June 5, 2012

 Configuration of CalDAV/CardDAV via SSL

By default Atmail is installed for CalDAV/CardDAV to listen on port 8008 for connections. Some clients such as iCal.app under OS-X will attempt to connect via SSL on port 8443, encrypting all calendar data between the client and server.

To enable SSL CalDAV/CardDAV connections on your server, specify a new VirtualHost, for example:

/etc/httpd/conf.d/atmail-dav.conf


# SSL version for CalDAV/CardDAV
Listen 8443

SSLEngine on
SSLCertificateFile /usr/local/atmail/mailserver/ssl/yourssl.crt
SSLCertificateKeyFile /usr/local/atmail/mailserver/ssl/yourssl.key.nopass

# Change to your DocumentRoot, this is the default path for Atmail
DocumentRoot /usr/local/atmail/webmail/dav/
RewriteEngine On

# CardDAV iOS device auto-probe redirect
RewriteRule ^/\.well-known\/carddav /mail/dav/ [R]
RewriteRule ^/(.*)$ /rootserver.php [L]


Restart Apache, and desktop clients such as iCal will attempt to connect via CalDAV (SSL, port 8443) by default, when creating a new account.


Filed under: Atmail 6,Groupware,PHP version — info @ 5:34 pm

 

April 17, 2011

 Using Unison with Atmail

Unison allows two replicas of a collection of files and directories to be stored on different hosts (or different disks on the same host), modified separately, and then brought up to date by propagating the changes in each replica to the other. In other words, it can be used for two-way synchronization between your servers.

For illustrative purposes in this example, the Unison Master hostname will be called "master-foo-01"; the Client hostname will be called "slave-foo-02".

To setup Unison on your machine, do the following for both machines:

1.) Download the dependency, OCaml from: http://caml.inria.fr/download.en.html

atmail@master-foo-01# wget "http://caml.inria.fr/pub/distrib/ocaml-3.12/ocaml-3.12.0.tar.gz"

2.) Install emacs (a dependency):

atmail@master-foo-01# yum install emacs

3.) Unpack, install OCaml:

atmail@master-foo-01# tar xvfz ocaml-3.12.0.tar.gz
atmail@master-foo-01# cd ocaml-3.12.0
atmail@master-foo-01# ./configure && make world
atmail@master-foo-01# make opt
atmail@master-foo-01# make install

4.) Download Unison from: http://www.cis.upenn.edu/~bcpierce/unison/download.html

atmail@master-foo-01# wget "http://www.seas.upenn.edu/~bcpierce/unison//download/releases/stable/unison-2.40.63.tar.gz"

5.) Untar, install:

atmail@master-foo-01# make world opt
atmail@master-foo-01# sudo make install

6.) Move the Unison binary to your preferred prefix. We suggest /usr/bin/:

atmail@master-foo-01# mv unison /usr/bin/unison
atmail@master-foo-01# chmod 755 /usr/bin/unison

7.) You will then need to set the keys. Create a SSH public key on the Master server:

atmail@master-foo-01# ssh-keygen -t rsa

8.) This will produce a public key in /home/atmail/.ssh/id_rsa.pub. Copy the .pub file to the Slave machine:

atmail@master-foo-01# scp /home/atmail/.ssh/id_rsa.pub root@slave-foo-02:/home/atmail/.ssh/id_rsa.pub

9.) Pipe the public key into a file called authorized_keys, in your .ssh directory.

atmail@slave-foo-02# cat /home/atmail/.ssh/id_rsa.pub >> authorized_keys

10.) Make sure that the authorized_keys file, and all of the contents of the .ssh directory have 600 permissions:

atmail@slave-foo-02# chmod 600 /home/atmail/.ssh/*

11.) Try to login, sans password, from the Master machine to the Client machine.

atmail@master-foo-01# ssh atmail@slave-foo-02

12.) This should allow you to login. Now, you can try to sync the differences between the users/ directory of the master and slave machines. From any of the machines, execute:

atmail@master-foo-01# unison -batch -auto /usr/local/atmail/users ssh://slave-foo-01//usr/local/atmail/users

13.) The output should be similar to:

UNISON 2.40.63 finished propagating changes at 01:25:25.57 on 18 Apr 2011
Saving synchronizer state
Synchronization complete at 01:25:25  (xx items transferred, 0 skipped, 0 failed)

14.) You will need to set this in cron. Create a file called /home/atmail/unison.sh. In the file:

#!/bin/sh
/usr/bin/unison -batch -auto /usr/local/atmail/users ssh://slave-foo-01//usr/local/atmail/users

15.) Set permissions:

% chmod 755 /home/atmail/unison.sh

16.) Add an entry to your /etc/crontab. It will look like:

01,10,20,30,40,50 * * * * atmail /home/atmail/unison.sh

This will synchronize your /usr/local/atmail/users directory for both machines.


Filed under: Atmail 5,Atmail 6,Multiserver,OS,Uncategorized — John Contad @ 10:13 pm

 

April 3, 2011

 Manually Upgrading Atmail 6.x.x Appliance to Atmail 6.20.7 +

If you wish to upgrade your appliance to the latest version of Atmail (6.20.7+), please do the following.

1. Download latest version

To install the latest Atmail patch download a copy from the client-portal page - http://atmail.com/portal/ or download the latest evaluation version.

In these instructions, replace [version] with your current version of Atmail. These are generic instructions to upgrade any previous release of Atmail 6.X to the latest version. The process is designed to be as straightforward as possible, and uses the WebAdmin interface to help simplify the upgrade.

2. Backup

Note: The upgrade and migration scripts have been used for production systems and considered stable.

Before proceeding it is strongly recommended that you make a backup of your current Atmail installation:

mysqldump -u root -p atmail6 > /usr/local/atmail/atmail6[version]-backup.sql

tar cfvz atmail6[version]-backup.tgz /usr/local/atmail /etc/httpd/conf/httpd.conf /etc/init.d/atmailserver

This is required before you upgrade in case you need to roll-back any changes, do not skip this step.

Any customizations to Atmail (PHP, HTML, MTA-related code changes) must be backed up. The upgrade process will overwrite any modifications, and these must be merged in after the upgrade./

3. Extract the patch out into the directory for Atmail

Extract the files:

tar xfvz atmail6.mailserver.tgz -C /usr/local/

4. Permissions

You will now need to give Atmail correct permissions.

chown -R atmail /usr/local/atmail/webmail/

5. Rename Files

You will now need to rename the following file.
mv /usr/local/atmail/mailserver/bin/atmail-update-version /usr/local/atmail/mailserver/bin/atmail-update-version.off

6. WebAdmin Update

Visit the WebAdmin of Atmail and use the Update software link. This will guide you through the web-based upgrade utility for the database schema updates and config changes:

e.g http://server.com/mail/index.php/admin/

Where server.com/mail/index.php is the URL of the Atmail software on your server.Login to Web Administration using your admin username/password, then click the License tab > Update software.

7. Command Line Update

Depending on the software update, additional packages may need to be re-installed or re-compiled if you are using the Email Server version of Atmail. If prompted during the Web Admin upgrade, run the additional upgrade utility from a command-line:

cd /usr/local/atmail/ php server-update.php [version]

Where [version] is the previous version of Atmail installed.

8. Upgrade Complete

Congratulations, the upgrade is now complete. You can now reload the Webmail interface of Atmail and begin using the latest release and features.If you've made any customizations to the HTML templates, images, or source-code, these changes will need to be copied back in after the upgrade. We recommend using the “diff” command-line utility to compare any local customizations to the latest version.

Troubleshooting

Force Re-Run UpgradeIf you run into any troubles with the upgrade you may need to re-run the upgrade process.

Assuming that your last version was 6.20.1; Login to your Atmail database and execute the following command.

update Config set keyValue = "6.20.1" where keyName = "version";

This will fool the WebAdmin update scripts and enable re-running the sql schema updates via the WebAdmin > License > Update Software.

