=mysql
mysql replication = OFF --disable-mysql-replication (default)
sql logging = ON --enable-sql-logging
mysql limits = OFF --disable-mysql-limits (default)
SQL valias table = ON --enable-valias
auth inc = -I/usr/include/mysql
auth lib = -L/usr/lib -lmysqlclient -lz -lm
system passwords = OFF --disable-passwd (default)
pop syslog = show successful and failed login attempts --enable-logging=y
auth logging = ON --enable-auth-logging (default)
all domains in one SQL table = --enable-many-domains (default)
spamassassin = OFF --disable-spamassassin (default)
maildrop = OFF --disable-maildrop (default)
mail-server:/home/gtoms/vpopmail-5.4.25#
mail-server:/home/gtoms/vpopmail-5.4.25#make
.........skip..........
.....................
gcc -I. -I/usr/include/mysql -I. -I. -I. -g -O2 -Wall -c vconvert.c
gcc -g -O2 -Wall -o vconvert vconvert.o libvpopmail.a -L/usr/lib -lmysqlclient
-lz -lm -lcrypt
gcc -I. -I/usr/include/mysql -I. -I. -I. -g -O2 -Wall -c vkill.c
gcc -g -O2 -Wall -o vkill vkill.o libvpopmail.a -L/usr/lib -lmysqlclient -lz
-lm -lcrypt
gcc -I. -I/usr/include/mysql -I. -I. -I. -g -O2 -Wall -c vmoddomlimits.c
gcc -g -O2 -Wall -o vmoddomlimits vmoddomlimits.o libvpopmail.a -L/usr/lib -lmysqlclient
-lz -lm -lcrypt
gcc -I. -I/usr/include/mysql -I. -I. -I. -g -O2 -Wall -c vchangepw.c
gcc -g -O2 -Wall -o vchangepw vchangepw.o libvpopmail.a -L/usr/lib -lmysqlclient
-lz -lm -lcrypt
gcc -I. -I/usr/include/mysql -I. -I. -I. -g -O2 -Wall -c dotqmail2valias.c
gcc -g -O2 -Wall -o dotqmail2valias dotqmail2valias.o libvpopmail.a -L/usr/lib
-lmysqlclient -lz -lm -lcrypt
gcc -I. -I/usr/include/mysql -I. -I. -I. -g -O2 -Wall -c vpopmaild.c
gcc -g -O2 -Wall -o vpopmaild vpopmaild.o libvpopmail.a -L/usr/lib -lmysqlclient
-lz -lm -lcrypt
cd . && /bin/sh ./config.status config.h
config.status: creating config.h
config.status: config.h is unchanged
make[2]: Leaving directory `/home/gtoms/vpopmail-5.4.25'
make[1]: Leaving directory `/home/gtoms/vpopmail-5.4.25'
mail-server:/home/gtoms/vpopmail-5.4.25#
mail-server:/home/gtoms/vpopmail-5.4.25# make install-strip
make INSTALL_PROGRAM="/usr/bin/install -c -o vpopmail -m 711 -g vchkpw
-s" \
install_sh_PROGRAM="/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s"
INSTALL_STRIP_FLAG=-s \
`test -z '' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG=''"` install
make[1]: Entering directory `/home/gtoms/vpopmail-5.4.25'
Making install in cdb
make[2]: Entering directory `/home/gtoms/vpopmail-5.4.25/cdb'
make[2]: Nothing to be done for `install'.
make[2]: Leaving directory `/home/gtoms/vpopmail-5.4.25/cdb'
make[2]: Entering directory `/home/gtoms/vpopmail-5.4.25'
make[3]: Entering directory `/home/gtoms/vpopmail-5.4.25'
for d in bin doc etc include lib ; do \
if test ! -d /home/vpopmail/$d; then \
/usr/bin/install -c -d -g vchkpw -m 0755 -o vpopmail \
/home/vpopmail/$d ; \
fi ; \
done
/usr/bin/install -c -d -g vchkpw -m 0700 -o vpopmail \
/home/vpopmail/domains
echo "-I/home/vpopmail/include" > \
/home/vpopmail/etc/inc_deps
echo "-L/home/vpopmail/lib -lvpopmail -L/usr/lib -lmysqlclient -lz -lm
-lcrypt " > \
/home/vpopmail/etc/lib_deps
if test ! -r /home/vpopmail/etc/vlimits.default; then \
/usr/bin/install -c -o vpopmail -m 0644 -g vchkpw \
vlimits.default /home/vpopmail/etc/vlimits.default; \
fi
if test "1" = "1"; then \
if test ! -r /home/vpopmail/etc/vpopmail.mysql; then \
echo "# MYSQL CONNECTION SETTINGS FOR VPOPMAIL" >> /home/vpopmail/etc/vpopmail.mysql;
\
echo "#" >> /home/vpopmail/etc/vpopmail.mysql; \
echo "# Line 1 defines the connection to use for database reads,"
>> /home/vpopmail/etc/vpopmail.mysql; \
echo "# Line 2 defines the connection to use for database updates/writes."
>> /home/vpopmail/etc/vpopmail.mysql; \
echo "#" >> /home/vpopmail/etc/vpopmail.mysql; \
echo "# If you omit line 2, then the same settings will be" >>
/home/vpopmail/etc/vpopmail.mysql; \
echo "# used for both read and write." >> /home/vpopmail/etc/vpopmail.mysql;
\
echo "#" >> /home/vpopmail/etc/vpopmail.mysql; \
echo "# settings for each line:" >> /home/vpopmail/etc/vpopmail.mysql;
\
echo "# host|port|user|password|database" >> /home/vpopmail/etc/vpopmail.mysql;
\
echo "#" >> /home/vpopmail/etc/vpopmail.mysql; \
echo "localhost|0|root|secret|vpopmail" >> /home/vpopmail/etc/vpopmail.mysql;
\
echo "#" >> /home/vpopmail/etc/vpopmail.mysql; \
echo "# Note:" >> /home/vpopmail/etc/vpopmail.mysql; \
echo "# The value of host may be either a hostname or an IP address."
>> /home/vpopmail/etc/vpopmail.mysql; \
echo "# If host is 'localhost', then sockets (Unix) or named pipes (Windows)"
>> /home/vpopmail/etc/vpopmail.mysql; \
echo "# will be used instead of TCP/IP to connect to the server."
