Blue Flower

Sunday, 05 July 2015 17:11

Setuid on Suse

Written by

Things you have to do as follow:

let /usr/bin/suidperl as it is by default
I think chmod 755 /usr/bin/suidperl may also fix this issue with setuid
change bits of perl5.8.5 instead - chmod 4511 /usr/bin/sperl5.8.5
add following line to /etc/permissions.local: /usr/bin/sperl5.8.5 root.root 4511

That should solve it.

Special thanks to Huber Ulric

Sunday, 05 July 2015 17:10

Archived Post

Written by

I found this post on the internet and saved it here.

March 14, 2003

qmail. vpopmail. procmail.

How comes they just don't want to work together?

procmail: Program failure (100) of "/var/qmail/vpopmail/bin/vdelivermail"
From
This email address is being protected from spambots. You need JavaScript enabled to view it. Fri Mar 14 02:12:30 2003
Subject: test
Folder: **Bounced**                                                       782

Anyone seen this problem before?

Posted by imajes at March 14, 2003 09:36 AM | TrackBack
Comments
  1. I just finished working on exactly this problem. It took me more than 12 hours to solve it. Non of what Google came up with worked for me.
    This is my procmailrc file

    ###### Procmairc start ##########
    #
    # Uncomment these if you want to debug
    #VERBOSE=ON
    #LOGFILE=/tmp/procmail.log
    # Find the users home directory and store in variable
    VIRTUALHOME=`/var/vpopmail/bin/vuserinfo -d $EXT@$HOST`

    # Location of safecat
    SAFECAT=/usr/local/bin/safecat

    # Location of the users Maildir
    MAILDIR=$VIRTUALHOME/Maildir

    # Give each user a spamfolder where spam-tagged mail will be delivered.
    SPAMDIR=$VIRTUALHOME/Maildir/.Spam

    # Check if the user have a spamfolder, if not, create one.
    # We never use this variable, but the command will be executed, dirty dirty.
    CHECKSPAMFOLDER=`if [ ! -d $SPAMDIR ]; then /var/courier-imap/bin/maildirmake $SPAMDIR && chown -R vpopmail:vchkpw $SPAMDIR && echo "INBOX.Spam >> $MAILDIR/courieimapsubscribed"; fi`

    # Finally we can let SpamAssassin check our mail.
    :0fw
    | /usr/bin/spamassassin

    # If the message is tagged as spam, put it in spamfolder
    :0w
    * ^X-Spam-Status: Yes
    | $SAFECAT $MAILDIR/tmp $SPAMDIR/new

    # If the message is considered clean, deliver as normal.
    :0w
    | $SAFECAT $MAILDIR/tmp $MAILDIR/new

    ###### Procmairc end ##########

    NOTE: The CHECKSPAMFOLDER is only for squirrelmail.

    In .qmail-default iI have this:
    | preline /usr/bin/procmail -p -m /path/to/procmailrc

    Good luck

  2. Great Help! This file was exactly what I have spent ages looking for!

    Have you had problems with the qmail message que getting quite long? Just wondering ....

  3. Hi, we have been using the script you suggested and it works well. Although how do you catch email accounts that do not exist? Any help would be great!

  4. On my server, where vpopmail uses MySQL and so on, the solution presented on the first comment fails on alias users, for example if the user has an account 'firstnameX', the vuserinfo fails to find user as ' This email address is being protected from spambots. You need JavaScript enabled to view it. ', which is kinda groody.
    (The solution would've been quite what i've been searching for otherwise.)

    Another thing I haven't quite figured out yet are the .qmail-user -files, procmail gets run only if it's in domain's .qmail-default , and .qmail-username -files never seem to get processed. If anyone would've thoughts on these issues, I'd be pleasantly surprised to get back an email covering them.

    cheers.

