Skip to content

sysadmin

iSCSI+LVM: Automatically Enable Volume Group Contain iSCSI Disk Physical Volume

When using iSCSI and LVM, sometimes we have to manually enable iSCSI disk that used as a physical volume in LVM. This is because LVM service is started earlier than iSCSI service so the iSCSI disk containing the physical volume is not present yet. Solution to this problem is to enable lvmetad in /etc/lvm/lvm.conf. The lvmetad is "LVM metadata daemon" that acts as in-memory cache of LVM metadata gathered from devices as they appear in the system. Whenever a block device appears and has PV label on it, it is automatically scanned via an udev rule. This update the lvmetad daemon with the LVM metadata found. Once the VG is complete (all the PVs making up the VG are present), the VG is activated. The lvmetad daemon is required for this LVM event-based autoactivation to work and the iSCSI disk must be present in the system after boot time.

enable lvmetad in lvm.conf
use_lvmetad = 1

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=474833

LVM: Adding New Physical Volume to Volume Group

Linux LVM is a logical volume manager for Linux kernel. Logical volume manager provides method of allocation space in mass storage device that more flexible than traditional partitioning scheme. Logical volume manager can create, resize, and combine partitions, potentially without interrupting system. (Wikipedia)

schema: new device /dev/sda
1. create needed partitions, label them with 8e (Linux LVM)
# fdisk /dev/sda
2. format partitons
# mkfs.ext4 /dev/sda1
3. create physical volume
# pvcreate /dev/sda1
4. extend existing volume group
# vgextend VolGroup00 /dev/sdb1
5. extend existing logical volume
extend LogVol01 to 16GB
# lvextend -L 16G /dev/VolGroup00/LogVol01
adding 1GB to LogVol01
# lvextend -l+1G /dev/VolGroup00/LogVol01
6. resize logical volume to new size
# resize2fs /dev/VolGroup00/LogVol01
7. create new logical volume
create new logical volume with size 16GB
# lvcreate -L 16GB -n LogVol02 VolGroup00
create new logical volume with all free space
# lvcreate -l+100%FREE -n LogVol02 VolGroup00
8. format new logical volume
# mkfs.ext4 /dev/VolGroup00/LogVol02

Reference: http://sujithemmanuel.blogspot.com/2007/04/how-to-add-disk-to-lvm.html

SMTP: Debugging SMTP with TLS/SSL and Auth

SMTP use TLS/SSL to secure connection to server and AUTH so only authenticated user can use the SMTP service. This tutorial will show steps to debug SMTP TLS/SSL and AUTH from Linux/Unix terminal.

  1. encode your login information in base64, the following perl command which requires MIME::Base64 will do encoding
perl -MMIME::Base64 -e 'print encode_base64("\000your_username\000your_password")'
# example output
# AHlvdXJfdXNlcm5hbWUAeW91cl9wYXNzd29yZA==
  1. connect to smtp server
# normal non-secured SMTP
$ telnet smtp.yourdomain.com 25

# TLS connection, check STARTTLS support with EHLO command
$ telnet smtp.yourdomain.com 25

220 SMTP banner
EHLO smtp.yourdomain.com
250 SMTP banner
250-smtp.yourdomain.com
250-PIPELINING
250-SIZE 36360000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit

$ openssl s_client -starttls smtp -crlf -connect smtp.yourdomain.com:25

# SSL connection
$ openssl s_client -crlf -connect smtp.yourdomain.com:465
  1. check AUTH support with EHLO command
# Connect to secure SMTP using TLS or SSL
$ openssl s_client -starttls smtp -crlf -connect smtp.yourdomain.com:25
# Or
$ openssl s_client -crlf -connect smtp.yourdomain.com:465

EHLO smtp.yourdomain.com
250-smtp.yourdomain.com
250-PIPELINING
250-SIZE 36360000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
  1. use AUTH command to authenticate
# connect to secure SMTP using TLS or SSL
$ openssl s_client -starttls smtp -crlf -connect smtp.yourdomain.com:25
# OR
$ openssl s_client -crlf -connect smtp.yourdomain.com:465

