Tạo bản ghost cho nhiều máy

http://www.vn-zoom.com/f94/tao-ban-ghost-cho-nhieu-may-456823.html

Vấn đề đa số các bạn dùng máy tính thường gặp phải là cài đặt lại phần mềm cho máy tính của mình, một công việc chẳng thú vị gì mấy đối với những người bận rộn. Tuy nhiên, điều đơn giản nhất để tránh sự nhàm chán đó là dùng chương trình Ghost để sao lưu (backup) lại ổ cứng của bạn ở tình trạng tốt nhất và sau khi bị sự cố thì ta chỉ cần phục hồi (restore) lại là xong ngay.


Nếu vấn đề chỉ đơn giản là vậy thì không có gì để nói! Thế nhưng khi bạn nâng cấp máy mới với một mainboard khác và bạn vẫn muốn giữ lại bộ Windows XP cũ của mình thì vấn đề lại xảy ra nếu mainboard cũ và mới không giống nhau. Nói cách khác là khi phần cứng có sự thay đổi thì việc bạn Ghost lại hệ điều hành Windows XP cũ có thể sẽ khiến máy tính chạy sẽ không được ổn định như cũ nữa, và có thể gây ra lỗi.

Để giải quyết vấn đề này ta làm như sau:

Bước 1: Cài đặt Windows XP và tất cả chương trình cần thiết.

Bước 2: Vào thư mục C:\WINDOWS\Driver Cache\i386, mở file Driver.cab rồi trích (Extract) các tập tin Atapi.sys, Intelide.sys, Pciide.sys, and Pciidex.sys vào thư mục C:\WINDOWS\System32\drivers.

Bước 3: Tạo tập tin tên Mergeide.reg bằng Notepad với nội dung như sau:

Trích:
Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\primary_ide_channel]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”atapi”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\secondary_ide_channel]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”atapi”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\*pnp0600]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”atapi”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\*azt0502]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”atapi”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\gendisk]
“ClassGUID”=”{4D36E967-E325-11CE-BFC1-08002BE10318}”
“Service”=”disk”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#cc_0101]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_0e11&dev_ae33]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_1039&dev_0601]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_1039&dev_5513]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_1042&dev_1000]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_105a&dev_4d33]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_1095&dev_0640]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_1095&dev_0646]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_1095&dev_0646&REV_0 5]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_1095&dev_0646&REV_0 7]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_1095&dev_0648]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_1095&dev_0649]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_1097&dev_0038]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_10ad&dev_0001]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_10ad&dev_0150]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_10b9&dev_5215]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_10b9&dev_5219]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_10b9&dev_5229]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”pciide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_1106&dev_0571]
“Service”=”pciide”
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_8086&dev_1222]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”intelide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_8086&dev_1230]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”intelide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_8086&dev_2411]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”intelide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_8086&dev_2421]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”intelide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_8086&dev_7010]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”intelide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_8086&dev_7111]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”intelide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\
CriticalDeviceDatabase\pci#ven_8086&dev_7199]
“ClassGUID”=”{4D36E96A-E325-11CE-BFC1-08002BE10318}”
“Service”=”intelide”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\atapi]
“ErrorControl”=dword:00000001
“Group”=”SCSI miniport”
“Start”=dword:00000000
“Tag”=dword:00000019
“Type”=dword:00000001
“DisplayName”=”Standard IDE/ESDI Hard Disk Controller”
“ImagePath”=hex(2):53,00,79,00,73,00,74,00,65, 00,6d,00,33,
00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00 ,53,00,
5c,00,61,00,74 ,00,61,00,70,00,69,00,2e,00,73,00,79,00,73,
00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IntelIde]
“ErrorControl”=dword:00000001
“Group”=”System Bus Extender”
“Start”=dword:00000000
“Tag”=dword:00000004
“Type”=dword:00000001
“ImagePath”=hex(2):53,00,79,00,73,00,74,00,65, 00,6d,00,33,
00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00 ,53,00,
5c,00,69,00,6e,00,74,00,65,00,6c,00,69,00,64,00,65 ,00,2e,
00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\PCIIde]
“ErrorControl”=dword:00000001
“Group”=”System Bus Extender”
“Start”=dword:00000000
“Tag”=dword:00000003
“Type”=dword:00000001
“ImagePath”=hex(2):53,00,79,00,73,00,74,00,65, 00,6 ,00,33,
00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00 ,53,00,
5c,00,70,00,63,00,69,00,69,00,64,00,65,00,2e,00,73 ,00,79,
00,73,00,00,00
Bước 4: Bây giờ bạn nhấp chuột phải vào tập tin Mergeide.reg và chọn Merge rồi nhấn Yes trong bảng thông báo của Windows.

Bước 5: Cuối cùng khởi động lại máy tính và cho chạy chương trình Ghost để tạo tập tin sao lưu. Vậy là bạn có được một bộ backup Windows XP tương thích với rất nhiều mainboard thông dụng rồi đó.

Securing SquirrelMail using HTTPS

http://www.differentpla.net/content/2004/03/securing-squirrelmail-using-https

Part 11 of Installing qmail and vpopmail. This part is about securing webmail access by using HTTPS.
At the end of Installing SquirrelMail, I'd finished installing webmail on my test box. Currently, this uses HTTP. This is not really secure enough for webmail, so this article is going to look at adding HTTPS access to webmail.

Apache-SSL or mod_ssl?

There are two options when it comes to providing support for HTTPS: Apache-SSL and mod_ssl. Debian has packages for both.
See these two mailing list posts (e.g.) for more information about which to choose:

http://lists.debian.org/debian-isp/2003/debian-isp-200304/msg00260.html

http://www.mail-archive.com/modssl-users@modssl.org/msg15791.html For this box, I'm going to use mod_ssl. My main motivation is that Apache-SSL runs as a separate daemon, which means that I'll have two sets of configuration files to maintain, and a bunch of apache-ssl processes using up memory even though this box won't be doing much HTTPS.

Installing mod_ssl

The first thing to do is to configure Apache to allow SSL access. As you'll recall, my test box is called flimsy, so we want to allow access to https://flimsy/. We do this (on Debian) by installing the libapache-mod-ssl package:

# apt-get install libapache-mod-ssl libapache-mod-ssl-doc

Information about configuring mod_ssl is in /usr/share/doc/libapache-mod-ssl-doc on Debian, but basically, you run mod-ssl-makecert to make yourself a certificate for testing, and then tweak your /etc/apache/httpd.conf file to turn on SSL. I'll talk about self-signed certificates (and installing them under Windows) later.
When Apache starts, it'll prompt for the passphrase used to protect the server certificate. See this for one way to work around this. Alternatively, you could just not enter a passphrase.
With a certificate installed using this method, you'll see a warning like the following:
When you create the certificate, you should specify the "Common Name" as the name by which clients will connect to this server. This is generally www.wherever.com. If you don't, you'll get a warning: "The name on the security certificate is invalid or does not match the name of the site" or similar.
For now, if you just hit "Yes", Internet Explorer will use the certificate for this session, allowing you to connect to the server.