  5. as Adrian commented on catching email accounts that doesnt exist, I tried putting

    :0w
    |/var/vpopmail/bin/vdelivermail '' bounce-no-mailbox

    but it didn't work, mail kept getting requeued.
    my temporary solution was to put

    :0
    *
    /var/vpopmail/domains/dom/postmaster/Maildir/noaccount/


    at the end of procmailrc.

  6. To solve the "non-existent" user problem, I just create a symbolically linked .qmail-username file for each user to a file called .qmail-template. The .qmail-template file contains what the author listed above. My .qmail-default file then looks like
    "| /var/vpopmail/bin/vdelivermail '' delete" to delete the messages
    or you can use
    "| /var/vpopmail/bin/vdelivermail '' bounce-no-mailbox" to bounce the message
    With the .qmail-default set to one of these I do not have to worry about any non-existent user. Yes it adds one more step after creating a virtual user, but it solves the issue and everything behave like I would want it to.

  7. Great stuff. Here is another solution to the problem, which uses maildrop instead of procmail for the mail delivery:

    http://wotsit.thingy.com/haj/mailfilter-spamassassin-vpopmail.shtml

    Works well in some quick tests, and has no problem with non-existant mailboxes.

    Lawrence

    lawrence (at) aslak (dot) net

Sunday, 05 July 2015 17:10

Installing Simscan

Written by

This is applicable for qmr setups ONLY! If you're using John Simpsons qmail-smtp-run script and his patch, his run file has options for qmail-scanner and simscan. Please refer to his man pages for instructions.

I have simscan working A-OK with QMR and it is much quicker scanning
mails than qmail-scanner due to not having the perl startup overhead.
Saying that simscan is not as mature as QMS and to the best of knowledge
can only use clamav.

These instructions are roughly how I got Simscan to work with QMR.
Please feel free to amend them

download simscan 1.1

# wget http://www.inter7.com/simscan/simscan-1.1.tar.gz

then unpack it

# tar xvzf simscan-1.1.tar.gz

move into its directory

# cd simscan-1.1

and create a file called setup.sh which will hold the compile settings
vi setup.sh

Add a simscan user

# pw useradd simscan -s /sbin/nologin -d /tmp

Add the following content:

# ./configure \
--enable-clamav=y \
--enable-clamdscan=/usr/bin/clamdscan \
--enable-custom-smtp-reject=n \
--enable-attach=y \
--enable-dropmsg=n \
--enable-qmaildir=/var/qmail \
--enable-received=y \
--enable-spam=y \
--enable-spam-passthru=y \
--enable-spamc=/usr/local/bin/spamc \
--enable-qmail-queue=/var/qmail/bin/qmail-queue \
--enable-trophie-socket=/var/run/trophie \
--enable-trophie-path=/usr/local/share/trophie/trophie \
--enable-ripmime=/usr/local/bin/ripmime \
--enable-clamavdb-path=/var/clamav \
--enable-sigtool-path=/usr/bin/sigtool \
--enable-per-domain=y

This config allows for sophie/trophie when they are added and per domain
settings.

make it executable

# chmod 755 startup.sh

then run it

# ./setup.sh

then make simscan with

# make

install it

# make install-strip

fix permissions on the /var/qmail/simscan/ directory

# chmod g+s /var/qmail/simscan/

Set all mails to be scanned, machine wide by editing

# vi /var/qmail/supervise/qmail-smtpd/run

and add the line

# QMAILQUEUE="/var/qmail/bin/simscan"; export QMAILQUEUE

near the top ie. my 1st 5 lines are:

#!/bin/sh
QMAILQUEUE="/var/qmail/bin/simscan"; export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

alternatively you can have much greater control by stating which actions
to be performed on emails coming from different IP addresses: for
instance mine is set to scan ALL mails and is probably the simplest setup.