HELO smtp.yourdomain.com
250 smtp.yourdomain.com
AUTH PLAIN AHlvdXJfdXNlcm5hbWUAeW91cl9wYXNzd29yZA==
235 2.7.0 Authentication successful
if failed
535 5.7.8 Error: authentication failed: authentication failure
  1. test sending message
$ openssl s_client -crlf -connect smtp.yourdomain.com:465

HELO smtp.yourdomain.com
250 smtp.yourdomain.com
AUTH PLAIN AHlvdXJfdXNlcm5hbWUAeW91cl9wYXNzd29yZA==
235 2.7.0 Authentication successful
MAIL FROM: <your_username@yourdomain.com>
250 2.1.0 OK
RCPT TO: <your_destination@domain.com>
250 2.1.5 OK
DATA
354 End data with <CR><LF>.<CR><LF>
From: Your Name <your_username@yourdomain.com>
To: Your Destination Name <your_destination@domain.com>
Subject: Your Email Subject
Your Email Content
.
250 2.0.0 Ok: queued as 6A4C1D5153E
quit
Connection closed by foreign host.
Reference: <https://qmail.jms1.net/test-auth.shtml>

Find A Virtual Machine by MAC Address with VSphere Client and PowerCLI

It is usual task to find someone computer by its MAC address when there is an issue related to his computer in the local network. The common case is IP conflict or network abuse. But, if the MAC Address shows that machine is one of many scattered VMware virtual machine out there, how do we find it?

vSphere Client

If you have an VMware ESX or ESXi server, vSphere Client is tool to manage your virtual machines from remote computer. But, vSphere Client cannot tell the MAC Address of virtual machines from version 10 or higher and to find virtual machine based on MAC Address we must open the virtual machine Setting one by one. It is still possible when there are few virtual, but it is exhausting when we have many virtual machine.

vSphere PowerCLI

There is alternative method by using vSphere PowerCLI, a command-line tools to manage virtual machines in conjunction with vSphere Client. You can install vSphere PowerCLI by referring to this page. To find the virtual machine based on its MAC Address, open vSphere PowerCLI. powercli1

Connect to your Virtual Machine Server (ESX or ESXI) by using command Connect-VIServer. powercli2

After pressing [Enter] twice, you will be presented by a logon window. powercli3

Login to your Virtual Machines Server. powercli4

Then you can find the virtual machine by its MAC Address using this command Get-VM | Get-NetworkAdapter | Where {$_.MacAddress -eq "AA:BB:CC:DD:EE:FF"} | Format-List powercli5

The highlighted one is the virtual machine name in your server. Good luck!

Reference

Finding a virtual machine in VMware vSphere by the MAC address

  • in sysadmin
  • 2 min read

Installing Zimbra Collaboration Server 8 FOSS on CentOS 6.5

Zimbra is a well known collaboration suite which includes email, calendaring, file sharing, activity streams, social communities and more. The most popular product from Zimbra is Zimbra Collaboration Server. Zimbra Collaboration Server comes with two version: Network Edition and Open Source Edition (FOSS). This documentation shows a simple way to install Zimbra Collaboration Server Open Source Edition in CentOS 6.5.

Zimbra Logo

Getting Started

Prepare the system

# yum update

Disable SELinux

# vi /etc/sysconfig/selinux
 SELINUXTYPE=disabled

Disable firewall

# service iptables stop
# service ip6tables stop
# chkconfig iptables off
# chkconfig ip6tables off

Disable postfix

# service postfix stop
# chkconfig postfix off

Edit hosts file

# vi /etc/hosts
 192.168.1.91 your.zimbra-domain.com

Install dependencies

# yum install nc wget nano make nc sudo sysstat libtool-ltdl glibc perl ntp

Edit ntp configuration file

# vi /etc/ntp.conf
 #server 3.centos.pool.ntp.org iburst
 server your.ntp-server.com iburst

Start ntpdate service

# service ntpdate start
# chkconfig ntpdate on

Make sure you have setup your NS records for your ZCS

your.zimbra-domain.com IN A  192.168.1.91
      IN MX 10 your.zimbra-domain.com

Zimbra Installation

Download zimbra collaboration server open source edition from here

# cd /tmp
# wget http://files2.zimbra.com/downloads/8.0.6_GA/zcs-8.0.6_GA_5922.RHEL6_64.20131203103705.tgz

Extract ZCS

# tar zxvf zcs-8.0.6_GA_5922.RHEL6_64.20131203103705.tgz

Install ZCS and follow the instructions

# cd zxvf zcs-8.0.6_GA_5922.RHEL6_64.20131203103705
# ./install.sh

Set http for web access

# su zimbra
$ zmtlsctl http
$ zmcontrol restart

Now you can access your new ZCS installation in http://your.zimbra-domain.com/.