Redirecting webmail to HTTPS

Now, currently, users can connect to the webmail using either HTTP or HTTPS. I'd like to force users to connect using HTTPS. This can be done with some mod_rewrite magic.
To make it go, put a .htaccess file in /var/www/webmail containing the following:

DirectoryIndex index.php

<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{SERVER_PORT}      !^443$
        RewriteRule ^(.*)$      https://%{SERVER_NAME}/webmail/$1 [L,R=303]
</IfModule>

If you prefer, you can probably put similar directives in a <Location> or <Directory> block in httpd.conf. Note that this stanza is protected by IfModule. This causes it to fall back to normal HTTP access if mod_ssl didn't load. In such a case, you might prefer to deny access to this directory entirely.

Self-Signed Certificates

In order to get rid of Internet Explorer's warning about the untrusted certificate, you need to have a signed certificate. For an e-commerce site, this is generally done by giving a stack of cash to VeriSign or Thawte. There are other Certificate Authorities, but these are the top two.
Alternatively, you can create a self-signed certificate and install it in Internet Explorer. For more information about how to do this see, for example, http://www.modssl.org/docs/2.8/ssl_faq.html#cert-ownca.
Note: If you're planning on using the same server key and certificate with BincIMAP, you'll need to remove the passphrase from the server key. BincIMAP has no way of prompting for the key and, due to the use of tcpserver, couldn't keep it anywhere anyway. For more information, see http://www.modssl.org/docs/2.8/ssl_faq.html#remove-passphrase.
If you follow the instructions given there to create a signed (or self-signed) certificate, you should end up with two files: server.crt and server.key. If you've installed Debian's mod_ssl, you should have directories named ssl.crt, ssl.csr and ssl.key in /etc/apache. I just put the files (in this example, I called them flimsy.key, flimsy.csr and flimsy.crt in those directories, and edited /etc/apache/httpd.conf to point to them:

<VirtualHost _default_:443>
     <IfModule mod_ssl.c>
        SSLEngine on
        SSLCertificateFile      /etc/apache/ssl.crt/flimsy.crt
        SSLCertificateKeyFile   /etc/apache/ssl.key/flimsy.key
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
     </IfModule>
</VirtualHost>

Installing a Self-Signed Certificate in IE

If, when presented with the certificate error message, you click on "View Certificate", you'll see your webserver's certificate.
You'd think that clicking the "Install Certificate" button would suffice, but it doesn't.
If you're using a self-signed certificate, you need to install your CA certificate in the "Trusted Root Certification Authorities" store. To to this, you can click on the "Certification Path" tab. This will show your server's certificate and your CA certificate. If you click on your CA certificate and click "View Certificate", you can view the details for your root CA certificate.
To install it, you first need to save it as a file. Select the "Details" tab and click the "Copy to File" button. If you then right-click on this file and select "Install Certificate" you'll see a wizard that will walk you through installing your CA certificate.
To see it, click on Tools / Options and go to the "Content" tab. Click on the "Certificates" button. Your certificate will be shown under "Trusted Root Certification Authorities".
Now you can point your browser at (in this example) https://flimsy.home.differentpla.net/webmail/ and it connects without bringing up any warnings.
For more information about Internet Explorer and certificates, read Chapter 6 - Digital Certificates in the Internet Explorer Resource Kit documentation.

Virtual Hosts and HTTPS

If you're using Virtual Hosts with Apache, you will run into what seems like a major problem: you can't use name-based virtual hosts and HTTPS. For more information, see http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts.
Here are some possible different solutions:

• Use IP-based virtual hosts. This requires a different IP address for each virtual host. This can be done by installing more than one network card or by using IP aliasing with a single network card.
  Unfortunately, this won't work in my situation, because I've only got a single IP address for my DSL connection, and I'd need to upgrade my service and buy a router that supported more than one external IP address.
• Use a different port for each virtual HTTPS host. This would work in my case, but it's easy to forget to supply the port number when typing in the address.
• Don't worry about it. Use the same virtual host to access all of your mailboxes. This works with vpopmail, because the domain name is part of the username used to log in. You can do this as long as you don't mind that your users will see that all of your different domains are running off the same server. I don't particularly mind, so this is what I'll do.

Testing with Name-based Virtual Hosts

peculiar, my "production" server is already configured with several name-based virtual hosts. To try this out, I'll have to configure my test box in a similar fashion.
In Part 4, I configured my internal DNS so that both of my test domains would resolve to the same box. If I connect to http://flimsy.differentpla.test/ or http://flimsy.beerology.test/, I am presented with the same page.
Configuring name-based virtual hosts to handle this is very easy. Just put something like the following into /etc/apache/httpd.conf:

NameVirtualHost *

<VirtualHost *>
    ServerName flimsy.differentpla.test
    DocumentRoot /var/www/flimsy.differentpla.test
</VirtualHost>

<VirtualHost *>
    ServerName flimsy.beerology.test
    DocumentRoot /var/www/flimsy.beerology.test
</VirtualHost>

This is the minimum needed to get name-based virtual hosts to work. You'll probably want to configure more than just this for each virtual host. For example, peculiar has separate log files and custom error documents for each host.
Any requests that don't match a particular ServerName or ServerAlias directive will resolve to the first matching VirtualHost block.
We also need a minimal index.html in each of the DocumentRoot locations, e.g.:

<!--/var/www/flimsy.beerology.test/index.html-->
<html>
 <head><title>flimsy.beerology.test</title></head>
 <body>
  <h1>flimsy.beerology.test</h1>
 </body>
</html>

We ought also to tweak the DocumentRoot settings in the VirtualHost block responsible for HTTPS:

<VirtualHost _default_:443>
    DocumentRoot /var/www/flimsy.home.differentpla.net
    <IfModule mod_ssl.c>
        SSLEngine on
        SSLCertificateFile      /etc/apache/ssl.crt/flimsy.crt
        SSLCertificateKeyFile   /etc/apache/ssl.key/flimsy.key
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </IfModule>
</VirtualHost>

If we don't do this, it'll be set to the default (/var/www on Debian), which is where each of our virtual hosts is installed. A user will be able to get a list of the virtual hosts on this box by browsing to http://flimsy.home.differentpla.net/. So, we change it.
Success! Users can connect to either of the name-based virtual hosts, and they can still connect to https://flimsy.home.differentpla.net/ to check their mail.
If a user inadvertently tries to connect to https://flimsy.differentpla.test, which resolves to the same site, they'll be presented with a warning message:

The user can choose "Yes", and they'll get the webmail login form as normal. In future, we'd probably prefer to use some mod_rewrite magic to redirect them to an information page if they've typed in the wrong address. We might also want to use mod_rewrite so that people who use HTTPS to connect to pages that don't need to be secure are redirected to use the HTTP variant, thus saving CPU cycles on the server.
Next: Securing IMAP.

• Internet Mail

• Add new comment

HowTo SSH/SCP without a password

HowTo SSH/SCP without a password.

 http://www.hostingrails.com/HowTo-SSH-SCP-without-a-password

This small HowTo will explain how to setup key-based authentication for password-less SSH and SCP usage.