>> /home/vpopmail/etc/vpopmail.mysql; \
fi ; \
chown vpopmail /home/vpopmail/etc/vpopmail.mysql ; \
chgrp vchkpw /home/vpopmail/etc/vpopmail.mysql ; \
chmod 0640 /home/vpopmail/etc/vpopmail.mysql ; \
fi
/usr/bin/install -c -o root -m 0644 \
libvpopmail.a /home/vpopmail/lib/libvpopmail.a
/usr/bin/install -c -o root -m 0444 \
config.h /home/vpopmail/include/vpopmail_config.h
for include in vpopmail.h config.h vauth.h vlimits.h ; do \
/usr/bin/install -c -o root -m 0444 $include \
/home/vpopmail/include/ ; \
done
/usr/bin/install -c -d /home/vpopmail/doc/man_html
/usr/bin/install -c -d /home/vpopmail/doc/doc_html
/usr/bin/install -c -o vpopmail -m 0444 -g vchkpw \
doc/man_html/*.* /home/vpopmail/doc/man_html/
/usr/bin/install -c -o vpopmail -m 0444 -g vchkpw \
doc/doc_html/*.* /home/vpopmail/doc/doc_html/
test -z "/home/vpopmail/bin" || mkdir -p -- "/home/vpopmail/bin"
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vchkpw' '/home/vpopmail/bin/vchkpw'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vdelivermail' '/home/vpopmail/bin/vdelivermail'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'clearopensmtp' '/home/vpopmail/bin/clearopensmtp'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vadddomain' '/home/vpopmail/bin/vadddomain'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vdeldomain' '/home/vpopmail/bin/vdeldomain'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vpasswd' '/home/vpopmail/bin/vpasswd'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vadduser' '/home/vpopmail/bin/vadduser'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vdeluser' '/home/vpopmail/bin/vdeluser'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vaddaliasdomain' '/home/vpopmail/bin/vaddaliasdomain'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vsetuserquota' '/home/vpopmail/bin/vsetuserquota'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vpopbull' '/home/vpopmail/bin/vpopbull'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vdeloldusers' '/home/vpopmail/bin/vdeloldusers'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vmoduser' '/home/vpopmail/bin/vmoduser'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'valias' '/home/vpopmail/bin/valias'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vuserinfo' '/home/vpopmail/bin/vuserinfo'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vmkpasswd' '/home/vpopmail/bin/vmkpasswd'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vipmap' '/home/vpopmail/bin/vipmap'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vdominfo' '/home/vpopmail/bin/vdominfo'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vconvert' '/home/vpopmail/bin/vconvert'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vkill' '/home/vpopmail/bin/vkill'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vmoddomlimits' '/home/vpopmail/bin/vmoddomlimits'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vchangepw' '/home/vpopmail/bin/vchangepw'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'dotqmail2valias' '/home/vpopmail/bin/dotqmail2valias'
/usr/bin/install -c -o vpopmail -m 711 -g vchkpw -s 'vpopmaild' '/home/vpopmail/bin/vpopmaild'
make[3]: Leaving directory `/home/gtoms/vpopmail-5.4.25'
make[2]: Leaving directory `/home/gtoms/vpopmail-5.4.25'
make[1]: Leaving directory `/home/gtoms/vpopmail-5.4.25'
mail-server:/home/gtoms/vpopmail-5.4.25#
Struktur database vpopmail pada host mailserver ini yang menggunakan aplikasi
Vpopmail adalah :
• Terdiri dari 6 buah tabel, yaitu tabel dir_control, tabel lastauth,
tabel vlog, table valias, domain_alias dan tabel vpopmail
• Data mengenai virtual domain terletak pada tabel vpopmail, yang memiliki
struktur seperti di bawah ini :
Field |
Type |
Null |
Key |
Default |
Extra |
pw_name | char(32) |
PRI |
|||
pw_domain | char(64) |
PRI |
|||
pw_passwd | char(40) |
YES |
NULL |
||
pw_uid | int(11) |
YES |
NULL |
||
pw_gid | int(11) |
YES |
NULL |
||
pw_gecos | char(48) |
YES |
NULL |
||
pw_dir | char(160) |
YES |
NULL |
||
pw_shell | char(20) |
YES |
NULL |
||
pw_clear_passwd | char(16) |
YES |
NULL |
mail-server:/home/vpopmail/etc# nano vpopmail.mysql
formatnya : <Host MySQL server>|0|<nama user MySQL>|<password
user MySQL>|<nama database>
mail-server:/home/vpopmail/etc# chown vpopmail:vchkpw /home/vpopmail/etc/vpopmail.mysql
mail-server:/home/vpopmail/etc# chmod 640 /home/vpopmail/etc/vpopmail.mysql
mail-server:/home/vpopmail/etc# nano defaultdomain
isi sesuai nama domain kantor
mail-server:/home/gtoms# cp /etc/mysql/my.cnf /etc/mysql/my.cnfgtoms
mail-server:/home/gtoms# nano /etc/mysql/my.cnf
mengoptimalkan mysql agar dapat bekerja dalam roses banyak bagi sebuah mailserver(tunning)
mail-server:/home/gtoms#
-Disini masuk ke mysql untuk mengkonfigurasi mysql mendukung aplikasi Postfix,
Vpopmail dan Sqwebmail
Kita membuat database vpopmail, lalu membuat user dan password untuk dapat mengakses
database vpopmail.
mail-server:/home/gtoms# mysqladmin -u root password xxxxxxxxx
mail-server:/home/gtoms# mysql -u root -p
.....skip.........
................
..................
Memindahkan data dari mailserver lama ke mailserver baru /var/lib/mysql/vpopmail
:
mail-server:/home/gtoms#mysqldump –u root –-password=xxxxxxxx --quick vpopmail | gzip –f > /home/gtoms/vpopmail.gz
gunzip < /home/gtoms/vpopmail.gz | mysql –u root -–password=xxxxxxxxx vpopmail
Contoh tabel ysql yg sudah di create dan dump dari mailserver lama.
+--------------------+
| Tables_in_vpopmail |
+--------------------+
| dir_control |
| domain_alias |
| lastauth |
| valias |
| vlog |
| vpopmail |
+--------------------+
Setelah /var/lib/mysql/vpopmail kita pindahkan dari mailserver lama, saatnya
kita pindahkan juga /home/vpopmail/domains dari mailserver lama, proses pemindahan
seluruh isi Mailbox(Maildir) user ini dilakukan saat beberapa menit sebelum
downtime mailserver lama, dan dilakukan pada pukul 01:00 wib dini hari.
Pada mailserver lama :
backup
#tar -czf homevpopmail.tar.gz home
Pada mailserver baru :
extrak
#tar -xzf homevpopmail.tar.gz
cek /home/vpopmail/domains akan sama isinya dengan struktur direktori pada
/home/vpopmail/dmains mailserver lama.
Dengan cara ini tidak ada perubahan dalam user permission struktur tersebut
yang dimiliki user vpopmail
Cara lain bisa memakai scripts dari http://qmail.jms1.net/scripts/migrate-domain.shtml.tapi
cara ini satu persatu domains dipindahkan
SASL (Simple Authentication and Security Layer) adalah sebuah metode penambahan
proses otentikasi pada protokol-protokol berbasis koneksi.
mail-server:/etc/postfix# apt-get install libsasl2 libsasl2-modules libsasl2-modules-sql
sasl2-bin libsasl2-gssapi-mit libpam-mysql
Reading package lists... Done
Building dependency tree... Done
libsasl2 is already the newest version.
The following extra packages will be installed:
libsasl2-modules-gssapi-mit libsqlite0
Suggested packages:
libsasl2-modules-otp libsasl2-modules-ldap
The following NEW packages will be installed:
libpam-mysql libsasl2-gssapi-mit libsasl2-modules libsasl2-modules-gssapi-mit
libsasl2-modules-sql libsqlite0 sasl2-bin
0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.
Need to get 638kB of archives.
After unpacking 1597kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id etch/main libsqlite0 2.8.17-2 [181kB]
Get:2 http://debian.indika.net.id etch/main libsasl2-modules 2.1.22.dfsg1-8
[147kB]
Get:3 http://debian.indika.net.id etch/main libsasl2-modules-gssapi-mit 2.1.22.dfsg1-8
[62.8kB]
Get:4 http://debian.indika.net.id etch/main libsasl2-gssapi-mit 2.1.22.dfsg1-8
[40.9kB]
Get:5 http://debian.indika.net.id etch/main libsasl2-modules-sql 2.1.22.dfsg1-8
[61.1kB]
Get:6 http://debian.indika.net.id etch/main sasl2-bin 2.1.22.dfsg1-8 [124kB]
Get:7 http://debian.indika.net.id etch/main libpam-mysql 0.6.2-1 [21.5kB]
Fetched 638kB in 0s (1934kB/s)
Preconfiguring packages ...
Selecting previously deselected package libsqlite0.
(Reading database ... 24523 files and directories currently installed.)
Unpacking libsqlite0 (from .../libsqlite0_2.8.17-2_i386.deb) ...
Selecting previously deselected package libsasl2-modules.
Unpacking libsasl2-modules (from .../libsasl2-modules_2.1.22.dfsg1-8_i386.deb)
...
Selecting previously deselected package libsasl2-modules-gssapi-mit.