Following the success of the WebAdmin update, please then execute the server-update.php file as the update page will instruct you.

php server-update.php 6.20.1


Filed under: Atmail 6,Installation — Stewart Bazley @ 5:49 pm

 

January 18, 2011

 Creating Mailing Lists in Atmail 6.x

As some may have noticed, the method used for mailing list creation in Atmail 5.x no longer works with Atmail6. There is however a solution to creating mailing lists for Atmail 6. The easiest way, if you have many users to add at once is to use the batch-alias-create.php script described here. Create a csv file like such:

Deliver,list@domain.com,user1@dom.com;user2@dom.com;user3@dom.com;...etc

(If you have more than one mailing list you wish to create then put the details for each one on a new line in the csv file.)

With the example above a "deliver locally and alias" alias will be created which will result in all mail sent to list@domain.com also being forwarded to each email address specified (note that the "forward-to" addresses are separated by a semi-colon ";" not a comma ","). The effect of this is the same as the old style Atmail 5 mailing list; list@domain.com will receive a copy of all emails and they will also be forwarded to everyone in the "list".

To add single addresses to the mailing list just go to Webadmin > Services > Mail Aliases, select "Local Alias" as the alias type, enter the address of the list in the "Local Email Address" field and the address of the user you wish to add in the "Forward To" field, then click "Add Alias".

To delete addresses from the list simply find in the table the entry or entries you wish to delete, check the checkbox then click "Delete Selected". You may wish to type in the name of the list or the name of the account in the "Filter by domain" field at the top if you have many entries in the table, just to make your target easier to find.

And that is about it. Pretty simple!


Filed under: Atmail 6,Hints and Tips,maintenance tools — Brad Kowalczyk @ 8:15 pm

 

 Batch Creation of Aliases in Atmail

If you have many aliases you wish to define for Atmail then it can become tedious using the Webadmin UI. With this in mind we have created an easy to use CLI script to overcome the problem of bulk/batch adding of aliases into Atmail.

First up download the script from here. Then extract into place with this command: tar xvzf batch-alias-create.php -C /usr/local/atmail/webmail. You will then find the script located at /usr/local/atmail/webmail/utilities/tools/batch-alias-create.php

The script usage is as such:

#php batch-alias-create.php /path/to/csv

The csv file should take the following format:

alias-type,alias-name,forward-to

Where alias-type can be either:

1. Local - divert email from the address given in alias-name to the address/es given in forward-to

2. Deliver - deliver to the address given in alias-name and also forward to the address/es in forward-to

3. Domain - Catch all email going to the domain specified in alias-name and forward it to the address/es in forward-to

4. Virtual -  Forward all email from the domain in alias-name to the domain in forward-to

5. MailDir - store any email's coming to the address in alias-name at the path defined by forward-to

Where alias-name is either an email address or a domain name, depending on alias-type
Where forward-to is either an email address, a list of email addresses (separated by a semi-colon ; ) or a domain name, depending on alias-type.

Here is a sample csv file:

MailDir,brad@test.com,/usr/home/brad/mail
Deliver,list@test.com,brad@test.com;brad@atmail.com;brad@domain.com
Local,brad@nothere.com,brad@domain.com
Virtual,testing.com,test.com
Domain,cool.com,brad@test.com

So the first line creates a MailDir Alias (as it is called in Webadmin) which stores any mail sent to brad@test.com at /usr/home/brad/mail.

The second line creates a "Deliver Locally and Alias" alias, which forwards a copy of any mail for list@test.com to brad@test.com, brad@atmail.com and brad@domain.com (it also delivers a copy to list@test.com). Notice that the forward-to addresses are separated by a semi-colon ( ; ) and not a comma ( , )

The third line creates a "Local Alias", so  that any email received for brad@nothere.com is forwarded to brad@domain.com (you can specify multiple forward-to recipients, separated by a semi-colon ; )

The fourth line creates a "Virtual Domain Alias" where any mail received for any user @testing.com is forwarded to that same user @test.com (so for eg. mail for brad@testing.com will be forwarded to brad@test.com).

The fifth line creates a "Domain" or "Catch All" alias, where any email sent to any user at cool.com is forwarded to brad@test.com

This script is also very useful for creating mailing lists as described in this kb article. We hope you find this script helpful.


Filed under: Atmail 6,CLI tools,maintenance tools — Brad Kowalczyk @ 7:37 pm

 

December 22, 2010

 Purging users via CSV

Should you need to purge a large set of users from your Atmail system, you can use a new script to batch delete via a CSV file.

