After running a mailserver for some time, especially those with larger user bases, you may find you want to purge the Atmail system of any inactive users. Included with Atmail 6.20.4 was a new script that allows you to do just that. You will find the script at /usr/local/atmail/webmail/utilities/tools/purge-users.php (the /usr/local/atmail part of the path may vary for webmail only installations) and it is used as such:

Usage: php purge-users.php [days-inactive] [--no-delete]
days-inactive    Delete users inactive for this many days or more
--no-delete    do not actually delete any users, just print them

For example, I want to delete all users whom have been inactive for 60 days. I want to double check the list first so I pass the --no-delete option:

# cd /usr/local/atmail/webmail/utilities/tools/
# php purge-users.php 60 --no-delete
TEST RUN -- no accounts actually deleted
Deleting brad@atmail.com, inactive since 2010-11-05 11:54:14
Deleting test@atmail.com, inactive since 2010-11-19 23:01:19

Once I confirm that I indeed wish to delete those accounts listed I re-issue the command, this time without the --no-delete option:

# php purge-users.php 60
Deleting brad@atmail.com, inactive since 2010-11-05 11:54:14
Deleting test@atmail.com, inactive since 2010-11-19 23:01:19

Now the inactive accounts have been deleted, that includes all email and other data associated with them.

If you are running a large Atmail cluster with multiple machines, you can further optimize the performance of the application by tuning the systems sysctl values for networking.

One common issue is on a highly loaded system, the max number of TCP connections can exceed between hosts, or too many connections are in the idle state.

We recommend the following be applied to the /etc/sysctl.conf

Client machines:

net.ipv4.tcp_fin_timeout = 10

Close connections in the TCP FIN timeout state 10 seconds ( default 60 )

net.ipv4.ip_local_port_range = "15000 61000"

Increase the range of ports available for client connections ( default 32768 61000 )

Server machines (e.g mysql server or main machine)

net.ipv4.tcp_fin_timeout = 10

Same value as clients
net.core.somaxconn = 1024 ( default 128 )

The net.core.somaxconn value has an important role. It limits the maximum number of requests queued to a listen socket.

net.core.netdev_max_backlog = 2000 ( default 1000 )

-

After editing the /etc/sysctl.conf you can reboot the machine, otherwise set the paramater directly on the CLI using:

/sbin/sysctl net.core.netdev_max_backlog = 2000

This is just another tip for tuning the performance of an Atmail system, from the default stock Linux OS.

If you are running a large-scale Atmail implementation under Linux, by default in most distributions the "updatedb" command is run daily via Cron to index the filesystem HDD.

For large systems with 100k+ email messages, running updatedb against the system maildir directory is time consuming and uses a lot of resources.

A simple solution is to disable indexing of the Atmail users maildir by editing:

/etc/updatedb.conf

Search and append the following in bold:

PRUNEFS = "auto afs iso9660 sfs udf"
PRUNEPATHS = "/afs /media /net /sfs /tmp /udev /var/spool/cups /var/spool/squid /var/tmp /usr/local/atmail/users"

If you are running an NFS or storage array server, check your machine does not index the maildir via the system updatedb command.

This is just one simple configuration option that should not be overlooked.

This document details how to test the sending and receiving functions of Atmail. This will shed light on how many messages Atmail can receive or send, and how many concurrent users can be served via POP3 or IMAP.

First, download Postal from: http://www.coker.com.au/postal/postal-0.70.tgz

% wget "http://www.coker.com.au/postal/postal-0.70.tgz"

Untar, install:

% tar xvfz postal-0.70.tgz
% cd postal-0.70
% ./configure && make && make install

Generate a list of users to import into Atmail for testing. It will be much more efficient to affix a common prefix to the accounts unique to the testing. This will make the deletion easier in the future.

For example:

testing-user1, password, test.com
testing-user2, password, test.com
testing-user3, password, test.com
testing-user4, password, test.com

A list of about 100 users should be adequate. The more users, the wider the search parameters, and the more accurate the test will be.

Import the userlist into Atmail:

% cd /usr/local/atmail/webmail/utilities/migration/
% php migrate-users-csv.php [filename] [admin username]

Where [filename is the file], and [admin username] is the admin user. For this example, we will use the filename "userlist.txt" and "admin" as the user. So:

% cd /usr/local/atmail/webmail/utilities/migration/
% php migrate-users-csv.php userlist.txt admin

Once the users are imported, you can then start testing. You can use postal to test SMTP connections. You will need to reformat the file to suit the one that postal requires. This command will generate a file based on your previous list:

% cat userlist.txt | sed 's/,/ /g' | awk '{print $1 "@" $3 ","$2}' > userlist_postal.txt

'userlist_postal.txt' will now contain your userlist for postal. You can now execute this command:

postal -m 10 -r 24000 -t 5 -c 5 -s 0 [server ip] userlist_postal.txt

This command creates a test where messages can vary from 1-10 KB, a maximum of 24,000 messages are sent a minute, with five threads, and 10 maximum messages per connection. Replace [server ip] with the IP of the Atmail server. 'userlist_postal.txt' is the file you generated earlier.