This HowTo does assume the reader has some basic knowledge of ssh and a terminal, and is using an operating system that implements SSH. If you're using a Windows OS and want to use SSH, try PuTTY. For Putty, see key-based auth with Putty.

In the examples that follow please substitute 'servername' , 'ipaddress' and 'username' with the proper information for your setup. I have included a list of weblinks for the words in italic at the end of this document.

Step 1. Verify that you can connect normally (using a password) to the server you intend to setup keys for:

#### Examples ####

user@homebox ~ $ ssh username@'servername'

# Or:

user@homebox ~ $ ssh username@'ipaddress'

# If your username is the same on both the client ('homebox') and the server ('servername'):

user@homebox ~ $ ssh 'servername'

# Or:

user@homebox ~ $ ssh 'ipaddress'

# If this is your first time connecting to 'servername' (or 'ipaddress'), upon establishing a connection with the
# server you'll be asked if you want to add the servers fingerprint to the known_hosts file on your computer.
# Press 'enter' to add the fingerprint.

Step 2. Now that you're connected to the server and verified that you have everything you need for access (hopefully), disconnect by typing 'exit' .

#### Examples ####

user@servername ~ $ exit

# You should be back at:

user@homebox ~ $

Step 3. The next step is to copy a unique key generated on your 'homebox' to the server you are connecting too. First, before you generate a new key, check to see if you already have a key:

#### Example ####

user@homebox ~ $ ls -l ~/.ssh
total 20
-rwx--xr-x 1 user user  601 Feb  2 01:58 authorized_keys
-rwx--xr-x 1 user user  668 Jan  1 19:26 id_dsa
-rwx--xr-x 1 user user  599 Jan  1 19:26 id_dsa.pub
-rwx--xr-x 1 user user 6257 Feb  2 21:04 known_hosts

# The file we need to copy to the server is named id_dsa.pub. As you can see above, the file needed exists. You may or may not have other files in ~/.ssh as I do. If the key doesn't exist, however, you can make one as follows:

#### Example ####

user@homebox ~ $ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):     # Press 'enter' here
Enter passphrase (empty for no passphrase):     # Press 'enter' here
Enter same passphrase again:     # Press 'enter' here
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
6f:c3:cb:50:e6:e9:90:f0:0f:68:d2:10:56:eb:1d:91 user@host

# Entering a password when asked during the key generation processes when prompted would require you to enter a  password each time you SSH/SCP to the server which defeats the purpose of this document.

Step 4. Regardless whether you had a key ready to go or if you had to generate a new key, the next step is the same in either case. Now you're ready to copy the key to the server. Do so like this:

#### Example ####

user@homebox ~ $ ssh-copy-id -i ~/.ssh/id_dsa.pub user@'servername' (or 'ipaddress')

# If you are asked weather or not you wish to continue, say yes.

Step 5. Now it's time to test the setup. To do that, try to ssh to the server:

#### Example ####

user@homebox ~ $ ssh 'servername' (or 'ipaddress')

# You should log in to the remote host without being asked for a password.

Step 6. You can now SSH or SCP to the remote host without having to enter a password at each connection. To make sure your public key stays secure from prying eyes, do the following to change permissions and restrict access on 'homebox' and also on 'servername' to ~/.ssh:

#### Example ####

user@homebox ~ $ chmod 600 ~/.ssh/id_dsa ~/.ssh/id_dsa.pub

# Verify the permissions on the files:

#### Example ####

user@homebox ~ $ ls -l ~/.ssh
-rw-------  1 user user  668 Feb  4 19:26 id_dsa
-rw-------  1 user user  599 Feb  4 19:26 id_dsa.pub

Links

1. OpenSSH

2. known_hosts

3. fingerprint

------
Nice post!

I've noticed that I don't have the command ssh-copy-id on my OS X machine (I didn't even know one existed!). To achieve the same effect I usually do the following:

user@homebox ~ $ scp ~/.ssh/id_dsa.pub user@'servername':.ssh/authorized_keys

This is assuming you've already created a .ssh directory on your server 'servername' (just ssh in as normal and `mkdir .ssh`). This also assumes that you don't already have an `authorized_keys` file in the .ssh directory on your server. If you do just copy (scp) the id_dsa.pub file to a temporary file in your server's home directory and then

user@homebox ~ $ scp .ssh/id_dsa.pub user@servername:homebox_dsa.pub
user@homebox ~ $ ssh user@servername
user@servername ~ $ cat homebox_dsa.pub >> .ssh/authorized_keys
user@servername ~ $ rm homebox_dsa.pub 

If you've got it, the ssh-copy-id way is clearly a lot easier!

~ Mark

Hi Mark. Thanks for adding that bit. I don't have access to a Mac (new one anyway) so that's very nice to know.

Seth

Seth, I liked this post a lot, but felt the formatting and wording can be improved. I've made a few changes to the introduction.

Xin
(I wish I had used my name for my username now!)

-------

I found an elegant way of creating a new, or adding to an existing authorized_keys file with a single command:

ssh username@somedomain.com -n "echo `cat ~/.ssh/id_dsa.pub` >> ~/.ssh/authorized_keys"

-

I think it *is* a good practice to use pass phrases when using ssh keys. You can use ssh-agent on Linux and SSH Agent or SSHKeychain on Mac OS X, to avoid you to type your pass phrase everytime you access a remote host. Also, you can forward your keys using 'ssh -A' if you need to hop onto some host in the middle.

-- Igor"

-------

I'm using PUTTY (pageant) on a XP and on Vista.  I use 2048 RSA private key that is password protected.  I typically use PUTTY to connect, fyi: my purpose is really to be able to use git (which uses SSH) without having to log in every time I commit. Assuming you are too and have a key generated already...

load key into PuttyGen (enter password for the key) in the window copy the "public key for pasting into OpenSSH..." append this to the ~/.ssh/authorized_keys.  

One comment: when I used the append from above aka the elegant code, it did not add a \n at the end of the line aka didn't work. I vi'd the file added a new line.

--Eric

Problem tren qmail server voi error POP3, can send but can not receive on Microsoft outlook

cach giai quyet:       check lai permission tren folder Maildir/cur  all fai co quyen vpopmail.vchkpw tren all cac file.

Khong the log on vo squirelmail

http://www.bramschoenmakers.nl/en/node/270

bramschoenmakers.nl

Home

SquirrelMail: Unknown user or password incorrect

Submitted by Bram Schoenmakers on 19 October, 2007 - 13:08.