  • in sysadmin
  • 2 min read

Installing Cacti on Scientific Linux 6.4

Cacti is a network graphic monitoring tools which used the potential of RRDTool. RRDTool is a data logging and graphing system for time series data. Cacti can show us a real time performance of network or servers which make this software become one of the most popular open source monitoring software. Cacti Logo

Getting Started

Always update your box before we install new software.

# yum update

Install dependencies for cacti.

# yum install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP php-mysql httpd

Then create database for cacti.

# mysql -uroot -p
mysql> create database cacti;
mysql> grant all privileges on cacti.* to cacti@localhost identified by 'password';
mysql> flush privileges;
mysql> quit

Install SNMPD

Install net-snmpd.

# yum install net-snmp-utils php-snmp net-snmp-libs

Edit net-snmpd config file snmpd.conf.

# vi /etc/snmp/snmpd.conf

com2sec local     localhost           public
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
view all    included  .1                               80
access MyRWGroup ""      any       noauth    exact  all    all    none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (configure /etc/snmp/snmp.local.conf)
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

Start snmpd.

# /etc/init.d/snmpd start
# chkconfig snmpd on

Install Cacti

Install cacti from EPEL Repository.

# yum --enablrepo=epel install cacti

Import cacti database.

# mysql -ucacti -p cacti < /usr/share/doc/cacti-*version*/cacti.sql

Then edit cacti configuration file db.php

# vi /etc/cacti/db.php

$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "password";
$database_port = "3306";

Configure cacti httpd configuration to allow cacti in your network.

# vi /etc/httpd/conf.d/cacti.conf

 Allow from 192.168.45.0/24

Restart httpd.

# service httpd restart

Uncomment cacti cronjob in cron directory.

# vi /etc/cron.d/cacti

*/5 * * * *     cacti   /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Then, run cacti installer by opening your cacti URL in web browser.

http://yourdomain/cacti

Follow the instruction and wait several moment while cacti gather the data from log files. Log in to cacti and check your graph.

Reference

http://www.cyberciti.biz/faq/fedora-rhel-install-cacti-monitoring-rrd-software/

  • in sysadmin
  • 2 min read

Installing Icinga on Scientific Linux 6.4

Icinga is a well-known server or network monitoring that runs in many Unix/Linux distribution. Server/Network monitoring is an essential part of Network Operations Center because by monitoring network engineers can always get the feedback and status from network and production servers. This is a simple documentation of Icinga installation in Scientific Linux 6.4 server.

Getting started

Before we install icinga, it best to keep our system updated.

# yum update

Search icinga package using yum search in RPMForge repository.

# yum --enablerepo=rpmforge search icinga
Loaded plugins: priorities, refresh-packagekit, security
=============================== N/S Matched: icinga ==============================
icinga-api.x86_64 : PHP api for icinga
icinga-devel.x86_64 : Provides include files that Icinga-related applications may compile against
icinga-doc.x86_64 : documentation icinga
icinga-gui.x86_64 : Web content for icinga
icinga-idoutils.x86_64 : database broker module for icinga
icinga-idoutils-libdbi-mysql.x86_64 : database broker module for icinga
icinga-idoutils-libdbi-pgsql.x86_64 : database broker module for icinga
icinga-web-module-pnp.noarch : PNP Integration module for Icinga Web
icinga.x86_64 : Open Source host, service and network monitoring program
icinga-web.noarch : Open Source host, service and network monitoring Web UI
nagios-plugins.x86_64 : Host/service/network monitoring program plugins for Nagios/Icinga
nagios-plugins-setuid.x86_64 : Host/service/network monitoring program plugins for Nagios/Icinga requiring setuid
Name and summary matches only, use "search all" for everything.

Install icinga and the dependencies.