This command will generate messages in intervals of one minute each. 10 minutes should be a good sample size. It will list the amount of messages accepted, sent, and errored out during that period. In the case that you get an error message during this test period, it is likely caused by SMTP limits that Atmail imposes on a per-IP basis. You may need to set the values in the Atmail WebAdmin to accomodate the test (considering that you are sending emails from a singular IP).

Press Control-C to terminate the test.

For the POP3/IMAP tests, this command applies:

rabid  -p 5 -c 5 -r 24000 -s 0 [server ip] userlist_postal.txt

This will create a test with five threads, 5 messages a connection, with a maximum of 24,000 connections a minute. As with above, This command will generate messages in intervals of one minute each. 10 minutes should be a good sample size.

Varnish is a state-of-the-art, high-performance HTTP accelerator, used by sites such as Facebook and Twitter.

You can enable Varnish for your site by following these steps:

1.) Download Varnish from: http://sourceforge.net/projects/varnish/files/

% wget "http://downloads.sourceforge.net/project/varnish/varnish/2.1.2/varnish-2.1.2.tar.gz"

2.) Untar, install:

% tar xvfz varnish-2.1.2.tar.gz
% cd varnish-2.1.2
% ./configure --prefix=/usr/local/varnish/
% make && make install

3.) Open up your /usr/local/varnish/etc/varnish/default.vcl, and set this line block:

 backend default {
.host = "127.0.0.1";
.port = "8080";
}

This will set the hostname and the port where your webserver will stay. This will be the connection details for your webserver. In this case, we will use a local webserver running on port 8080.

4.) Open up your Apache configuration file. Find:

Listen 80

5.) Change to your preferred alternate port:

Listen 8080

6.) Restart Apache:

% apachectl restart

7.) Start Varnish:

% /usr/local/varnish/sbin/varnishd -a :80 -b localhost:8080 -T localhost:8090 -s file,/usr/local/varnish/varnish.cache,4G

To explain the settings briefly:

-a :80 defines the port for Varnish to run on.
-b localhost:8080 defines the port and host of the webserver you want to cache
-T localhost:8090 defines the port and host for the Varnish terminal to run in
-s file,/usr/local/varnish/varnish.cache,4G defines the cache file, and the size limit.

Congratulations! You now have Varnish running.

For more information about Varnish Cache, see: http://varnish-cache.org

With Apache, you can use the mod_expires and mod_deflate modules to gain a performance boost.  The mod_expires module provides caching, while the mod_deflate module compresses downloadable items to decrease bandwidth usage.

Before following this guide, make sure that mod_gzip and mod_expires are enabled for your Apache server. Most base installations of Apache 2.2 and higher are likely to have these by default.

Open up your Apache configuration file. Then, download the configuration file from: http://atmail.com/download/expires-config.txt:

% wget http://atmail.com/download/expires-config.txt

Add the contents of this file to the bottom of your Apache configuration file.

You may use a different Document Root for your Atmail installation; in implementations where you are using the webmail client version, this is usually the case. If this is so, you will need to modify the Directory declarations to suit your Apache root. The config file has the following line that you need to change:

< Directory /usr/local/atmail/webmail/>

Change to your Atmail document root. An installation that uses /var/www/html/atmail/webmail would have the following:

< Directory /var/www/html/atmail/webmail/ >
Save changes, and restart Apache.

This document covers the steps you need to take to have Atmail working with the NginX platform.

Nginx is a free, open-source, high-performance HTTP server and reverse proxy. It uses an event-driven architecture that distingtuishes it from the likes of Apache. It uses low-resources, and is used for high-performance environments. See: http://wiki.nginx.org/Main for more info.