This will be included in Atmail 6.2.1 due Jan 2011 - In the meantime you can use the script below, store under:

webmail/utilities/tools/purge-users-csv.php
The usage is simple:

cd webmail/utilities/tools/

php purge-users.csv.php /path/to/userlist.txt

Where /path/to/userlist.txt contains a list of users, seperated by a newline.

This script will remove all the users database entries, clear the users maildir and purge the account from the system.
-

/**
* Purge users from the system who have not logged in
* in the last X days (where X is passed as an argument)
* to this script
*
* @author Ben Duncan
* @usage php purge-users-csv.php /path/to/csv
*/

require_once("/usr/local/atmail/webmail/utilities/nfc-bootloader.php");

// require that the argument is numeric
if (empty($_SERVER['argv'][1])) {
echo "\nUsage: php purge-users-csv.php /path/to/csvfile.txt\n\n".
"Where csvfile.txt contains a list of users seperated by a newline\n";
exit;
}

// setup api access
require_once('application/models/api.php');
$_SERVER['PHP_AUTH_USER'] = 'admin';
$api = new api( array('directApi' => 1) );

echo "Opening " . $_SERVER['argv'][1] . "\n";

$fp = fopen($_SERVER['argv'][1], "r");

while ( ($line = fgets($fp)) !== false) {

$line = trim($line);

// fetch our list of inactive accounts
$userExists = $dbAdapter->fetchOne("select Account from UserSession where Account=?", array($line));

if( !empty($userExists) )    {
echo "Deleting $line - ";

$arr = $api->userDelete($line);

if($arr['status'] == 'failed')
echo 'FAIL ' . $arr['response'] . "\n";
else
echo "OK\n";

} else {
echo "Deleting $line - FAIL ( no such user )\n";
}

}


Filed under: API,Atmail 6 — info @ 1:08 am

 

December 14, 2010

 Purging Inactive Users From Atmail

After running a mailserver for some time, especially those with larger user bases, you may find you want to purge the Atmail system of any inactive users. Included with Atmail 6.20.4 was a new script that allows you to do just that. You will find the script at /usr/local/atmail/webmail/utilities/tools/purge-users.php (the /usr/local/atmail part of the path may vary for webmail only installations) and it is used as such:

Usage: php purge-users.php [days-inactive] [--no-delete]
days-inactive    Delete users inactive for this many days or more
--no-delete    do not actually delete any users, just print them

For example, I want to delete all users whom have been inactive for 60 days. I want to double check the list first so I pass the --no-delete option:

# cd /usr/local/atmail/webmail/utilities/tools/
# php purge-users.php 60 --no-delete
TEST RUN -- no accounts actually deleted
Deleting brad@atmail.com, inactive since 2010-11-05 11:54:14
Deleting test@atmail.com, inactive since 2010-11-19 23:01:19

Once I confirm that I indeed wish to delete those accounts listed I re-issue the command, this time without the --no-delete option:

# php purge-users.php 60
Deleting brad@atmail.com, inactive since 2010-11-05 11:54:14
Deleting test@atmail.com, inactive since 2010-11-19 23:01:19

Now the inactive accounts have been deleted, that includes all email and other data associated with them.


Filed under: Atmail 6,maintenance tools,Optimization,Uncategorized — Brad Kowalczyk @ 8:33 pm

 

December 12, 2010

 Updating Exim to 4.72

Updating Exim to 4.72 is essential, as it contains security measures that nullify current issues with versions 4.69 and older. Before applying this update, make sure you have the PCRE package installed. This can be done via yum or apt. For Fedora or CentOS:

% yum install pcre-devel

For Ubuntu/Debian:

% apt-get install libpcre3 libpcre3-dev libpcre++-dev

---
To update Exim, do the following:

1.) Download the new Exim package from: http://kb.atmail.com/attach/eximatmail.tgz

% wget  'http://kb.atmail.com/attach/eximatmail.tgz'

2.) Replace your current package with the new package:

% mv /usr/local/atmail/server_source/eximatmail.tgz /usr/local/atmail/server_source/eximatmail.tgz.old
% mv /usr/local/atmail/server_source/exim-4.69/ /tmp/exim-4.69/
% mv eximatmail.tgz /usr/local/atmail/server_source/eximatmail.tgz