# yum --enablerepo=rpmforge install icinga icinga-gui icinga-doc icinga-idoutils-libdbi-mysql
# yum install mysql-server mysql-client libdbi libdbi-devel libdbi-drivers libdbi-dbd-mysql

Create database for icinga.

# mysql -uroot -p
mysql> CREATE DATABASE icinga;
mysql> GRANT USAGE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY 'icinga' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0;
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> quit

After we create database for icinga, import the database template to icinga database.

# mysql -uicinga -p icinga < /usr/share/doc/icinga-idoutils-libdbi-mysql-1.8.4/db/mysql/mysql.sql

Don't forget to disable Selinux if you do not use it. Insert database credential into file ido2db.cfg.

# vi /etc/icinga/ido2db.cfg

db_name=icinga
db_user=icinga
db_pass=icinga

Now we can start icinga and don't forget to start ido2db too.

# /etc/rc.d/init.d/ido2db start
# /etc/rc.d/init.d/icinga start
# /etc/rc.d/init.d/httpd restart
# chkconfig ido2db on
# chkconfig icinga on

Add icinga user or update password of existing one using command below.

# htpasswd /etc/icinga/passwd youradmin

Testing Icinga

We can now access icinga via this URL on browser.

http://yourdomain/icinga

Review the status and fix errors if any. Now you have your own icinga up and running. Congrats!

  • in sysadmin
  • 4 min read

Installing BIND DNS Server on CentOS 6.5

When we rent a VPS, we will get a public IP address so we can access our VPS from anywhere in this world. But, sometimes we want a better way to access our VPS using Domain Name. We will have to rent a domain name from a Domain Name Registrar and then set up our Name server so that our domain name refer to our IP address. There is usually an easier way by using our registrar control panel to set up NS records. But, if you still want to set up your own Name server, I hope this documentation will be useful for you.

BIND Name Server

BIND or Berkeley Internet Domain Name is open source software that implements the Domain Name System protocols. This is a documentation of installing BIND on CentOS 6.5 operating system.

Getting Started

Before we install BIND, or another software, always upgrade our system first.

# yum update

Install BIND using yum.

# yum install bind bind-utils

Use this if you don't use IPv6.

# echo 'OPTIONS = "4"' >> /etc/sysconfig/named

Edit file named.conf.

# vi /etc/named.conf

options {
   listen-on-v6 port 53 { none; };
   directory       "/var/named";
   dump-file       "/var/named/data/cache_dump.db";
   statistics-file "/var/named/data/named_stats.txt";
   memstatistics-file "/var/named/data/named_mem_stats.txt";
   allow-query     { any; };
   allow-transfer  { localhost; };
   recursion no;

   dnssec-enable yes;
   dnssec-validation yes;
   dnssec-lookaside auto;

   /* Path to ISC DLV key */
   bindkeys-file "/etc/named.iscdlv.key";

   managed-keys-directory "/var/named/dynamic";
};

logging {
   channel default_debug {
           file "data/named.run";
           severity dynamic;
   };
};

zone "." IN {
   type hint;
   file "named.ca";
};

zone "server.net" {
   type master;
   file "/etc/server.net.hosts";
   allow-update { none; };
};

zone "45.168.192.in-addr.arpa" IN {
   type master;
   file "/etc/45.168.192.db";
   allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Configure zone server.net.hosts.

# vi /etc/server.net.hosts

$TTL 86400
@       IN      SOA     ns1.server.net. server.server.net. (
                2014011807      ;serial, todays date + todays serial
                28800           ;refresh, seconds
                7200            ;retry, seconds
                604800          ;expire, seconds
                86400           ;minimum, seconds;
)
server.net.   NS      ns1.server.net.
server.net.   NS      ns2.server.net.
ns1             A       192.168.45.32
ns2             A       192.168.45.32
server          A       192.168.45.32
mail            A       192.168.45.32
server.net.     A       192.168.45.32
                MX 10   mail.server.net.
www             A       192.168.45.32

Configure reverse 45.168.192.db.