Tagged: Courier IMAP  •  FAM  •  FreeBSD  •  SquirrelMail

After having solved the problem described in previous entry, I encountered new problems with logging in.
Now, after I entered my credentials, the following error was shown:

Unknown user or password incorrect

The SquirrelMail website suggested that the IMAP server was misconfigured somehow. So I checked /var/log/maillog:

Oct 19 08:50:59 example imapd: LOGIN, user=test@example.com, ip=[127.0.0.1], protocol=IMAP
Oct 19 08:50:59 example imapd: LOGOUT, user=test@example.com, ip=[127.0.0.1], headers=0, body=0, rcvd=30, sent=238, time=0
Oct 19 08:50:59 example imapd: LOGIN, user=test@example.com, ip=[127.0.0.1], protocol=IMAP
Oct 19 08:50:59 example imapd: Failed to create cache file: maildirwatch (test@example.com)
Oct 19 08:50:59 example imapd: Error: Input/output error
Oct 19 08:50:59 example imapd: Check for proper operation and configuration
Oct 19 08:50:59 example imapd: of the File Access Monitor daemon (famd).
Oct 19 08:50:59 example imapd: Failed to create cache file: maildirwatch (test@example.com)
Oct 19 08:50:59 example imapd: Error: Input/output error
Oct 19 08:50:59 example imapd: Check for proper operation and configuration
Oct 19 08:50:59 example imapd: of the File Access Monitor daemon (famd).
Oct 19 08:50:59 example imapd: LOGOUT, user=test@example.com, ip=[127.0.0.1], headers=0, body=0, rcvd=431, sent=1438, time=0
Oct 19 08:50:59 example imapd: LOGIN FAILED, user=test@example.com, ip=[127.0.0.1]
Oct 19 08:51:04 example imapd: LOGOUT, ip=[127.0.0.1], rcvd=60, sent=332

Hmm, FAM didn't work really well, so I disabled it in the port and reinstalled it. Then, I restarted the IMAP server:

/usr/local/etc/rc.d/courier-imap-imapd.sh restart

But still, logging in didn't work. The FAM errors were gone, but the last two lines of the maillog output were still to be found.
It turned out that I hadn't restarted the courier-authdaemond. So restarting it:

/usr/local/etc/rc.d/courier-authdaemond restart

made the logins work flawlessly again. Hooray!
After that, I re-enabled FAM in the port. Loggin in still worked, but still those FAM errors spitted out in the maillog. I don't think it's really crucial so I'd better leave it out for now.

Cau hinh VPN cua IPcop voi Cisco ASA

   - IKE Encryption: 3DES

                  - IKE Integrity: MD5

                  - IKE Grouptype: MODP-1024

                  - IKE Lifetime: 8 hours

                  - ESP Encryption: AES-256bit

                  - ESP Integrity: SHA1

                  - ESP Grouptype: MODP-1536

                  - ESP Keylife: 8 hours

                  - Perfect Forward Secrecy (PFS) is marked

Lenh xem dung luong thu muc tren linux: du - Skh *

Loi ko view duoc Birt viewer

do thieu lib common-logging ---> download lib common-logging sau do copy bo         vao thu muc  /WEB-INF/lib

Tim file trong linux: find ./ -name “config.xml”

Tim file trong linux:  find ./ -name “config.xml”

Loi khong the log on vao Tomcat Manager sau khi da install tomcat = zypper

vi do thieu nhung goi lib  ----->  cach giai quyet dung lenh zypper search tomcat sau do install all nhung goi lien quan chua duoc install. Vao /etc/tomcat/tomcat-users.xml  de change lai user va password default.

Loi ko the bridge ethernet interface is down trong VMware

ra may that chay lenh: vmnet-bridge -d /var/run/vmnet-bridge-0.pid /dev/vmnet0 eth0/1/2.... sau do reboot lai may ao

Log vo windows xp dung lenh

Chainloader (hd0,0)+1   sau do  Boot

Can not start graphic on Suse

Sax2 -m O=vesa

Changing-from-squirrelmail-to-atmail

Changing From SquirrelMail To Atmail Open With ISPConfig 3

http://www.howtoforge.com/changing-from-squirrelmail-to-atmail-open-with-ispconfig-3

@Mail Open

Author: Sellotape
Version: 1.00
Last edited: Saturday, 04th December 2010

Atmail Open is an open source webmail client which is available free of charge and is a great alternative to Squirrelmail. This tutorial shows how to use it with ISPConfig 3 (instead of SquirrelMail). More information available here... http://atmail.org


Step 1 - Create A Database

First we need to create a database for Atmail.

* Open up ISPConfig and go to Sites.
* Select Database from the sub-navigation menu on the left.
* Click on Add new Database
* Create a Database name, Database user and a Database password


Step 2 - Backup Squirrelmail

Just in case it all goes wrong - we need to backup Squirrelmail.

cd /usr/share
mv squirrelmail squirrelmail.bak
mkdir squirrelmail


Step 3 -Download, Unpack And Remove Unnecessary Files

I was unable to get the latest version of Atmail open to work with my setup. For the purpose of this tutorial; we will be using v1.01 - Please feel free to let me know if you find a way to get the latest version working.

cd squirrelmail
wget http://downloads.sourceforge.net/atmailopen/atmailopen-1.01.tgz
tar xvfz atmailopen-1.01.tgz
cd atmailopen
mv * ../
cd ../
rm –r atmailopen
rm atmailopen-1.01.tgz


Step 4 - Make Atmail Open Writeable For Apache

chown –R [Apache-user] /usr/share/squirrelmail

Please note: On Debian systems, replace [Apache-user] with www-data. The Apache user on other Linux distributions might be different.


Step 5 - Install Atmail Open To Your Server

In your preferred browser, go to http://yourdomain.tld/webmail. You'll be required to read the on-screen instructions and read the licence agreement. Providing you accept you can continue!


Step 6 - Connect To The Database

In Step 1 we created a database in ISPConfig and we're now need to enter the details into the AtMail Open...

Connect to the database


Step 7 - Define The SMTP Host

Enter the SMTP Host (in this example we assume it is localhost). Whether or not you require Authentication (e.g. if you need to use a mail relayer to send e-mail) and an Administrator E-mail Address.

SMTP Host


Step 8 - Import Data From SquirrelMail (Or Another Webmail System)

At this step, you have the possibility to import data from other popular webmail systems. Should you decide to do this, please select Squirremail and enter the database connetion settings and click 'Continue'

Import data


Step 9 - All done! Log In To Atmail Open

You can now log in to your new Atmail Open Webmail system! It's all good to go from here but if you like, follow Step 10 to customise your login screen.

Login to Atmail


Step 10 - Customise The Login Screen

In this step we will cover how to remove the Mailserver, Language and Protocol fields from the login screen and define default settings so we don't need to input them manually everytime we login.

vi /usr/share/squirrelmail/html/login-light.html

Find the lines below and edit accordingly...

Login Header / Title text

< td >Webmail Access< /td >

Instructions to login / Custom Message

< td >< div id="AuthStatus" class="logintext" style="padding-left: 4px;" >Please provide your username and password.< /div >< /td >

Hide 'Mailserver; field from login page and set default to 'localhost'

Find...

< tr id="mailserver" >

And change to...

< tr id="mailserver" style="display:none;" >

Find...

< td align="left" >< input name="MailServer" type="text" class="logininput" id="MailServer">< /td >

And change to...

< td align="left" >< input name="MailServer" type="text" class="logininput" id="MailServer" value="localhost" >< /td >

Hide protocol from login page

Find...

< tr id="protocol" >

And change to...

< tr id="protocol" style="display:none;" >

Hide Language from login page

Find...

