Updating Exim to 4.72 is essential, as it contains security measures that nullify current issues with versions 4.69 and older. Before applying this update, make sure you have the PCRE package installed. This can be done via yum or apt. For Fedora or CentOS:

% yum install pcre-devel

For Ubuntu/Debian:

% apt-get install libpcre3 libpcre3-dev libpcre++-dev

---
To update Exim, do the following:

1.) Download the new Exim package from: http://kb.atmail.com/attach/eximatmail.tgz

% wget  'http://kb.atmail.com/attach/eximatmail.tgz'

2.) Replace your current package with the new package:

% mv /usr/local/atmail/server_source/eximatmail.tgz /usr/local/atmail/server_source/eximatmail.tgz.old
% mv /usr/local/atmail/server_source/exim-4.69/ /tmp/exim-4.69/
% mv eximatmail.tgz /usr/local/atmail/server_source/eximatmail.tgz

3.) Make a backup of your current configure file:

% cp -R /usr/local/atmail/mailserver/configure /usr/local/atmail/mailserver/configure.backup

4.) Stop Atmail:

% /etc/init.d/atmailserver stop

5.) Rebuild:

% php /usr/local/atmail/server_source/scripts/buildexim.php

5.) After rebuilding, open up your /usr/local/atmail/mailserver/configure file. Find this line:

# Stop the SMTP if load > X
smtp_load_reserve = 20

6.) Below this, add:

dkim_verify_signers = $sender_address_domain

7.) Find:

acl_smtp_data = acl_check_content

8.) Below this, add:

acl_smtp_dkim = acl_check_dkim

9.) Find:

deny    message       = relay not permitted

10.) Below this, add:

acl_check_dkim:

deny message = Invalid DKIM
dkim_status = fail

accept

11.) Restart Atmail:

% /etc/init.d/atmailserver restart

Congratulations! Now you have the new version, with improved security and DKIM capabilities.

This guide covers the steps you need to take to install EAccelerator (http://eaccelerator.net). eAccelerator is a free open-source PHP accelerator and optimizer. It optimizes scripts to speed up their execution, typically reducing server load and increasing the speed of your PHP code by up to ten times.

First, download the latest version of EAccelerator from: http://bart.eaccelerator.net/source/

% wget "http://bart.eaccelerator.net/source/0.9.6/eaccelerator-0.9.6.tar.bz2"

Untar, then go to the unpacked directory:

% tar xvfj eaccelerator-0.9.6.tar.bz2
% cd eaccelerator-0.9.6

Find the base directory of your PHP installation. Typically, this resides two directories down from where your PHP binary is. For this guide, we will assume that php is installed in "/usr/local/bin/php" - therefore, making the base directory "/usr/local".

Execute the following commands inside the eAccelerator directory:

% export PHP_PREFIX="/usr/local/"
% $PHP_PREFIX/bin/phpize

Then, run the configure script:

% ./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
% make
% make install

The last command will output a path. Take note of this. For our example, the path will look like:

Installing shared extensions:     /usr/local/lib/php/extensions/no-debug-non-zts-20090626/

Find your php.ini file. It is commonly under /etc/php.ini or /usr/local/lib/php.ini. Add these lines to your php.ini file:

[eaccelerator]

zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20090626/eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

Make sure that the line in bold (zend_extension) is defined as the same path you took note of earlier in the installation. Restart Apache afterwards:

% apachectl restart

To test if eAccelerator is active, execute the following command:

% php -v

This should output something similar to:

PHP 5.3.1 (cli) (built: Jan 14 2010 22:06:44)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies
    with eAccelerator v0.9.6, Copyright (c) 2004-2010 eAccelerator, by eAccelerator

Congratulations! You now have eAccelerator active.

Fail2Ban is a great utility which can be found via: http://www.fail2ban.org. It checks for the output of various log files, and assigns an action to take, based on the IP address in the log file.

This can be handy for introducing lockouts for various services. In this scenario, we will use Fail2Ban to create a lockout time for 3 consecutive failed logins to Courier-IMAP, via IP tables.

Prerequisites:

- IPTables

- Python 2.3 or newer

Steps:

1.) Download Fail2Ban for your distribution via: http://www.fail2ban.org/wiki/index.php/Downloads

2.) If using the source version, untar the file, then install:

% tar xvfj fail2ban-0.8.3.tar.bz2
% cd fail2ban-0.8.3
% python setup.py install

3.) This will create the fail2ban binary. To check if everything is running fine, run:

% fail2ban-client -h

This will have an output similar to:

% fail2ban-client -h
Usage: /usr/bin/fail2ban-client [OPTIONS]

Fail2Ban v0.8.3 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.

4.) Download the jail.conf and courierlogin.conf files from the following links:

- http://atmail.com/kb/attach/courierlogin.conf

- http://atmail.com/kb/attach/jail.conf

5.) Place jail.conf in /etc/fail2ban/. Place courierlogin.conf in /etc/fail2ban/filter.d/.

6.) Start the fail2ban service:

% fail2ban-client start

7.) You can further alter the parameters. By default, if a user fails to login to Courier for three times, the user is blocked from port 143 for about 10 minutes. Should you want to change this behaviour, open the /etc/fail2ban/jail.conf file, and find the following lines:

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

8.) So should you wish to  set it so that the user can fail to login for five times in the span of 20 minutes, before banning the IP for an hour, the settings will look like:

# "bantime" is the number of seconds that a host is banned.
bantime  = 3600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 1200

# "maxretry" is the number of failures before a host get banned.
maxretry = 5

9.) Stop and start Fail2Ban afterwards:

% fail2ban-client stop
% fail2ban-client start

As of Firefox version 3.0.7 some text only emails will not display in the popup "read email" window on the Advanced Interface. To resolve the issue you have two options:

Option 1

If you have access to our Trac you can download the fixed version of the relevant file from http://dev.atmail.com/tracphp/browser/trunk/webmail/lang/html/xul/readmail-frame.html?rev=1846&format=txt

Save this file to html/lang/xul/readmail-frame.html and from your Atmail web-root you will then need to run:

php lang.php english lang/languages/english/english.lang

Of cause replace "english" with your required language if required

Option 2

Edit html/{your-lang}/xul/readmail-frame.html:

Add this into the body tag: onload="msgwinint()"

and near the bottom of the file replace:

msgwin.document.open();
msgwin.document.write('' + document.getElementById('atmailmsg').innerHTML);
msgwin.document.close();

with:

function msgwinint() {
msgwin.document.open();
msgwin.document.write('' + document.getElementById('atmailmsg').innerHTML);
msgwin.document.close();
}