Unpacking libsasl2-modules-gssapi-mit (from .../libsasl2-modules-gssapi-mit_2.1.22.dfsg1-8_i386.deb)
...
Selecting previously deselected package libsasl2-gssapi-mit.
Unpacking libsasl2-gssapi-mit (from .../libsasl2-gssapi-mit_2.1.22.dfsg1-8_i386.deb)
...
Selecting previously deselected package libsasl2-modules-sql.
Unpacking libsasl2-modules-sql (from .../libsasl2-modules-sql_2.1.22.dfsg1-8_i386.deb)
...
Selecting previously deselected package sasl2-bin.
Unpacking sasl2-bin (from .../sasl2-bin_2.1.22.dfsg1-8_i386.deb) ...
Selecting previously deselected package libpam-mysql.
Unpacking libpam-mysql (from .../libpam-mysql_0.6.2-1_i386.deb) ...
Setting up libsqlite0 (2.8.17-2) ...
Setting up libsasl2-modules (2.1.22.dfsg1-8) ...
Setting up libsasl2-modules-gssapi-mit (2.1.22.dfsg1-8) ...
Setting up libsasl2-gssapi-mit (2.1.22.dfsg1-8) ...
Setting up libsasl2-modules-sql (2.1.22.dfsg1-8) ...
Setting up sasl2-bin (2.1.22.dfsg1-8) ...
warning: --update given but /var/run/saslauthd does not exist
* To enable saslauthd, edit /etc/default/saslauthd and set START=yes
Setting up libpam-mysql (0.6.2-1) ...
mail-server:/etc/postfix#
mail-server:/etc/postfix# mkdir -p /var/spool/postfix/var/run/saslauthd
mail-server:/etc/postfix# nano /etc/default/saslauthd
mail-server:/etc/postfix# cd /etc/default/
mail-server:/etc/default# ls
acpid bootlogd courier devpts exim4 halt ifupdown klogd locale nfs-common portmap
proftpd rcS saslauthd ssh syslogd tmpfs useradd
mail-server:/etc/default# cp saslauthd saslauthdasli
mail-server:/etc/default# nano /etc/default/saslauthd
mail-server:/etc/default# nano /etc/default/saslauthd
mail-server:/etc/default# nano /etc/init.d/saslauthd
mail-server:/etc/default# cp /etc/init.d/saslauthd /etc/init.d/saslauthdasli
mail-server:/etc/default# nano /etc/init.d/saslauthd
mail-server:/etc/default# nano /etc/init.d/saslauthd
mail-server:/etc/default# nano /etc/pam.d/smtp
mail-server:/etc/default# nano /etc/pam.d/smtp
mail-server:/etc/default#
Instalasi Postfix sebagai SMTP server
mail-server:/home/gtoms# apt-get install postfix postfix-tls postfix-pcre postfix-mysql
postfix-doc
Reading package lists... Done
Building dependency tree... Done
Note, selecting postfix instead of postfix-tls
The following extra packages will be installed:
openssl ssl-cert
Suggested packages:
ca-certificates postfix-pgsql postfix-ldap sasl2-bin libsasl2-modules resolvconf
postfix-cdb
The following packages will be REMOVED:
exim4-base exim4-config exim4-daemon-light
The following NEW packages will be installed:
openssl postfix postfix-doc postfix-mysql postfix-pcre ssl-cert
0 upgraded, 6 newly installed, 3 to remove and 0 not upgraded.
Need to get 2943kB of archives.
After unpacking 4231kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id etch/main openssl 0.9.8c-4etch1 [1001kB]
Get:2 http://debian.indika.net.id etch/main ssl-cert 1.0.14 [11.1kB]
Get:3 http://debian.indika.net.id etch/main postfix 2.3.8-2+b1 [1089kB]
Get:4 http://debian.indika.net.id etch/main postfix-doc 2.3.8-2 [766kB]
Get:5 http://debian.indika.net.id etch/main postfix-mysql 2.3.8-2+b1 [38.2kB]
Get:6 http://debian.indika.net.id etch/main postfix-pcre 2.3.8-2+b1 [37.9kB]
Fetched 2943kB in 1s (2034kB/s)
Preconfiguring packages ...
dpkg: exim4-base: dependency problems, but removing anyway as you request:
exim4-daemon-light depends on exim4-base (>= 4.63).
(Reading database ... 23915 files and directories currently installed.)
Removing exim4-base ...
Stopping MTA:.
Removing exim4-config ...
dpkg: exim4-daemon-light: dependency problems, but removing anyway as you request:
at depends on mail-transport-agent; however:
Package mail-transport-agent is not installed.
Package exim4-daemon-light which provides mail-transport-agent is to be removed.
mailx depends on exim4 | mail-transport-agent; however:
Package exim4 is not installed.
Package mail-transport-agent is not installed.
Package exim4-daemon-light which provides mail-transport-agent is to be removed.
mutt depends on exim4 | mail-transport-agent; however:
Package exim4 is not installed.
Package mail-transport-agent is not installed.
Package exim4-daemon-light which provides mail-transport-agent is to be removed.
Removing exim4-daemon-light ...
Stopping MTA:.
Selecting previously deselected package openssl.
(Reading database ... 23781 files and directories currently installed.)
Unpacking openssl (from .../openssl_0.9.8c-4etch1_i386.deb) ...
Creating directory /etc/ssl
Selecting previously deselected package ssl-cert.
Unpacking ssl-cert (from .../ssl-cert_1.0.14_all.deb) ...
Selecting previously deselected package postfix.
Unpacking postfix (from .../postfix_2.3.8-2+b1_i386.deb) ...
Selecting previously deselected package postfix-doc.
Unpacking postfix-doc (from .../postfix-doc_2.3.8-2_all.deb) ...
Selecting previously deselected package postfix-mysql.
Unpacking postfix-mysql (from .../postfix-mysql_2.3.8-2+b1_i386.deb) ...
Selecting previously deselected package postfix-pcre.
Unpacking postfix-pcre (from .../postfix-pcre_2.3.8-2+b1_i386.deb) ...
Setting up openssl (0.9.8c-4etch1) ...
Setting up ssl-cert (1.0.14) ...
Setting up postfix (2.3.8-2+b1) ...
Adding group `postfix' (GID 106) ...
Done.
Adding system user `postfix' (UID 107) ...
Adding new user `postfix' (UID 107) with group `postfix' ...
Not creating home directory `/var/spool/postfix'.
Creating /etc/postfix/dynamicmaps.cf
Adding tcp map entry to /etc/postfix/dynamicmaps.cf
Adding group `postdrop' (GID 107) ...
Done.
setting myhostname: mail-server
setting alias maps
setting alias database
setting myorigin
setting destinations: mail-server.xxxxxxxxx, mail-server, localhost.localdomain,
localhost
setting relayhost:
setting mynetworks: 127.0.0.0/8
setting mailbox_command
setting mailbox_size_limit: 0
setting recipient_delimiter: +
setting inet_interfaces: all
Postfix is now set up with a default configuration. If you need to make
changes, edit
/etc/postfix/main.cf (and others) as needed. To view Postfix configuration
values, see postconf(1).
After modifying main.cf, be sure to run '/etc/init.d/postfix reload'.
Running newaliases
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Setting up postfix-doc (2.3.8-2) ...
Setting up postfix-mysql (2.3.8-2+b1) ...
Adding mysql map entry to /etc/postfix/dynamicmaps.cf
Setting up postfix-pcre (2.3.8-2+b1) ...
Adding pcre map entry to /etc/postfix/dynamicmaps.cf
Konfigurasi Postfix dilakukan dengan mengedit file main.cf yang terletak di
direktori /etc/postfix/.
mail-server:/home/gtoms# cd /etc/postfix
mail-server:/etc/postfix# ls
dynamicmaps.cf main.cf master.cf postfix-files postfix-script post-install sasl
mail-server:/etc/postfix# cp main.cf main.cfasli
mail-server:/etc/postfix# nano main.cf
sesuaikan dengan keinginan kita.