# vi /etc/45.168.192.db

$TTL 86400
@       IN      SOA     ns1.server.net. server.server.net. (
             2014011807      ;serial, todays date + todays serial #
             28800           ;refresh, seconds
             7200            ;retry, seconds
             604800          ;expire, seconds
             86400           ;minimum, seconds;
)
45.168.192.in-addr.arpa.        IN      NS      ns1.server.net.
45.168.192.in-addr.arpa.        IN      NS      ns2.server.net.
32                              IN      PTR     deuterion.net.

Start BIND.

# service named start
# chkconfig named on

For PTR record, if you are having difficulties to set the PTR record in your NS server (the IP still does not point to your domain name), ask your registrar to configure it for you.

Testing NS Server

Change your DNS resolver to your NS server.

# vi /etc/resolv.conf

nameserver 192.168.45.32

Try to resolve domain names and IP address.

# dig server.net

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @192.168.45.32 server.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35404
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;server.net.                 IN      A

;; ANSWER SECTION:
server.net.          86400   IN      A       192.168.45.32

;; AUTHORITY SECTION:
server.net.          86400   IN      NS      ns2.server.net.
server.net.          86400   IN      NS      ns1.server.net.

;; ADDITIONAL SECTION:
ns1.server.net.      86400   IN      A       192.168.45.32
ns2.server.net.      86400   IN      A       192.168.45.32

;; Query time: 0 msec
;; SERVER: 192.168.45.32#53(192.168.45.32)
;; WHEN: Sun Feb  9 21:10:38 2014
;; MSG SIZE  rcvd: 115

# dig -x 192.168.45.32

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @192.168.45.32 -x 192.168.45.32
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50675
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;32.45.168.192.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
32.45.168.192.in-addr.arpa. 86400 IN   PTR     server.net.

;; AUTHORITY SECTION:
45.168.192.in-addr.arpa. 86400  IN      NS      ns1.server.net.
45.168.192.in-addr.arpa. 86400  IN      NS      ns2.server.net.

;; ADDITIONAL SECTION:
ns1.server.net.      86400   IN      A       192.168.45.32
ns2.server.net.      86400   IN      A       192.168.45.32

;; Query time: 0 msec
;; SERVER: 192.168.45.32#53(192.168.45.32)
;; WHEN: Sun Feb  9 21:13:23 2014
;; MSG SIZE  rcvd: 140

That's all, we have a working NS server.

  • in sysadmin
  • 4 min read

Installing Postfix and Dovecot on CentOS 6.5

Hello, I want to share a documentation how to setup a mail server using CentOS 6.5 using Postfix as SMTP server and Dovecot as IMAP/POP3 server. Postfix is a well known Message Transfer Agent that mostly used today and Dovecot is also one of the widely used Mail User Agent.

Preparing The Machine

In this documentation we use a CentOS 6.5 server and before we start, let's update the system.

# yum update

A mail server needs to have a MX record in its DNS, so make sure we have that. It is also a good thing to set the PTR record pointing to our domain too.

# dig server.net -t ANY
;; ANSWER SECTION:
server.net.          86312   IN      MX      10 mail.server.net.
server.net.          86306   IN      A       192.168.45.32
server.net.          80528   IN      NS      ns2.server.net.
server.net.          80528   IN      NS      ns1.server.net.

Installing Postfix

Postfix Logo

Then install Postfix using yum if it's not already installed.

# yum install postfix

Edit Postfix configuration file main.cf,

# vi /etc/postfix/main.cf

This is a standard configuration,

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.server.net
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP
debug_peer_level = 2
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES

# SASL configuration
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_client_restrictions =
    permit_mynetworks,
    reject_unknown_client,
    permit
smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_auth_destination,
    permit_sasl_authenticated,
    reject

# TLS configuration
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/pki/tls/private/ssl.key
smtpd_tls_cert_file = /etc/pki/tls/cert/ssl.crt
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Restart Postfix,

# service postfix restart

Installing Dovecot

Dovecot Logo

Install Dovecot using yum,

# yum install dovecot

Edit Dovecot configuration file dovecot.conf,

# vi /etc/dovecot/dovecot.conf

protocols = imap pop3
listen = *
dict {
}
!include conf.d/*.conf

Edit 10-auth.conf,

# vi /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no
auth_mechanisms = plain login
!include auth-system.conf.ext