< tr >
< td > < /td >
< td colspan="2" align="right" >Language:< /td >

And change the < tr > tag to...

< tr style="display:none;" >

Please let me know if you have any suggestions to improve this tutorial... Enjoy!

Copyright © 2010 Ash
All Rights Reserved.

Installing Qmail server, Clamav, Spamassassin, Qmail-scanner on Suse

Installing qmail

. preparing .




root: ~ # yast -i zypper


root: ~ # zypper in gcc gcc-c++ make openssl openssl-devel gdbm-devel wget patch patchutils xinetd telnet nmap




- installing apache,php, mysql,perl, you can check this.




- installing perl modules:




root: ~ # zypper in perl-Digest-SHA1 perl-Digest-HMAC perl-Net-DNS perl-Time-HiRes perl-HTML-Tagset perl-HTML-Parser perl-YAML




- remove postfix package




root: ~ # /etc/init.d/postfix stop


root: ~ # zypper rm postfix




- download qmail package source




root: ~ # mkdir /downloads


root: ~ # cd /downloads


root: downloads # wget http://www.qmailrocks.org/downloads/qmailrocks.tar.gz


root: downloads # tar -xzvf qmailrocks.tar.gz






. compile qmail .




root: ~ # cd /downloads/qmailrocks


root: qmailrocks # ./scripts/install/qmr_install_linux-s1.script


root: qmailrocks # ./scripts/util/qmail_big_patches.script


root: qmailrocks # cd /usr/src/qmail/qmail-1.03


root: qmail-1.03 # make man && make setup check


root: qmail-1.03 # ./config-fast mail.yourdomain.com




root: qmail-1.03 # make cert




Country Name (2 letter code) [GB]: VN


State or Province Name (full name) [Berkshire]: Ho Chi Minh City


Locality Name (eg, city) [Newbury]: Ho Chi Minh City


Organization Name (eg, company) [My Company Ltd]: The Company J.A. HENCKELS Company


Organizational Unit Name (eg, section) []: mail


Common Name (eg, your name or your server's hostname) []: Company


Email Address []: postmaster@yourdomain.com






root: qmail-1.03 # chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem








. compile ucspi-tcp .




root: ~ # cd /usr/src/qmail/ucspi-tcp-0.88/


root: ucspi-tcp-0.88 # patch < /downloads/qmailrocks/patches/ucspi-tcp-0.88.errno.patch


root: ucspi-tcp-0.88 # make && make setup check






. compile daemontools .




root: ~ # cd /package/admin/daemontools-0.76/src


root: src # patch < /downloads/qmailrocks/patches/daemontools-0.76.errno.patch


root: src # cd ..


root: daemontools-0.76 # ./package/install




. compile ezmlm .




root: ~ # cd /downloads/qmailrocks/


root: qmailrocks # tar -xzvf ezmlm-0.53-idx-0.41.tar.gz


root: qmailrocks # cd ezmlm-0.53-idx-0.41


root: ezmlm-0.53-idx-0.41 # make && make setup






. compile autoresponder .




root: ~ # cd /downloads/qmailrocks/


root: qmailrocks # tar -xzvf autorespond-2.0.5.tar.gz


root: qmailrocks # cd autorespond-2.0.5


root: autorespond-2.0.5 # make && make install




. compile vpopmail (with mysql integration) .


root: ~ # mkdir -p /home/vpopmail/etc


root: ~ # chown -R vpopmail:vchkpw /home/vpopmail/


root: ~ # cd /downloads/qmailrocks


root: qmailrocks # tar -xzvf vpopmail-5.4.13.tar.gz


root: qmailrocks # cd vpopmail-5.4.13


root: vpopmail-5.4.13 # ./configure --enable-logging=p --enable-auth-module=mysql --disable-passwd --enable-clear-passwd --disable-many-domains --enable-auth-logging --enable-sql-logging --enable-valias --disable-mysql-limit




root: vpopmail-5.4.13 # make && make install-strip






. tez vpopmail .




root: ~ # cd /home/vpopmail/bin


root: bin # ./vadddomain yourdomain.com




###Password postmaster: 123456




--+ if get error like : Failure while attempting to remove_line() the locals file


create file "locals" in /var/qmail/control


root: bin # touch /var/qmail/control/locals




root: bin #./vadduser tvlong@yourdomain.com




###password tvlong: 123456






. compile vqadmin .




root: ~ # cd /downloads/qmailrocks


root: qmailrocks # tar -xzvf vqadmin-2.3.6.tar.gz


root: qmailrocks # cd vqadmin-2.3.6/


root: vqadmin-2.3.6 # ./configure --enable-cgibindir=/srv/www/cgi-bin --enable-htmldir=/srv/www/htdocs


root: vqadmin-2.3.6 # make && make install-strip








. configure vqadmin .




root: ~ # vim /etc/apache2/httpd.conf




-( add this configure )-




<Directory "/srv/www/cgi-bin/vqadmin">


deny from all


Options ExecCGI


AllowOverride AuthConfig


Order deny,allow


</Directory>






root: ~ # cd /srv/www/cgi-bin/vqadmin


root: vqadmin # vim .htaccess




-( configure this file like this )-




AuthType Basic


AuthUserFile /srv/www/cgi-bin/vqadmin/.htpasswd


AuthName vQadmin


require valid-user


satisfy any




root: vqadmin # chown wwwrun .htaccess


root: vqadmin # chmod 644 .htaccess




-( create .htpasswd file )-




root: vqadmin # htpasswd2 -bc .htpasswd admin 123456


root: vqadmin # chmod 644 .htpasswd




-( reboot apache service )-




root: vqadmin # /etc/init.d/apache2 restart




-( tez vaqdmin )-




open your web browser and goto url :


http://yourdomain.com/cgi-bin/vqadmin/vqadmin.cgi




enter the user "admin" and password: 123456 to login.








. compile maildrop .




root: ~ # cd /downloads/qmailrocks/


root: qmailrocks # tar -xzvf maildrop-1.6.3.tar.gz


root: qmailrocks # cd maildrop-1.6.3/


root: maildrop-1.6.3 # ./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root --enable-maildrop-gid=vchkpw --enable-maildirquota


root: maildrop-1.6.3 # make && make install-strip && make install-man




--) if in compiled get error like : error: expected ‘;’ before ‘<’ token , maybe you must try to use maildrop version 2.0.4. this application can download on this.






. compile qmailadmin .




root: ~ # cd /downloads/qmailrocks/


root: qmailrocks # tar -xzvf qmailadmin-1.2.9.tar.gz


root: qmailrocks # cd qmailadmin-1.2.9/


root: qmailadmin-1.2.9 # ./configure --enable-cgibindir=/srv/www/cgi-bin --enable-htmldir=/srv/www/htdocs


root: qmailadmin-1.2.9 # make && make install-strip




-( tez qmailadmin )-




open your web browser and goto url:




http://yourdomain.com/cgi-bin/qmailadmin




you should see the login screen. login with the postmaster account and password for the domain that you created by vqadmin.