Agar dapat mendukung aplikasi MySQL, maka harus dibuat file yang memberitahukan
Postfix di mana informasi tersimpan dalam database. Format dari file tersebut
dapat dilihat di bawah ini :
user = <nama user untuk mengakses MySQL>
password = <password dari user untuk mengakses MySQL>
dbname = <nama database yang akan diakses Postfix>
table = <nama tabel yang akan diakses Postfix>
select_field = <field pemetaan>
where_field = <field yang akan dipetakan>
hosts = <nama host di mana MySQL dijalankan>
Pada mail server ini, dibutuhkan 4 buah file pemetaan. Yang pertama adalah untuk
memetakan virtual domain ke string ‘virtual’. Hal ini dibutuhkan
untuk mengisi variabel $virtual_mailbox_domain. Yang kedua adalah file yang
akan memetakan dari field nama penggunakan ke direktori maildir. Yang ketiga
adalah file yang akan memetakan nama alias suatu domain, dan yang keempat adalah
file yang akan memetakan mailing list. Untuk memudahkan pengaturan file, semua
file tersebut ditaruh pada direktori /etc/postfix/mysql.cf.
mail-server:/etc/postfix# mkdir /etc/postfix/mysql.cf
mail-server:/etc/postfix# cd mysql.cf
mail-server:/etc/postfix/mysql.cf# ls
mail-server:/etc/postfix/mysql.cf# nano mysql-virtual_alias.cf
mail-server:/etc/postfix/mysql.cf# nano mysql-virtual_domain_alias.cf
mail-server:/etc/postfix/mysql.cf# nano mysql-virtual_domains.cf
mail-server:/etc/postfix/mysql.cf# nano mysql-virtual_mailboxes.cf
mail-server:/etc/postfix/mysql.cf# nano mysql-virtual_mailboxes_quota.cf
mail-server:/etc/postfix/mysql.cf# ls
mysql-virtual_alias.cf mysql-virtual_domain_alias.cf mysql-virtual_domains.cf
mysql-virtual_mailboxes.cf mysql-virtual_mailboxes_quota.cf
mail-server:/etc/postfix/mysql.cf# cd ..
mail-server:/etc/postfix# nano main.cf
sesuaikan dengan konfigurasi mailserver lama tanpa amavisd-new, yang digantikan
dengan postgrey.
mail-server:/etc/postfix# nano master.cf
sesuaikan dengan konfigurasi mailserver lama, hati-hati ada bagian yang berubah
sesuaikan dengan settingan postfix terbarudi mailserver baru ini.
mail-server:/home/gtoms# postconf -d | grep mail_version
mail_version = 2.3.8
milter_macro_v = $mail_name $mail_version
Ingin melihat isi main.cf dan master.cf saya? bisa email ke henry at gultom
dot or dot id
Agar dapat mendukung TLS (Transport Layer Security), dibutuhkan sertifikat SSL
(Secure Socket Layer). Sertifikat SSL didapat dengan menggunakan perintah openssl.
Kerugian mendapatkan sertifikat SSL dengan menggunakan perintah openssl dibandingkan
dengan mendapatkannya dari CA (Certificate Authority) adalah aplikasi mail klien
tidak mengenal CA yang dibuat dengan menggunakan perintah openssl dan akan mengeluarkan
peringatan ke pengguna. Untuk memudahkan pengaturan file, maka semua file yang
berhubungan dengan TLS diletakkan pada direktori /etc/postfix/sasl.
mail-server:/etc/postfix# mkdir /etc/postfix/sasl
mail-server:/etc/postfix# cd sasl
mail-server:/etc/postfix/sasl# ls
mail-server:/etc/postfix/sasl# openssl req -new -outform PEM -out /etc/postfix/sasl/smtpd.cert
-newkey rsa:2048 \
> -nodes -keyout /etc/postfix/sasl/smtpd.key -keyform PEM -days 3650 -x509
Generating a 2048 bit RSA private key
.......skip...............+++
............+++
writing new private key to '/etc/postfix/sasl/smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
....skip................
......................
Tambahkan pada /etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/sasl/smtpd.cert
smtpd_tls_key_file = /etc/postfix/sasl/smtpd.key
smtpd_tls_loglevel = 4
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
POP-Before-SMTP adalah aplikasi menyediakan layanan otentikasi bagi pengguna
SMTP Server tertentu. Pengguna harus terlebih dahulu melakukan proses otentikasi
ke POP3 Server.
mail-server:/home/gtoms# apt-get install pop-before-smtp
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
libnet-netmask-perl libtimedate-perl
Suggested packages:
imap-server pop3-server
The following NEW packages will be installed:
libnet-netmask-perl libtimedate-perl pop-before-smtp
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 108kB of archives.
After unpacking 549kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id etch/main libnet-netmask-perl 1.9012-2 [23.3kB]
Get:2 http://debian.indika.net.id etch/main libtimedate-perl 1.1600-5 [32.7kB]
Get:3 http://debian.indika.net.id etch/main pop-before-smtp 1.41-1 [52.3kB]
Fetched 108kB in 0s (643kB/s)
Selecting previously deselected package libnet-netmask-perl.
(Reading database ... 24617 files and directories currently installed.)
Unpacking libnet-netmask-perl (from .../libnet-netmask-perl_1.9012-2_all.deb)
...
Selecting previously deselected package libtimedate-perl.
Unpacking libtimedate-perl (from .../libtimedate-perl_1.1600-5_all.deb) ...
Selecting previously deselected package pop-before-smtp.
Unpacking pop-before-smtp (from .../pop-before-smtp_1.41-1_all.deb) ...
After starting pop-before-smtp, be sure that your MTA is setup to
use the /var/lib/pop-before-smtp/hosts db file in its config.
(Read /usr/share/doc/pop-before-smtp/README.Debian for more info.)
Setting up libnet-netmask-perl (1.9012-2) ...
Setting up libtimedate-perl (1.1600-5) ...
Setting up pop-before-smtp (1.41-1) ...
Starting pop-before-smtp: done.
Tinggal edit isi /etc/pop-before-smtp/pop-before-smtp.conf sesuaikan dengan
pola log pada vpopmail.
Tambahkan pada /etc/postfix/main.cf :
check_client_access hash:/var/lib/pop-before-smtp/hosts
Untuk membasmi spam digunakan Postgrey :
mail-server:/etc/postfix# apt-get install postgrey
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
libdigest-hmac-perl libnet-dns-perl libnet-ip-perl
Recommended packages:
libnet-rblclient-perl
The following NEW packages will be installed:
libdigest-hmac-perl libnet-dns-perl libnet-ip-perl postgrey
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 335kB of archives.
After unpacking 1200kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id etch/main libdigest-hmac-perl 1.01-5 [10.0kB]
Get:2 http://debian.indika.net.id etch/main libnet-ip-perl 1.25-2 [30.2kB]
Get:3 http://debian.indika.net.id etch/main libnet-dns-perl 0.59-1 [251kB]
Get:4 http://debian.indika.net.id etch/main postgrey 1.27-4 [43.7kB]
Fetched 335kB in 0s (1697kB/s)
Selecting previously deselected package libdigest-hmac-perl.
(Reading database ... 26114 files and directories currently installed.)
Unpacking libdigest-hmac-perl (from .../libdigest-hmac-perl_1.01-5_all.deb)
...
Selecting previously deselected package libnet-ip-perl.
Unpacking libnet-ip-perl (from .../libnet-ip-perl_1.25-2_all.deb) ...
Selecting previously deselected package libnet-dns-perl.