Edit the /var/qmail/control/simcontrol file and place your options in there:

# vi /var/qmail/control/simcontrol

As I said above mine scans ALL mails form ALL IP addresses with:
:clam=yes,trophie=no,spam=no

run /var/qmail/bin/simscanmk to convert the
/var/qmail/control/simcontrol into the
/var/qmail/control/simcontrol.cdb file
/var/qmail/bin/simscanmk

restart qmail with

# qmailctl restart

Thursday, 16 June 2016 15:40

Installing vmware tools on FreeBSD

Written by

The only requirement to install Vmware Tools on FreeBSD is to have the compat6x-amd port installed. Please run the commands below:


# cd /usr/ports/misc/compat6x
# make install clean

What you will need to do next is login to vSphere, click the FreeBSD VM and right click it and choose Install/Upgrade Vmware Tools (see screenshot below). It will then popup a screen to install Vmware tools. Just click ok. You can now exit vSphere.



Now lets create the /crom directory and then mount the cdrom drive first.


# mkdir /cdrom
# mount -t cd9660 /dev/cd0 /cdrom

Now lets make a directory, unzip the tarball and then unmount the drive.


# mkdir ~root/vmware
# cd ~root/vmware
# tar zxvf /cdrom/vmware-freebsd-tools.tar.gz
# umount /cdrom

Now lets install vmware tools.


# cd vmware-tools-distrib
# ./vmware-install.pl

Basically all you need to do from here is just hit enter on all the prompts. It will install the startup script in /usr/local/etc/rc.d and it will also install the documentation to /usr/local/share/doc/vmware-tools.

Congrats! You now have Vmware Tools installed on FreeBSD!

Wednesday, 15 June 2016 19:31

Installing and Configuring dehydrated (Was LetsEncrypt)

Written by

Taken from letsencrypt.org:

The objective of Let’s Encrypt and the ACME protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server.

To see the entire process take a look at https://letsencrypt.org/how-it-works/
Additional documentation can be found here https://letsencrypt.org/docs/
Also this walkthrough was copied with permission from https://wiki.freebsd.org/BernardSpil/LetsEncrypt

First lets install the port:


# cd /usr/ports/security/dehydrated
# make install clean

Now to setup permissions:


# pw groupadd -n _dehydrated -g 443
# pw useradd -n _dehydrated -u 443 -g 443 -d /usr/local/etc/dehydrated -w no -s /nonexistent
# chown root:_dehydrated /usr/local/etc/dehydrated
# chmod 770 /usr/local/etc/dehydrated
# mkdir -p -m 775 /usr/local/www/.well-known/acme-challenge
# chgrp _dehydrated /usr/local/www/.well-known/acme-challenge

Now to modify Apache configuration:

The acme validation will GET a uniquely named file from http://www.yourdomain.com/.well-known/acme-challenge/

The only way I can make the challenge work is by running the following command:


ln -s /usr/local/www/.well-known/ /usr/local/www/apache24/data

Now every (non-ssl) Virtual Host that you have needs to have the same symlink if you want a cert for each domain

Now what we need to do is create domains.txt and include a list of all domains you want to create certs for:


# cd /usr/local/etc/dehydrated
# cp domains.txt.example domains.txt
# vi domains.txt

Now inside domains.txt put in each domain you want to create a cert for. I'm only using one in this example to make things very easy for you.

Now we need to copy over the config.sh and modify two lines and add one line (I indicate the addition in red):


# cp config.sh.example config.sh
# vi config

now change the following lines. The last line in red is an addition to the config.sh script:

BASEDIR="/usr/local/etc/dehydrated"
WELLKNOWN="/usr/local/www/.well-known/acme-challenge"
alias openssl='/usr/local/bin/openssl'

You will probably want to run LetsEncrypt manually the first time:


# cd /usr/local/etc/dehydrated
# su -m _dehydrated -c 'bash /usr/local/bin/dehydrated --cron'

Now what we need to do is copy the .pem files to apache. In my apache guide we use self-signed certs and we will change apache to use the certs that we just created.