. finalizing qmail .




root: ~ # /downloads/qmailrocks/scripts/finalize/linux/finalize_linux.script


root: ~ # vim /var/qmail/supervise/qmail-pop3d/run < ----- Check




find "mail.example.com" and change it to your domain name (mail.yourdomain.com).




root: ~ # vim /var/qmail/supervise/qmail-smtpd/run <------Check




find "mail.example.com" and change it to your domain name (mail.yourdomain.com).




-( stop qmail service )-




root: ~ # qmailctl stop




--+ if u get error like: svc: warning: unable to control /service/qmail-smtpd: file does not exist, you can solution with make file 'me' in directory /var/qmail/control




root: ~ # touch /var/qmail/control/me






-( setup relay )-




root: ~ # echo '127.0.0.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp


root: ~ # qmailctl cdb




-( create common system alias )-




root: ~ # echo "tvlong@yourdomain.com" > /var/qmail/alias/.qmail-root


root: ~ # echo "tvlong@yourdomain.com" > /var/qmail/alias/.qmail-postmaster


root: ~ # echo "tvlong@yourdomain.com" > /var/qmail/alias/.qmail-mailer-daemon


root: ~ # ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-anonymous


root: ~ # chmod 644 /var/qmail/alias/.qmail*








. starting qmail .




root: ~ # /downloads/qmailrocks/scripts/util/qmr_inst_check


root: ~ # qmailctl stop


root: ~ # qmailctl start


root: ~ # qmailctl stat






. tezting service .




root: ~ # nmap localhost




Starting Nmap 4.60 ( http://nmap.org ) at 2009-01-30 21:53 UTC


Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.


Interesting ports on localhost.localdomain (127.0.0.1):


Not shown: 1709 closed ports


PORT STATE SERVICE


22/tcp open ssh


25/tcp open smtp


80/tcp open http


110/tcp open pop3


443/tcp open https


3306/tcp open mysql




Nmap done: 1 IP address (1 host up) scanned in 0.145 seconds








-( tezting pop3 service )-




root: ~ # telnet localhost 110




Trying 127.0.0.1...


Connected to localhost.


Escape character is '^]'.


+OK <5521.1233352536@mail.yourdomain.com>


user postmaster@yourdomain.com


+OK


pass 123456


+OK


quit


+OK


Connection closed by foreign host.




-( tez smtp service )-










root: ~ # telnet localhost 25




Trying 127.0.0.1...


Connected to localhost.


Escape character is '^]'.


220 mail.yourdomain.com ESMTP


ehlo localhost


250-mail.yourdomain.com


250-AUTH LOGIN CRAM-MD5 PLAIN


250-AUTH=LOGIN CRAM-MD5 PLAIN


250-STARTTLS


250-PIPELINING


250 8BITMIME


starttls


220 ready for tls


quit


quit


Connection closed by foreign host.






if you have this service "250-STARTTLS" in your smtp then your server is equipped for TLS functionality.








. compile courier imap and imap ssl .




root: ~ # cd /downloads/qmailrocks/


root: qmailrocks # tar -xjvf courier-authlib-0.55.tar.bz2


root: qmailrocks # cd courier-authlib-0.55/


root: courier-authlib-0.55 # ./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib


root: courier-authlib-0.55 # make && make check


root: courier-authlib-0.55 # make install-strip && make install-configure


root: courier-authlib-0.55 # vim /etc/init.d/boot.local




--+ add this line


/usr/local/sbin/authdaemond start








. compile courier-imap .


you must compile courier-imap non-root user (ex: linux).




root: ~ # cd /downloads/qmailrocks/


root: qmailrocks # tar -xjvf courier-imap-4.0.2.tar.bz2


root: qmailrocks # useradd -m -p 123456 linux


root: qmailrocks # chown -R linux:wheel courier-imap-4.0.2


root: qmailrocks # cd courier-imap-4.0.2/


root: courier-imap-4.0.2 # su linux


linux: courier-imap-4.0.2 > ./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib


linux: courier-imap-4.0.2 > make && make check


linux: courier-imap-4.0.2 > exit


root: courier-imap-4.0.2 # make install-strip && make install-configure




--+ make SSL certificate +--


root: courier-imap-4.0.2 # /usr/local/sbin/mkimapdcert


root: courier-imap-4.0.2 # vim /usr/local/etc/imapd.cnf




change postmaster@example.com an administrative email adress (postmaster@yourdomain.com)




root: courier-imap-4.0.2 # vim /usr/local/etc/imapd




configure: IMAPDSTART=YES






root: courier-imap-4.0.2 # vim /usr/local/etc/imapd-ssl




configure: IMAPDSSLSTART=YES


make sure this configuration exists : TLS_CERTFILE=/usr/local/share/imapd.pem




root: courier-imap-4.0.2 # vim /usr/local/etc/authlib/authdaemonrc




configure : authmodulelist="authvchkpw"




root: courier-imap-4.0.2 # cp /usr/local/libexec/imapd.rc /etc/init.d/imap


root: courier-imap-4.0.2 # cp /usr/local/libexec/imapd-ssl.rc /etc/init.d/imaps




--+ starting up service +--




root: courier-imap-4.0.2 # /usr/local/sbin/authdaemond stop


root: courier-imap-4.0.2 # /usr/local/sbin/authdaemond start


root: courier-imap-4.0.2 # /etc/init.d/imap stop


root: courier-imap-4.0.2 # /etc/init.d/imap start


root: courier-imap-4.0.2 # /etc/init.d/imaps stop


root: courier-imap-4.0.2 # /etc/init.d/imaps start




--+ check with nmap +--




root : ~ # nmap localhost




Starting Nmap 4.60 ( http://nmap.org ) at 2009-02-01 14:16 UTC


Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.


Interesting ports on localhost.localdomain (127.0.0.1):


Not shown: 1707 closed ports


PORT STATE SERVICE


22/tcp open ssh


25/tcp open smtp


80/tcp open http


110/tcp open pop3


143/tcp open imap


443/tcp open https


993/tcp open imaps


3306/tcp open mysql




Nmap done: 1 IP address (1 host up) scanned in 0.145 seconds






--+ tez imap +--




root: ~ # telnet localhost 143


Trying 127.0.0.1...


Connected to localhost.


Escape character is '^]'.


* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information.


a login postmaster@yourdomain.com 123456


a OK LOGIN Ok.


a logout


* BYE Courier-IMAP server shutting down


a OK LOGOUT completed


Connection closed by foreign host.




--+ you must input 'a' before executed command (login, logout)






. compile courierpassd .




root: ~ # cd /downloads/qmailrocks/


root: qmailrocks # tar -xzvf courierpassd-1.1.0-RC1.tar.gz


root: qmailrocks # cd courierpassd-1.1.0-RC1/


root: courierpassd-1.1.0-RC1 # ./configure


root: cd courierpassd-1.1.0-RC1 # make && make install




--+ configure courierpassd +--


_configure xinetd.d




root: ~ # cd /etc/xinetd.d/


root: xinetd.d # vim courierpassd














_add this line_




service courierpassd


{


port = 106


socket_type = stream


protocol = tcp


user = root


server = /usr/local/sbin/courierpassd


server_args = -s imap


wait = no


only_from = 127.0.0.1


instances = 4


disable = no


}




_configure services




root: ~ # vim /etc/services




__add this line : ___




courierpassd 106/tcp # for /etc/xinetd.d/courierpassd <------- Check




_start service




root: ~ # /etc/init.d/xinetd restart




_tezt service




root: ~ # nmap localhost




Starting Nmap 4.60 ( http://nmap.org ) at 2009-02-02 12:02 UTC


Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.