Unpacking libnet-dns-perl (from .../libnet-dns-perl_0.59-1_i386.deb) ...
Selecting previously deselected package postgrey.
Unpacking postgrey (from .../postgrey_1.27-4_all.deb) ...
Setting up libdigest-hmac-perl (1.01-5) ...
Setting up libnet-ip-perl (1.25-2) ...
Setting up libnet-dns-perl (0.59-1) ...
Setting up postgrey (1.27-4) ...
File yang perlu diedit :
mail-server:/etc/postfix#nano /etc/default/postgrey
POSTGREY_OPTS="--inet=127.0.0.1:60000"
ganti menjadi :
POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=60"
Untuk menjalankannya :
mail-server:/etc/postfix#/etc/init.d/postgrey start
Postgrey policy service running dengan port 60000.
Bisa juga mengatur sendiri isi dari :
/etc/postgrey/whitelist_clients
/etc/postgrey/whitelist_clients.local
/etc/postgrey/whitelist_recipients
/etc/postgrey/whitelist_recipients.local
Untuk mengintegrasikan ke postfix masukkan check_policy_service inet:127.0.0.1:60000
pada /etc/postfix/main.cf lalu jangan lupa postfix reload.
Instalasi webserver apache dan php yang digunakan untuk webmail, vqadmin, change
password, mailgraph web based.
mail-server:/home/gtoms# apt-get install apache2 apache2-doc apache2-mpm-prefork
apache2-utils libexpat1 ssl-cert
Reading package lists... Done
Building dependency tree... Done
ssl-cert is already the newest version.
The following extra packages will be installed:
apache2.2-common libapr1 libaprutil1 libsqlite3-0
The following NEW packages will be installed:
apache2 apache2-doc apache2-mpm-prefork apache2-utils apache2.2-common libapr1
libaprutil1 libexpat1 libsqlite3-0
0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
Need to get 4411kB of archives.
After unpacking 16.3MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id etch/main libapr1 1.2.7-8.2 [109kB]
Get:2 http://debian.indika.net.id etch/main libexpat1 1.95.8-3.4 [62.9kB]
Get:3 http://debian.indika.net.id etch/main libsqlite3-0 3.3.8-1.1 [194kB]
Get:4 http://debian.indika.net.id etch/main libaprutil1 1.2.7+dfsg-2 [68.5kB]
Get:5 http://debian.indika.net.id etch/main apache2-utils 2.2.3-4+etch4 [342kB]
Get:6 http://debian.indika.net.id etch/main apache2.2-common 2.2.3-4+etch4 [964kB]
Get:7 http://debian.indika.net.id etch/main apache2-mpm-prefork 2.2.3-4+etch4
[420kB]
Get:8 http://debian.indika.net.id etch/main apache2 2.2.3-4+etch4 [41.4kB]
Get:9 http://debian.indika.net.id etch/main apache2-doc 2.2.3-4+etch4 [2209kB]
Fetched 4411kB in 3s (1465kB/s)
Selecting previously deselected package libapr1.
(Reading database ... 26291 files and directories currently installed.)
Unpacking libapr1 (from .../libapr1_1.2.7-8.2_i386.deb) ...
Selecting previously deselected package libexpat1.
Unpacking libexpat1 (from .../libexpat1_1.95.8-3.4_i386.deb) ...
Selecting previously deselected package libsqlite3-0.
Unpacking libsqlite3-0 (from .../libsqlite3-0_3.3.8-1.1_i386.deb) ...
Selecting previously deselected package libaprutil1.
Unpacking libaprutil1 (from .../libaprutil1_1.2.7+dfsg-2_i386.deb) ...
Selecting previously deselected package apache2-utils.
Unpacking apache2-utils (from .../apache2-utils_2.2.3-4+etch4_i386.deb) ...
Selecting previously deselected package apache2.2-common.
Unpacking apache2.2-common (from .../apache2.2-common_2.2.3-4+etch4_i386.deb)
...
Selecting previously deselected package apache2-mpm-prefork.
Unpacking apache2-mpm-prefork (from .../apache2-mpm-prefork_2.2.3-4+etch4_i386.deb)
...
Selecting previously deselected package apache2.
Unpacking apache2 (from .../apache2_2.2.3-4+etch4_all.deb) ...
Selecting previously deselected package apache2-doc.
Unpacking apache2-doc (from .../apache2-doc_2.2.3-4+etch4_all.deb) ...
Setting up libapr1 (1.2.7-8.2) ...
Setting up libexpat1 (1.95.8-3.4) ...
Setting up libsqlite3-0 (3.3.8-1.1) ...
Setting up libaprutil1 (1.2.7+dfsg-2) ...
Setting up apache2-utils (2.2.3-4+etch4) ...
Setting up apache2.2-common (2.2.3-4+etch4) ...
Setting Apache2 to Listen on port 80. If this is not desired, please edit /etc/apache2/ports.conf
as desired. Note that the Port directive no longer works.
Module alias installed; run /etc/init.d/apache2 force-reload to enable.
Module autoindex installed; run /etc/init.d/apache2 force-reload to enable.
Module dir installed; run /etc/init.d/apache2 force-reload to enable.
Module env installed; run /etc/init.d/apache2 force-reload to enable.
Module mime installed; run /etc/init.d/apache2 force-reload to enable.
Module negotiation installed; run /etc/init.d/apache2 force-reload to enable.
Module setenvif installed; run /etc/init.d/apache2 force-reload to enable.
Module status installed; run /etc/init.d/apache2 force-reload to enable.
Module auth_basic installed; run /etc/init.d/apache2 force-reload to enable.
Module authz_default installed; run /etc/init.d/apache2 force-reload to enable.
Module authz_user installed; run /etc/init.d/apache2 force-reload to enable.
Module authz_groupfile installed; run /etc/init.d/apache2 force-reload to enable.
Module authn_file installed; run /etc/init.d/apache2 force-reload to enable.
Module authz_host installed; run /etc/init.d/apache2 force-reload to enable.
Setting up apache2-mpm-prefork (2.2.3-4+etch4) ...
Starting web server (apache2)...apache2: Could not reliably determine the server's
fully qualified domain name, using 127.0.0.1 for ServerName
Setting up apache2 (2.2.3-4+etch4) ...
Setting up apache2-doc (2.2.3-4+etch4) ...
mail-server:/home/gtoms#
mail-server:/home/gtoms# apt-get install libapache2-mod-php5 php5 php5-common
php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-json
php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-ps php5-pspell
php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-cgi php5-cli
.......skip..................
........................
Creating config file /etc/php5/apache2/php.ini with new version
Forcing reload of web server (apache2)...apache2: Could not reliably determine
the server's fully qualified domain name, using 127.0.0.1 for ServerName
waiting apache2: Could not reliably determine the server's fully qualified domain
name, using 127.0.0.1 for ServerName
Setting up libaspell15 (0.60.4-4) ...
Setting up mlock (2002edebian1-13.1) ...
Setting up libc-client2002edebian (2002edebian1-13.1) ...
Setting up libfreetype6 (2.2.1-5+etch2) ...
Setting up libfontconfig1 (2.4.2-1.2) ...
Setting up libjpeg62 (6b-13) ...
Setting up libpng12-0 (1.2.15~beta5-1) ...
Setting up libxpm4 (3.5.5-2) ...
Setting up libgd2-xpm (2.0.33-5.2) ...
Setting up libjasper-1.701-1 (1.701.0-2) ...
Setting up liblcms1 (1.15-1) ...
Setting up libtiff4 (3.8.2-7) ...
Setting up libxext6 (1.0.1-2) ...
Setting up libmagick9 (6.2.4.5.dfsg1-0.14) ...
Setting up libmcrypt4 (2.5.7-5) ...
Setting up libmhash2 (0.9.7-1) ...
Setting up libungif4g (4.1.4-4) ...