3.) Make a backup of your current configure file:

% cp -R /usr/local/atmail/mailserver/configure /usr/local/atmail/mailserver/configure.backup

4.) Stop Atmail:

% /etc/init.d/atmailserver stop

5.) Rebuild:

% php /usr/local/atmail/server_source/scripts/buildexim.php

5.) After rebuilding, open up your /usr/local/atmail/mailserver/configure file. Find this line:

# Stop the SMTP if load > X
smtp_load_reserve = 20

6.) Below this, add:

dkim_verify_signers = $sender_address_domain

7.) Find:

acl_smtp_data = acl_check_content

8.) Below this, add:

acl_smtp_dkim = acl_check_dkim

9.) Find:

deny    message       = relay not permitted

10.) Below this, add:

acl_check_dkim:

deny message = Invalid DKIM
dkim_status = fail

accept

11.) Restart Atmail:

% /etc/init.d/atmailserver restart

Congratulations! Now you have the new version, with improved security and DKIM capabilities.


Filed under: Anti-Spam,Atmail 5,Atmail 6,Exim,Improvements and Fixes,Uncategorized — John Contad @ 9:24 pm

 

November 17, 2010

 How to reset the admin password

It happens, you forget the admin user password for Atmail, or your sysadmin leaves without providing the password.

So how do you reset the adminitration password for Atmail? Easy.

1: Find the mysql details for Atmail under webmail/config/dbconfig.ini

2: Connect to the mysql server, e.g

mysql -u root -p

3: Reset the password via SQL

update AdminUsers set Password=MD5('mynewpass') where Username='admin' and UMasterAdmin='1';

4: Login via the Atmail Webadmin with the new password!


Filed under: Atmail 6,Database,PHP version — info @ 10:46 pm

 

November 7, 2010

 Fail2Ban for Exim SMTP Auth

Fail2Ban is a great utility which can be found via: http://www.fail2ban.org. It checks for the output of various log files, and assigns an action to take, based on the IP address in the log file.This can be handy for introducing lockouts for various services. In this scenario, we will use Fail2Ban to create a lockout time for 3 consecutive failed logins to Exim SMTP Auth, via IP tables.

Prerequisites:

- IPTables

- Python 2.3 or newer

Steps:

1.) Download Fail2Ban for your distribution via: http://www.fail2ban.org/wiki/index.php/Downloads

2.) If using the source version, untar the file, then install:

% tar xvfj fail2ban-0.8.3.tar.bz2
% cd fail2ban-0.8.3
% python setup.py install

3.) This will create the fail2ban binary. To check if everything is running fine, run:

% fail2ban-client -h

This will have an output similar to:

% fail2ban-client -h
Usage: /usr/bin/fail2ban-client [OPTIONS]

Fail2Ban v0.8.3 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.

4.) Download the jail-smtpauth.conf and smtpauth.conf files from the following links:

- http://atmail.com/kb/attach/smtpauth.conf

- http://atmail.com/kb/attach/jail-smtpauth.conf

5.) Place jail-smtpauth.conf in /etc/fail2ban/jail.conf. Place smtpauth.conf in /etc/fail2ban/filter.d/smtpauth.conf.

6.) Start the fail2ban service:

% fail2ban-client start

7.) You can further alter the parameters. By default, if a user fails to login to Exim SMTP Auth for three times, the user is blocked from port 25 for about 10 minutes. Should you want to change this behaviour, open the /etc/fail2ban/jail.conf file, and find the following lines:

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

8.) So should you wish to  set it so that the user can fail to login for five times in the span of 20 minutes, before banning the IP for an hour, the settings will look like:

# "bantime" is the number of seconds that a host is banned.
bantime  = 3600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 1200

# "maxretry" is the number of failures before a host get banned.
maxretry = 5

9.) Stop and start Fail2Ban afterwards:

% fail2ban-client stop
% fail2ban-client start


Filed under: Anti-Spam,Anti-Virus,Atmail 6,Exim,OS,Uncategorized — John Contad @ 8:33 pm