# cd /usr/local/etc/dehydrated/certs/domain.com
# cp fullchain.pem /usr/local/etc/apache24/ssl.crt/domain.com.pem
# cp privkey.pem /usr/local/etc/apache24/ssl.key/domain.com.key

Now we need to edit the httpd-ssl.conf to use the new certificates:


# vi /usr/local/etc/apache24/extra/httpd-ssl.conf

Now find the 2 lines in the httpd-ssl.conf and edit them as follows:

SSLCertificateFile "/usr/local/etc/apache24/ssl.crt/domain.com.pem"
SSLCertificateKeyFile "/usr/local/etc/apache24/ssl.key/domain.com.key"

Now to restart apache:


# /usr/local/etc/rc.d/apache24 restart

If you are using my qmail setup you can use the following commands to create a new qmail certificate.


# cd /usr/local/etc/dehydrated
# cat fullchain.pem > /var/qmail/control/domain.com.pem
# cat privkey.pem >> /var/qmail/control/domain.com.pem

Now what you need to do is edit all the following scripts and change all references of servercert.pem to domain.com.pem

/service/qmail-smtpd-ssl/run
/service/qmail-smtpd-tls/run
/usr/local/etc/dovecot.conf << There are 2 lines to replace servercert.pem

After you edit those files make sure you restart the services.

Now we're not completely done. What we need to do is create a script that will automatically renew the ssl certificates every 3 months. Here is what my current script looks like:

----- START SCRIPT -----
#!/bin/sh

# Run script to renew certs
su -m _dehydrated -c 'zsh /usr/local/etc/dehydrated/config --cron'

# uncomment the following sections as needed.

# Deploy certs to apache once they've been renewed.
# cd /usr/local/etc/dehydrated/certs/domain.com
# cp fullchain.pem /usr/local/etc/apache24/ssl.crt/domain.com.pem
# cp privkey.pem /usr/local/etc/apache24/ssl.key/domain.com.key

# copy the qmail certs over
# cd /usr/local/etc/dehydratedh/certs/domain.com
# cat fullchain.pem > /var/qmail/control/domain.com.pem
# cat privkey.pem >> /var/qmail/control/domain.com.pem
#
# Restart the necessary services
# svc -t /service/qmail-smtpd-ssl
# svc -t /service/qmail-smtpd-tls
# svc -t /service/dovecot/run

# Restart apache
# /usr/local/etc/rc.d/apache24 restart

----- END SCRIPT -----

Thursday, 09 June 2016 18:13

Installing Screen

Written by

Install Screen

Screen is a nice little utility that can enable you do install one thing in the background while doing something else. Install it by doing the following:


# cd /usr/ports/sysutils/screen
# make install clean

We will want to install this as installing the cvsup port takes a while to do. Type rehash and hit Enter. typing rehash just refreshes the terminal we are in IF you're using tcsh. We are going to now add a customization to screen so we don't get the welcome window. Copy /usr/local/share/examples/screen/screenrc to your home dir. We will always want to run screen as root so run the following command:


# cp /usr/local/share/examples/screen/screenrc ~root/.screenrc
# vi ~root/.screenrc

Remove the # in front of # startup_message off so it appears as startup_message off. Change vbell on to vbell off and put in a # in front of vbell_msg " Wuff ---- Wuff!! " so it appears as #vbell_msg " Wuff ---- Wuff!! "

What this will do is tell screen not to show the startup window. Now lets give it a test to get yourself familiar with it. Type rehash and hit Enter and then type screen and hit Enter. You'll notice the screen will flash and then you will be bumped back to a prompt again. You are now in a screen session. To disconnect from screen, hold down CTRL and then hit A and then D. You can let go of the CTRL key. You will see the words [detached].

Now that screen is running in the background, we can reattach to it by typing in screen -rd and hit Enter. If you have more than one screen running and you probably will as get you get more familiar with it, Just run ps -auxw | grep screen. This command will grep (or more simply find) any screen sessions and display their PID. To connect to a screen by PID, just type screen -r PID. Pretty easy eh? I would recommend running screen in this entire step as it is quite lengthy.

Page 18 of 23