Setting up libming0 (0.3.0-11) ...
Setting up librecode0 (3.6-12) ...
Setting up libsysfs2 (2.1.0-1) ...
Setting up libsensors3 (2.10.1-3) ...
udev active, devices will be created in /dev/.static/dev/
Setting up libsnmp-base (5.2.3-7etch2) ...
Setting up libsnmp9 (5.2.3-7etch2) ...
Setting up libssl-dev (0.9.8c-4etch1) ...
Setting up libt1-5 (5.1.0-2etch1) ...
Setting up libtidy-0.99-0 (20051018-1) ...
Setting up libtool (1.5.22-4) ...
Setting up libxslt1.1 (1.1.19-1) ...
Setting up php5-cli (5.2.0-8+etch10) ...
Creating config file /etc/php5/cli/php.ini with new version
Setting up php-pear (5.2.0-8+etch10) ...
Setting up php5-cgi (5.2.0-8+etch10) ...
Creating config file /etc/php5/cgi/php.ini with new version
Setting up php5 (5.2.0-8+etch10) ...
Setting up php5-curl (5.2.0-8+etch10) ...
Setting up shtool (2.0.1-2) ...
Setting up php5-dev (5.2.0-8+etch10) ...
Setting up php5-gd (5.2.0-8+etch10) ...
Setting up php5-idn (1.2-1+b1) ...
Setting up php5-imagick (0.9.11+1-4.1) ...
Setting up php5-imap (5.2.0-8+etch10) ...
Setting up php5-json (1.2.1-3.2) ...
Configure php.ini files.....
Setting up php5-mcrypt (5.2.0-8+etch10) ...
Setting up php5-memcache (2.0.1-1.1) ...
Configure php.ini files.....
Setting up php5-mhash (5.2.0-8+etch10) ...
Setting up php5-ming (0.3.0-11) ...
Setting up php5-mysql (5.2.0-8+etch10) ...
Setting up pslib1 (0.2.7-1) ...
Setting up php5-ps (1.3.4-4) ...
Setting up php5-pspell (5.2.0-8+etch10) ...
Setting up php5-recode (5.2.0-8+etch10) ...
Setting up php5-snmp (5.2.0-8+etch10) ...
Setting up php5-sqlite (5.2.0-8+etch10) ...
Setting up php5-tidy (5.2.0-8+etch10) ...
Setting up php5-xmlrpc (5.2.0-8+etch10) ...
Setting up php5-xsl (5.2.0-8+etch10) ...
mail-server:/home/gtoms#
vi /etc/apache2/mods-available/dir.conf
Edit /etc/apache2/ports.conf
.......skip.........
..........................
.......................
Apache tinggal diset virtual host dan port berapa aplikasi webmail,change password
dan vqadmin diletakkan.
Instalasi webmail menggunakan sqwebmail :
mail-server:/home/gtoms# apt-get install sqwebmail courier-authdaemon courier-authlib-mysql
courier-base courier-doc courier-maildrop courier-pcp
Reading package lists... Done
Building dependency tree... Done
courier-authdaemon is already the newest version.
courier-base is already the newest version.
The following extra packages will be installed:
expect tcl8.4
Suggested packages:
expectk tclreadline
The following NEW packages will be installed:
courier-authlib-mysql courier-doc courier-maildrop courier-pcp expect sqwebmail
tcl8.4
0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.
Need to get 3637kB of archives.
After unpacking 10.4MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id etch/main courier-authlib-mysql 0.58-4 [18.2kB]
Get:2 http://debian.indika.net.id etch/main courier-doc 0.53.3-5 [351kB]
Get:3 http://debian.indika.net.id etch/main courier-maildrop 0.53.3-5 [943kB]
Get:4 http://debian.indika.net.id etch/main tcl8.4 8.4.12-1.1 [1144kB]
Get:5 http://debian.indika.net.id etch/main expect 5.43.0-8 [314kB]
Get:6 http://debian.indika.net.id etch/main sqwebmail 0.53.3-5 [805kB]
Get:7 http://debian.indika.net.id etch/main courier-pcp 0.53.3-5 [61.4kB]
Fetched 3637kB in 2s (1701kB/s)
Preconfiguring packages ...
Selecting previously deselected package courier-authlib-mysql.
(Reading database ... 30766 files and directories currently installed.)
Unpacking courier-authlib-mysql (from .../courier-authlib-mysql_0.58-4_i386.deb)
...
Selecting previously deselected package courier-doc.
Unpacking courier-doc (from .../courier-doc_0.53.3-5_all.deb) ...
Selecting previously deselected package courier-maildrop.
Unpacking courier-maildrop (from .../courier-maildrop_0.53.3-5_i386.deb) ...
Selecting previously deselected package tcl8.4.
Unpacking tcl8.4 (from .../tcl8.4_8.4.12-1.1_i386.deb) ...
Selecting previously deselected package expect.
Unpacking expect (from .../expect_5.43.0-8_i386.deb) ...
Selecting previously deselected package sqwebmail.
Unpacking sqwebmail (from .../sqwebmail_0.53.3-5_i386.deb) ...
Selecting previously deselected package courier-pcp.
Unpacking courier-pcp (from .../courier-pcp_0.53.3-5_i386.deb) ...
Setting up courier-authlib-mysql (0.58-4) ...
Setting up courier-doc (0.53.3-5) ...
Setting up courier-maildrop (0.53.3-5) ...
Setting up tcl8.4 (8.4.12-1.1) ...
Setting up expect (5.43.0-8) ...
Setting up sqwebmail (0.53.3-5) ...
Starting Courier webmail daemon: done.
Setting up courier-pcp (0.53.3-5) ...
Untuk settingan design template skin sqwebmail saya dibantu teman satu kantor
yang jago design grafis Mr Jerry T.
Instalasi Vaqdmin yang merupakan aplikasi web yang diperuntukkan untuk memudahkan
pengaturan virtual domain. Vaqdmin membutuhkan vpopmail sebagai aplikasi penyedia
layanan virtual domain.