Edit 10-mail.conf,

# vi /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:~/Maildir
mbox_write_locks = fcntl

Edit 10-master.conf,

# vi /etc/dovecot/conf.d/10-master.conf

service imap-login {
  inet_listener imap {
  }
  inet_listener imaps {
  }
}
service pop3-login {
  inet_listener pop3 {
  }
  inet_listener pop3s {
  }
}
service lmtp {
  unix_listener lmtp {
  }
}
service imap {
}
service pop3 {
}
service auth {
  unix_listener auth-userdb {
  }
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
}
service auth-worker {
}
service dict {
  unix_listener dict {
  }
}

Edit 10-ssl.conf,

# vi /etc/dovecot/conf.d/10-ssl.conf

ssl = yes
ssl_cert = </etc/pki/tls/cert/ssl.crt
ssl_key = </etc/pki/tls/private/ssl.key

Start Dovecot,

# service dovecot start
# chkconfig dovecot on

Testing Installation

Test your Postfix installation by sending a message using our newly installed server. Use telnet on your mail server on port 25.

$ telnet mail.server.net 25
Trying 192.168.45.32...
Connected to mail.server.net.
Escape character is '^]'.
220 mail.server.net ESMTP
EHLO mail.server.net
250-mail.server.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: <admin@server.net>
250 2.1.0 Ok
RCPT TO: <user@gmail.com>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: Administrator <admin@server.net>
To: User <user@gmail.com>
Subject: Test Mail Server
Test Mail Server
.
250 2.0.0 Ok: queued as 54549110F

Check your Gmail inbox to see if the message sent successfully. Then check Dovecot using telnet on your mail server on port 143.

$ telnet mail.server.net 143
Trying 192.168.45.32...
Connected to mail.server.net.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
aa login user password
aa OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
ab select INBOX
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft $Forwarded)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft $Forwarded \*)] Flags permitted.
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1390092598] UIDs valid
* OK [UIDNEXT 7] Predicted next UID
* OK [HIGHESTMODSEQ 1] Highest
ab OK [READ-WRITE] Select completed.
ac logout
* BYE Logging out
ac OK Logout completed.
Connection closed by foreign host.

Congratulation! Now you have a working SMTP and IMAP/POP3 server! :D

  • in sysadmin
  • 3 min read

Installing Nginx on CentOS 6.5

CentOS community now works together with Redhat alongside Fedora. It's good news. So, we can hope to get a better software and support for next release of our beloved CentOS. As one of Linux (CentOS) fan, I want to share my experience installing nginx (engine-x) in CentOS 6.5. My VPS was installed as minimal server and then I added new packages, such as "Development tools" group and new repos (EPEL, CentALT).

nginx logo in CentOS 6.5

First thing that I usually do before doing something is researching, usually. So, before I install nginx, I searched for tutorials and I found one in http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-on-ubuntu-11.10. But, it is for Ubuntu and with MySQL which we not really need, yet. It is okay, because this is the fun part. We get to find the right configuration for our Linux distros.

The easiest way to install a package in CentOS (or every Linux distro) is using package manager, like yum. So, I searched http://pkgs.org to find any nginx package for CentOS and I found the latest stable nginx in CentALT repository.

# yum --enablerepo=CentALT install nginx-stable
# /etc/rc.d/init.d/nginx start

Open a browser and open our web server. Voila!

running-nginx

We got a running nginx on CentOS. But, it is not everything yet. Now, we will make our nginx run PHP so we install php-fpm, a FastCGI Process Manager.

# yum install php-fpm
# /etc/rc.d/init.d/php-fpm start

The **php-fpm** daemon will start at localhost on port 9000. The nginx configuration is easy to understand and available at http://wiki.codemongers.com/NginxFullExample and http://wiki.codemongers.com/NginxFullExample2. Then, to make nginx can execute PHP files, we need to make some changes in nginx configuration file /etc/nginx/nginx.conf

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
 root           html;
 fastcgi_pass   127.0.0.1:9000;
 fastcgi_index  index.php;
 fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
 include        fastcgi_params;
}

Reload nginx.

# /etc/rc.d/init.d/nginx reload

To test if the FastCGI server works, create the following PHP file in document root.

<?php
 phpinfo();
?>

Save file as info.php and call that file in a browser.

running-php

If it's showing the PHP information, our installation is running nicely.