Interesting ports on localhost.localdomain (127.0.0.1):


Not shown: 1706 closed ports


PORT STATE SERVICE


22/tcp open ssh


25/tcp open smtp


80/tcp open http


106/tcp open pop3pw


110/tcp open pop3


143/tcp open imap


443/tcp open https


993/tcp open imaps


3306/tcp open mysql




Nmap done: 1 IP address (1 host up) scanned in 0.203 seconds








. install squirrelmail (web mail client) .




root: ~ # cd /downloads


root: downloads # wget http://internode.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.17.tar.bz2


root: downloads # tar -xjvf squirrelmail-1.4.17.tar.bz2


root: downloads # mv squirrelmail-1.4.17 webmail


root: downloads # mv webmail/ /srv/www/htdocs/




--+ configure squirrelmail +--




root: ~ # mkdir /var/sqattachements


root: ~ # chown -R wwwrun:www /var/sqattachements/


root: ~ # cd /srv/www/htdocs/webmail/


root: webmail # chown -R wwwrun:www data/


root: webmail # cd config/


root: config # ./conf.pl




* push number #2 (Server Settings) and #1 (Domain) to configure your ip for your domain (ex: 192.186.1.1) and then press key S (save) and Q (quit).




SquirrelMail Configuration : Read: config_default.php (1.4.0)


---------------------------------------------------------


Server Settings




General


-------


1. Domain : 192.186.1.1


2. Invert Time : false


3. Sendmail or SMTP : SMTP




A. Update IMAP Settings : localhost:143 (other)


B. Update SMTP Settings : localhost:25




R Return to Main Menu


C Turn color on


S Save data


Q Quit






--+ add plugins change_pass +--




root: ~ # cd /srv/www/htdocs/webmail/plugins/


root: plugins # wget http://www.squirrelmail.org/plugins/change_passwd-4.0-1.2.8.tar.gz


root: plugins # tar -xzvf change_passwd-4.0-1.2.8.tar.gz <======


root: plugins # rm change_passwd-4.0-1.2.8.tar.gz


root: plugins # cd ../config/


root: config # ./conf.pl




* select #8 (plugins) then #4 (change_passwd) then hitting enter for actived/installed this plugin. hitting key S (save) then Q (quit).






--+ configure virtual host +---














root: ~ # vim /etc/apache2/httpd.conf




_add configuration like this :_




<VirtualHost 192.186.1.1:80>


ServerName mail.yourdomain.com


ServerAlias mail.*


ServerAdmin postmaster@yourdomain.com


DocumentRoot /srv/www/htdocs/


</VirtualHost>




root: ~ # /etc/init.d/apache2 restart




* open your web browser and go to url




http://mail.yourdomain.com




but if you are not make virtual host, you can access webmail like this:




http://yourdomain.com/webmail




then login with yours email accout or with account:




username : postmaster@yourdomain.com


password : 123456

Install Clamav by source

tar zxvf clamav-0.97.tar.gz


useradd -c "Qmail-Scanner Account" -s /bin/false qscand


cd clamav-0.97


./configure --with-user=qscand --with-group=qscand


make && make install


ldconfig -v




Now, we configure its configuration files, these are as follows:




vi /usr/local/etc/clamd.conf




#Example


LogFile /var/log/clamav/clamd.log


LogFileMaxSize 20M


LogTime yes


LogClean yes


LogSyslog yes


PidFile /var/run/clamav/clamd.pid


TemporaryDirectory /var/tmp


DatabaseDirectory /usr/local/share/clamav


LocalSocket /var/run/clamav/clamd.cl


MaxConnectionQueueLength 30


User qscand


MaxThreads 20


ScanMail yes




Now, create some directories with the ownership of qscand:




mkdir /var/run/clamav


chown -R qscand.qscand /var/run/clamav


mkdir /var/log/clamav


chown -R qscand.qscand /var/log/clamav


chmod -R 755 /var/log/clamav




By this, clamav is successfully installed.




/usr/local/sbin/clamd &




vi /usr/local/etc/freshclam.conf




#Example


DatabaseDirectory /usr/local/share/clamav


UpdateLogFile /var/log/clamav/freshclam.log


LogSyslog yes


DatabaseOwner qscand


DNSDatabaseInfo current.cvd.clamav.net


DatabaseMirror database.clamav.net


DatabaseMirror db.in.clamav.net


NotifyClamd /usr/local/etc/clamd.conf




Save and exit.




freshclam -v

Install Spamassasin by zypper command

- zypper in perl-spamassassin spamassassin


- /etc/init.d/spamd start

 Install qmail-scanner & qms-analog

Unpack qmail-scanner...


tar zxvf qmail-scanner-1.25.tgz


Now unpack qms-analog...


tar zxvf qms-analog-0.4.2.tar.gz


Install qms-analog itself. This will come in handy in the next step when we install Qmailanalog.


cd qms-analog-0.4.2


make all


Next, we copy needed qms-analog files to the qmail-scanner source directory...


cp qmail-scanner-1.25-st-qms-YYYYMMDD.patch /downloads/qmailrocks/qmail-scanner-1.25/


Now, let's apply the qms-analog patch...


cd /downloads/qmailrocks/qmail-scanner-1.25


patch -p1 < qmail-scanner-1.25-st-qms-YYYYMMDD.patch


Now we will configure qmail-scanner and install it. Ordinarily, you would run the ./configure script to configure and install qmail-scanner. However, Mark Teel has donated a handy little config script that does most of the work for you.This script is called "qms-config-script" and, if you look above, you should have already copied this config script into the qmail-scanner source directory.


How you go about configuring and installing qmail-scanner from this point on depends on how you server's installation of Perl is configured. For the purposes of this installation, there are 2 Perl setups.


1. Perl is configured to allow for setuid functions.


2. Perl is not configured for setuid functionality and, in fact, does not permit it.


We'll start off with the configuration step for a server that allows setuid. However, if you run into setuid errors, you can jump to a set of instructions for servers that do not allow setuid functionality.


So let's do it...


First, you need to configure the script for your needs...


cd /downloads/qmailrocks/qmail-scanner-1.25


vi qms-config


You will notice several fields that need to be customized to fit your needs. Let's have a look. I've highlighted the fields you should customize in RED


#!/bin/sh


if [ "$1" != "install" ]; then
INSTALL=
else
INSTALL="--install"
fi


./configure --domain yourdomain.com \
--admin postmaster \
--local-domains "yourdomain.com,yourotherdomain.com" \
--add-dscr-hdrs yes \
--dscr-hdrs-text "X-Antivirus-MYDOMAIN" \
--ignore-eol-check yes \
--sa-quarantine 0 \
--sa-delete 0 \
--sa-reject no \
--sa-subject ":SPAM:" \
--sa-delta 0 \
--sa-alt yes \
--sa-debug no \
--notify admin \
"$INSTALL"


Now save and exit out of the config file. That was easy, wasn't it.