mail-server:/home/gtoms# tar zxvf vqadmin-2.3.2.tar.gz
mail-server:/home/gtoms# cd vqadmin-2.3.2
mail-server:/home/gtoms/vqadmin-2.3.2# ls
acconfig.h AUTHORS config.guess configure.in global.c INSTALL Makefile.am missing
stamp-h.in user.c
ACL BUGS config.h.in COPYING global.h install-sh Makefile.bak mkinstalldirs
TEMPLATE vqadmin.acl
acl.c cgi.c config.sub domain.c htaccess lang.c Makefile.in NEWS template.c
vqadmin.c
aclocal.m4 ChangeLog configure FAQ html LICENSE misc.c README TODO
mail-server:/home/gtoms/vqadmin-2.3.2# nano INSTALL
mail-server:/home/gtoms/vqadmin-2.3.2# ./configure
creating cache ./config.cache
checking for a BSD compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking whether make sets ${MAKE}... yes
checking for working aclocal... found
checking for working autoconf... found
checking for working automake... found
checking for working autoheader... found
checking for working makeinfo... found
checking host system type... i686-unknown-linux
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking for ranlib... ranlib
checking for strerror in -lcposix... no
checking how to run the C preprocessor... gcc -E
checking for AIX... no
yes
checking for dirent.h that defines DIR... yes
checking for opendir in -ldir... no
checking for ANSI C header files... yes
checking for unistd.h... yes
checking for working const... yes
checking for size_t... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for crypt in -lcrypt... yes
checking for floor in -lm... yes
checking for compress in -lz... yes
updating cache ./config.cache
creating ./config.status
creating Makefile
creating config.h
Current settings
---------------------------------------
vpopmail directory = /home/vpopmail
uid = 65010
gid = 60002
cgi-bin dir = /var/www/cgi-bin
vqadmin dir = /var/www/cgi-bin/vqadmin
mail-server:/home/gtoms/vqadmin-2.3.2#
mail-server:/home/gtoms/vqadmin-2.3.2# nano INSTALL
mail-server:/home/gtoms/vqadmin-2.3.2# make
make all-recursive
make[1]: Entering directory `/home/gtoms/vqadmin-2.3.2'
make[2]: Entering directory `/home/gtoms/vqadmin-2.3.2'
gcc -I. -I/home/vpopmail/include -g -O2 -Wall -c vqadmin.c
gcc -I. -I/home/vpopmail/include -g -O2 -Wall -c cgi.c
gcc -I. -I/home/vpopmail/include -g -O2 -Wall -c template.c
gcc -I. -I/home/vpopmail/include -g -O2 -Wall -c global.c
gcc -I. -I/home/vpopmail/include -g -O2 -Wall -c acl.c
gcc -I. -I/home/vpopmail/include -g -O2 -Wall -c misc.c
gcc -I. -I/home/vpopmail/include -g -O2 -Wall -c domain.c
gcc -I. -I/home/vpopmail/include -g -O2 -Wall -c lang.c
gcc -I. -I/home/vpopmail/include -g -O2 -Wall -c user.c
gcc -g -O2 -Wall -o vqadmin vqadmin.o cgi.o template.o global.o acl.o misc.o
domain.o lang.o user.o -L/home/vpopmail/lib -lvpopmail -L/usr/lib -lmysqlclient
-lz -lm -lcrypt -lz -lm -lcrypt
make[2]: Leaving directory `/home/gtoms/vqadmin-2.3.2'
make[1]: Leaving directory `/home/gtoms/vqadmin-2.3.2'
mail-server:/home/gtoms/vqadmin-2.3.2# make install-strip
make AM_INSTALL_PROGRAM_FLAGS=-s install
make[1]: Entering directory `/home/gtoms/vqadmin-2.3.2'
make[2]: Entering directory `/home/gtoms/vqadmin-2.3.2'
make[3]: Entering directory `/home/gtoms/vqadmin-2.3.2'
/bin/sh ./mkinstalldirs /usr/local/bin
/usr/bin/install -c -s vqadmin /usr/local/bin/vqadmin
/bin/sh ./mkinstalldirs /var/www/cgi-bin
/bin/sh ./mkinstalldirs /var/www/cgi-bin/vqadmin
mkdir /var/www/cgi-bin/vqadmin
/bin/sh ./mkinstalldirs /var/www/cgi-bin/vqadmin/html
mkdir /var/www/cgi-bin/vqadmin/html
cp vqadmin /var/www/cgi-bin/vqadmin/vqadmin.cgi
strip /var/www/cgi-bin/vqadmin/vqadmin.cgi
cp -R html/* /var/www/cgi-bin/vqadmin/html
cp -R html/en /var/www/cgi-bin/vqadmin/html/en-us
if test -f /var/www/cgi-bin/vqadmin/vqadmin.acl ; then \
echo "vqadmin.acl file already in place" ; \
else \
cp vqadmin.acl /var/www/cgi-bin/vqadmin ; \
fi
chown vpopmail /var/www/cgi-bin/vqadmin
chgrp vchkpw /var/www/cgi-bin/vqadmin
chown -R vpopmail /var/www/cgi-bin/vqadmin/*
chgrp -R vchkpw /var/www/cgi-bin/vqadmin/*
chown root /var/www/cgi-bin/vqadmin/vqadmin.cgi
chgrp `id -g root` /var/www/cgi-bin/vqadmin/vqadmin.cgi
chmod u+s,g+s /var/www/cgi-bin/vqadmin/vqadmin.cgi
chmod 755 /var/www/cgi-bin/vqadmin
chmod 755 /var/www/cgi-bin/vqadmin/html
if test -f /var/www/cgi-bin/vqadmin/.htaccess ; then \
echo ".htaccess file already in place" ; \
else \
cp htaccess /var/www/cgi-bin/vqadmin/.htaccess ; \
fi
chown nobody /var/www/cgi-bin/vqadmin/.htaccess
chmod u+rw /var/www/cgi-bin/vqadmin/.htaccess
chmod go+r /var/www/cgi-bin/vqadmin/.htaccess
make[3]: Leaving directory `/home/gtoms/vqadmin-2.3.2'
make[2]: Leaving directory `/home/gtoms/vqadmin-2.3.2'
make[1]: Leaving directory `/home/gtoms/vqadmin-2.3.2'
mail-server:/home/gtoms/vqadmin-2.3.2#
Tambahkan htaccess dan htpasswd untuk direktori letak vqadmin.
Fail2ban merupakan add on saja dalam mailserver ini, tetapi fungsinya penting
unuk menghalau brute force atach pada ssh,ftp,email,apache, fail2ban lebih powerfull
dibanding denyhosts yang cukup populer juga.
mail-server:/etc/postfix/mysql.cf# apt-get install fail2ban
Reading package lists... Done
Building dependency tree... Done
Suggested packages:
python-gamin
The following NEW packages will be installed:
fail2ban
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 63.6kB of archives.
After unpacking 500kB of additional disk space will be used.
Get:1 http://debian.indika.net.id etch/main fail2ban 0.7.5-2etch1 [63.6kB]
Fetched 63.6kB in 9s (6606B/s)
Selecting previously deselected package fail2ban.
(Reading database ... 31256 files and directories currently installed.)
Unpacking fail2ban (from .../fail2ban_0.7.5-2etch1_all.deb) ...
Setting up fail2ban (0.7.5-2etch1) ...
mail-server:/etc/postfix/mysql.cf# nano /etc/fail2ban.conf
mail-server:/etc/fail2ban# tail -f /var/log/fail2ban.log
2008-03-10 01:01:10,025 fail2ban.actions.action: INFO Set actionBan = iptables
-I fail2ban-<name> 1 -s <ip> -j DROP
2008-03-10 01:01:10,026 fail2ban.actions.action: INFO Set actionStop = iptables
-D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2008-03-10 01:01:10,026 fail2ban.actions.action: INFO Set actionStart = iptables
-N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2008-03-10 01:01:10,027 fail2ban.actions.action: INFO Set actionUnban = iptables
-D fail2ban-<name> -s <ip> -j DROP
2008-03-10 01:01:10,027 fail2ban.actions.action: INFO Set actionCheck = iptables
-n -L INPUT | grep -q fail2ban-<name>
2008-03-10 01:01:13,393 fail2ban.actions: WARNING [ssh] Ban 220.200.113.26
Ini software tambahan untuk memonitor mailserver :
mail-server:/home/gtoms# apt-get install rrdtool mailgraph
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
libart-2.0-2 libfile-tail-perl librrd2 librrds-perl
The following NEW packages will be installed:
libart-2.0-2 libfile-tail-perl librrd2 librrds-perl mailgraph rrdtool
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 898kB of archives.
After unpacking 2265kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id etch/main libart-2.0-2 2.3.17-1 [61.3kB]
Get:2 http://debian.indika.net.id etch/main libfile-tail-perl 0.98-5 [19.7kB]
Get:3 http://debian.indika.net.id etch/main librrd2 1.2.15-0.3 [256kB]
Get:4 http://debian.indika.net.id etch/main librrds-perl 1.2.15-0.3 [41.6kB]
Get:5 http://debian.indika.net.id etch/main mailgraph 1.12-2.1 [22.5kB]
Get:6 http://debian.indika.net.id etch/main rrdtool 1.2.15-0.3 [497kB]
Fetched 898kB in 0s (1458kB/s)
Preconfiguring packages ...
Selecting previously deselected package libart-2.0-2.
(Reading database ... 31341 files and directories currently installed.)
Unpacking libart-2.0-2 (from .../libart-2.0-2_2.3.17-1_i386.deb) ...
Selecting previously deselected package libfile-tail-perl.
Unpacking libfile-tail-perl (from .../libfile-tail-perl_0.98-5_all.deb) ...
Selecting previously deselected package librrd2.
Unpacking librrd2 (from .../librrd2_1.2.15-0.3_i386.deb) ...
Selecting previously deselected package librrds-perl.
Unpacking librrds-perl (from .../librrds-perl_1.2.15-0.3_i386.deb) ...
Selecting previously deselected package mailgraph.
Unpacking mailgraph (from .../mailgraph_1.12-2.1_all.deb) ...
Selecting previously deselected package rrdtool.
Unpacking rrdtool (from .../rrdtool_1.2.15-0.3_i386.deb) ...
Setting up libart-2.0-2 (2.3.17-1) ...
Setting up libfile-tail-perl (0.98-5) ...
Setting up librrd2 (1.2.15-0.3) ...
Setting up librrds-perl (1.2.15-0.3) ...
Setting up mailgraph (1.12-2.1) ...
Starting Postfix Mail Statistics: mailgraph.
Setting up rrdtool (1.2.15-0.3) ...
mail-server:/home/gtoms#
mail-server:/home/gtoms# dpkg-reconfigure mailgraph
Stopping Postfix Mail Statistics: mailgraph.
mail-server:/home/gtoms#
Contoh hasil mailgraph :
Ini software tambahan untuk memonitor mailserver :
mail-server:/var/www/cgi-bin# apt-get install pflogsumm
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
libbit-vector-perl libcarp-clan-perl libdate-calc-perl
The following NEW packages will be installed:
libbit-vector-perl libcarp-clan-perl libdate-calc-perl pflogsumm
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 459kB of archives.
After unpacking 1425kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id etch/main libcarp-clan-perl 5.8-1 [14.0kB]
Get:2 http://debian.indika.net.id etch/main libbit-vector-perl 6.4-5 [146kB]
Get:3 http://debian.indika.net.id etch/main libdate-calc-perl 5.4-5 [248kB]
Get:4 http://debian.indika.net.id etch/main pflogsumm 1.1.0-3 [51.3kB]
Fetched 459kB in 0s (1746kB/s)
Selecting previously deselected package libcarp-clan-perl.
(Reading database ... 31516 files and directories currently installed.)
Unpacking libcarp-clan-perl (from .../libcarp-clan-perl_5.8-1_all.deb) ...
Selecting previously deselected package libbit-vector-perl.
Unpacking libbit-vector-perl (from .../libbit-vector-perl_6.4-5_i386.deb) ...
Selecting previously deselected package libdate-calc-perl.
Unpacking libdate-calc-perl (from .../libdate-calc-perl_5.4-5_i386.deb) ...
Selecting previously deselected package pflogsumm.
Unpacking pflogsumm (from .../pflogsumm_1.1.0-3_all.deb) ...
Setting up libcarp-clan-perl (5.8-1) ...
Setting up libbit-vector-perl (6.4-5) ...
Setting up libdate-calc-perl (5.4-5) ...
Setting up pflogsumm (1.1.0-3) ...
mail-server:/var/www/cgi-bin#
mail-server:/var/www/cgi-bin# nano /etc/logrotate.conf
mail-server:/var/www/cgi-bin# cd /usr/local/sbin/
mail-server:/usr/local/sbin# ls
mail-server:/usr/local/sbin# ls -al
total 8
drwxrwsr-x 2 root staff 4096 2008-03-02 09:48 .
drwxr-sr-x 11 root staff 4096 2008-03-06 20:43 ..
mail-server:/usr/local/sbin# nano /usr/local/sbin/postfix_report.sh
mail-server:/usr/local/sbin# chmod 755 /usr/local/sbin/postfix_report.sh
mail-server:/usr/local/sbin# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
mail-server:/usr/local/sbin#
Contoh kiriman email dari pflogsumm@localhost :
From: pflogsumm@localhost
To: gultom@xxxxxxx.xx.xx
Received: from www.xxx.xx.x ([202.x.xyz.xx])
Message-Id: <20080315000114.37F758832B@xxx.xxxx.xx.x>
Date: Sat, 15 Mar 2008 07:00:10 +0700 (WIT)
Grand Totals
------------
messages
10531 received
7878 delivered
0 forwarded
160 deferred (1804 deferrals)
3962 bounced
114671 rejected (93%)
0 reject warnings
0 held
0 discarded (0%)
572m bytes received
878m bytes delivered
3235 senders
2671 sending hosts/domains
1689 recipients
589 recipient hosts/domains
Per-Day Traffic Summary
date received delivered deferred bounced rejected
--------------------------------------------------------------------
Mar 14 2008 9089 7284 1333 3150 76260
Mar 15 2008 1442 594 471 812 38411
.....skip............
....................
Contoh log tail -f /var/log/mail.log
Mar 22 10:59:19 mail-server postfix/smtpd[5602]: NOQUEUE: reject: RCPT from
unknown[220.90.61.225]: 554 5.5.2 <a????.kornet>: Helo command rejected:
Invalid name; from=<hacking@petawawaremax.com> to=<caska@xxxxxxxx.net>
proto=ESMTP helo=<a????.kornet>
Mar 22 10:59:19 mail-server postfix/smtpd[5602]: lost connection after DATA
from unknown[220.90.61.225]
Mar 22 10:59:19 mail-server postfix/smtpd[5602]: disconnect from unknown[220.90.61.225]
Mar 22 10:59:20 mail-server postfix/smtpd[5594]: NOQUEUE: reject: RCPT from
p1221-ipbf09matuyama.ehime.ocn.ne.jp[222.148.156.221]: 450 4.7.1 <deddi@xxxx.net>:
Recipient address rejected: Greylisted, see http://isg.ee.ethz.ch/tools/postgrey/help/namadomainkantor.net.html;
from=<dougva@ncweb.com> to=<deddi@xxxx.net> proto=ESMTP helo=<p1221-ipbf09matuyama.ehime.ocn.ne.jp>
Mar 22 10:59:20 mail-server postfix/smtpd[5594]: lost connection after DATA
from p1221-ipbf09matuyama.ehime.ocn.ne.jp[222.148.156.221]
Mar 22 10:59:20 mail-server postfix/smtpd[5594]: disconnect from p1221-ipbf09matuyama.ehime.ocn.ne.jp[222.148.156.221]
Mar 22 11:02:15 mail-server vpopmail[5687]: vchkpw-pop3: (PLAIN) login success
renata@xxxxxx.net.id:202.xxx.xxx.xx
Mar 22 11:05:00 mail-server postfix/virtual[5718]: 3125C882F7: to=<renata@xxxxxx.net.id>,
orig_to=<renata@xxxxxx.net>, relay=virtual, delay=2.8, delays=2.7/0/0/0.02,
dsn=2.0.0, status=sent (delivered to maildir)
Dokumentasi picture instalasi diambil menggunakan camera hp nokia e61i :
![]() |
![]() |
![]() |
![]() |
Disclaimer:
******************************************************
This website was created for the author's personal use and entertainment. There is absolutely no warranty. Use entirely at your own risk.
Any information contained herein is freely available elsewhere and simply reinterpreted, or more likely misinterpreted, and cannot be assumed to be accurate. There are mistakes in this website and there may or may not be any effort to correct those mistakes in the future.
The author accepts no responsibility for any loss or damage caused by the use, lack of use, or misuse, of information contained in this website.
Where links are provided to other websites, the author accepts no responsibility and shall not be liable, either directly or indirectly for the content, legality, accuracy, reliability, suitability, quality or decency of content, information, product, advice or services provided by and contained in those sites.
Downloading any information from the Internet is done at your own risk, and the risk can be substantial. You knew that, right?
All trademarks are the property of their respective owners.
Henry Gultom
henry at gultom dot or dot id
MAR 24 2008