And now we will run a test config for qmail-scanner...


chmod 755 qms-config


./qms-config


Answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server.


If don't have any error ... continue...




If the config test produced any error messages, stop here!

If you got a "setuid" related error when you ran the above script it is most likely due to you Perl installation not supporting setuid functionality 


Stop and continue with this URL:  http://www20119.blogspot.com/2011/03/perl-does-not-allow-for-setuid.html




If you didn't get any errors on the test run above, then you should be ok to run the "real" installation script below. So let's do it...
./qms-config install
Again, answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips.
And now all that's left for qmail-scanner is to initiate the version file and the perlscanner database...
First, we'll initialize the version file. This command also helps to keep your server's /var/spool/qmailscan folder clear of rogue files that can develop when SMTP sessions are dropped. You may want to stick this command into your server's crontab and run it once a day. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial.. So let's run it...
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
And now we will generate a new perlscanner database for qmailp-scanner. For future reference, it's a good idea to run this next command whenever you upgrade qmail-scanner. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial. So let's do i t...
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
A successful database build should produce the following output:
perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 9 entries.
And now one final ownership check...
chown -R qscand:qscand /var/spool/qmailscan
Woohoo, qmail-scanner is installed! Now it's time to tie qmail-scanner into qmail itself.
vi /var/qmail/supervise/qmail-smtpd/run
To instruct Qmail to use Qmail-Scanner as the alternative queuing mechanism, we add the following line to the SMTP "run" script right under the first line (#!/bin/sh):
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
..and we change the "softlimit" in that same script...
change softlimit to 40000000
Note: It is absolutely vital that you change the "Softlimit" setting in this script. If you don't, qmail may fail to deliver mail!!!
So now the qmail-smtp/run file should look like this:
#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 40000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd your_domain.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
Once you've got the qmail-smtpd file modified, save the changes and exit from the file. Now we will finalize the qmail-scanner installation by going over some post-install configuration options. After that, we'll fire everything up and take qmail-scanner for a test drive!
Click Here to continue

If your Perl installation does NOT allow for setuid functionality cd /downloads/qmailrocks/qmail-scanner-1.25/contrib make install Now we will customize the qmail-scanner configuration script... cd /downloads/qmailrocks/qmail-scanner-1.25 vi qms-config-cwrapper You will notice several fields that need to be customized to fit your needs. Let's have a look. I've highlighted the fields you should customize in RED #!/bin/sh if [ "$1" != "install" ]; then INSTALL= else INSTALL="--install" fi ./configure --domain yourdomain.com \ --admin postmaster \ --local-domains "yourdomain.com,yourotherdomain.com" \ --add-dscr-hdrs yes \ --dscr-hdrs-text "X-Antivirus-MYDOMAIN" \ --ignore-eol-check yes \ --sa-quarantine 0 \ --sa-delete 0 \ --sa-reject no \ --sa-subject ":SPAM:" \ --sa-delta 0 \ --sa-alt yes \ --sa-debug no \ --notify admin \ --skip-setuid-test \ "$INSTALL" Now save and exit out of the config file. That was easy, wasn't it. And now we will run a test config for qmail-scanner... chmod 755 qms-config-cwrapper ./qms-config-cwrapper Answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips. ./qms-config-cwrapper install Again, answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips. vi /var/qmail/bin/qmail-scanner-queue.pl Then change the first line of /var/qmail/bin/qmail-scanner-queue.pl to "#!/usr/bin/perl (in other words, remove the "-T" from the perl call.) chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl And now all that's left for qmail-scanner is to initiate the version file and the perlscanner database... First, we'll initialize the version file. This command also helps to keep your server's /var/spool/qmailscan folder clear of rogue files that can develop when SMTP sessions are dropped. You may want to stick this command into your server's crontab and run it once a day. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial.. So let's run it... /var/qmail/bin/qmail-scanner-queue -z And now we will generate a new perlscanner database for qmailp-scanner. For future reference, it's a good idea to run this next command whenever you upgrade qmail-scanner. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial. So let's do i t... /var/qmail/bin/qmail-scanner-queue -g A successful database build should produce the following output: perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt perlscanner: total of 9 entries. And now one final ownership check... chown -R qscand:qscand /var/spool/qmailscan Woohoo, qmail-scanner is installed! Now it's time to tie qmail-scanner into qmail itself. vi /var/qmail/supervise/qmail-smtpd/run To instruct Qmail to use Qmail-Scanner as the alternative queuing mechanism, we add the following line to the SMTP "run" script right under the first line (#!/bin/sh): QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" ; export QMAILQUEUE ..and we change the "softlimit" in that same script... change softlimit to 40000000 Note: It is absolutely vital that you change the "Softlimit" setting in this script. If you don't, qmail may fail to deliver mail!!! So now the qmail-smtp/run file should look like this: #!/bin/sh QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" ; export QMAILQUEUE QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo "No /var/qmail/control/rcpthosts!" echo "Refusing to start SMTP listener because it'll create an open relay" exit 1 fi exec /usr/local/bin/softlimit -m 40000000 \ /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ /var/qmail/bin/qmail-smtpd your_domain.com \ /home/vpopmail/bin/vchkpw /usr/bin/true 2>&1 Once you've got the qmail-smtpd file modified, save the changes and exit from the file. Now we will finalize the qmail-scanner installation by going over some post-install configuration options. After that, we'll fire everything up and take qmail-scanner for a test drive! Click Here to continue

To activate all the changes we just made, we're going to have to completely stop and restart qmail.
Stop it...
qmailctl stop
and start it...
qmailctl start
And a quick check of the qmail processes, just to be safe..
qmailctl stat
Now it's time to test the whole damn thing to see if Qmail-Scanner, Spamassassin and Clam AV are all working correctly. Fortunately, Qmail-Scanner comes with it's own testing script that does a fantastic job. So let's test it!
cd /downloads/qmailrocks/qmail-scanner-1.25/contrib
chmod 755 test_installation.sh
./test_installation.sh -doit
A successful test should produce the following output. 2 messages should be quarantined by Clam Antivirus in /var/spool/quarantine/new and 2 messages should be set to whatever mailbox you specified in the Qmail-scanner configuration script. Don't worry if you don't get virus notification emails. The normal notification emails that get sent out upon virus detection usually don't work during the test.
setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this test...
Sending standard test message - no viruses...
done!
Sending eicar test virus - should be caught by perlscanner module...
done!
Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)...
Sending bad spam message for anti-spam testing - In case you are using SpamAssassin...
Done!
Finished test. Now go and check Email for postmaster@mydomain.com
If you get 2 messages in your inbox and you see 2 messages in the quarantine folder, it's time to crack open a cold one! You've successfully installed all 3 packages! Woohoo!