First, download spawn-fcgi from http://redmine.lighttpd.net/projects/spawn-fcgi/news:

% wget "http://www.lighttpd.net/download/spawn-fcgi-1.6.3.tar.gz"

Untar, install:

% tar xvfz spawn-fcgi-1.6.3.tar.gz
% cd spawn-fcgi-1.6.3
% ./configure && make && make install

Then, download nginx from http://nginx.org/en/download.html:

% wget "http://nginx.org/download/nginx-0.8.40.tar.gz"

Untar, install:

% tar xvfz nginx-0.8.40.tar.gz
% cd nginx-0.8.40
% ./configure && make && make install

This will install nginx in /usr/local/nginx/. You will then need to move the /usr/local/nginx/conf/nginx.conf file, and replace it with the file from: http://atmail.com/download/nginx.conf.txt

% mv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.old
% cd /usr/local/nginx/conf
% wget "http://atmail.com/download/nginx.conf.txt"
% mv nginx.conf.txt nginx.conf

Spawn the FastCGI process afterwards. For this example, we will run it in port 34480:

% /usr/local/bin/spawn-fcgi -f /usr/bin/php-cgi -a 127.0.0.1 -p 34480 -P /var/run/fastcgi-php.pid -C 2

You will then need to edit the /usr/local/nginx/conf/nginx.conf file. It will contain this line:

  fastcgi_pass   127.0.0.1:34480;  # IP and Port of your spawn-fcgi process

If you change the spawn-fcgi port, you will need to edit it in the nginx.conf file as well. For example, a spawn-fcgi port of 51000 will have this command:

/usr/local/bin/spawn-fcgi -f /usr/bin/php-cgi -a 127.0.0.1 -p 51000 -P /var/run/fastcgi-php.pid -C 2

And this configuration line:

  fastcgi_pass   127.0.0.1:51000;  # IP and Port of your spawn-fcgi process

The configuration file will also contain the following lines of interest:

root   /usr/local/atmail/webmail/;  

This defines the document root you wish to have.

user  atmail;

This defines the username you want to run nginx as.

worker_processes  2;

This sets the number of processes that nginx spawns. We recommend it to be set to the number of CPU cores you have available.

When you are satisfied, run the nginx process:

% /usr/local/nginx/sbin/nginx

This guide covers the steps you need to take to install EAccelerator (http://eaccelerator.net). eAccelerator is a free open-source PHP accelerator and optimizer. It optimizes scripts to speed up their execution, typically reducing server load and increasing the speed of your PHP code by up to ten times.

First, download the latest version of EAccelerator from: http://bart.eaccelerator.net/source/

% wget "http://bart.eaccelerator.net/source/0.9.6/eaccelerator-0.9.6.tar.bz2"

Untar, then go to the unpacked directory:

% tar xvfj eaccelerator-0.9.6.tar.bz2
% cd eaccelerator-0.9.6

Find the base directory of your PHP installation. Typically, this resides two directories down from where your PHP binary is. For this guide, we will assume that php is installed in "/usr/local/bin/php" - therefore, making the base directory "/usr/local".

Execute the following commands inside the eAccelerator directory:

% export PHP_PREFIX="/usr/local/"
% $PHP_PREFIX/bin/phpize

Then, run the configure script:

% ./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
% make
% make install

The last command will output a path. Take note of this. For our example, the path will look like:

Installing shared extensions:     /usr/local/lib/php/extensions/no-debug-non-zts-20090626/

Find your php.ini file. It is commonly under /etc/php.ini or /usr/local/lib/php.ini. Add these lines to your php.ini file:

[eaccelerator]

zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20090626/eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

Make sure that the line in bold (zend_extension) is defined as the same path you took note of earlier in the installation. Restart Apache afterwards:

% apachectl restart

To test if eAccelerator is active, execute the following command:

% php -v

This should output something similar to:

PHP 5.3.1 (cli) (built: Jan 14 2010 22:06:44)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies
    with eAccelerator v0.9.6, Copyright (c) 2004-2010 eAccelerator, by eAccelerator

Congratulations! You now have eAccelerator active.

Scenario: Mail servers, particularly if you have a large amount of users, can be very demanding on bandwidth.  If the mail server is on a shared internet connection, you may require the atmail server to only use an allocated amount of bandwidth.
Solution: tc, short for traffic controller, is a commandline utility which has the ability to throttle uploads and downloads.

NOTE: tc is a tool that comes with the iproute package and is required.

Traffic controller is a very complicated tool to use, even for simple functions, but there is a script below which makes it very simple, if you are using it for throttling connections.

This script was taken from http://www.topwebhosts.org/tools/traffic-control.php.

#!/bin/bash
#
#  tc uses the following units when passed as a parameter.
#  kbps: Kilobytes per second
#  mbps: Megabytes per second
#  kbit: Kilobits per second
#  mbit: Megabits per second
#  bps: Bytes per second
#       Amounts of data can be specified in:
#       kb or k: Kilobytes
#       mb or m: Megabytes
#       mbit: Megabits
#       kbit: Kilobits
#  To get the byte figure from bits, divide the number by 8 bit
#

#
# Name of the traffic control command.
TC=/sbin/tc

# The network interface we're planning on limiting bandwidth.
IF=eth0             # Interface

# Download limit (in mega bits)
DNLD=1mbit          # DOWNLOAD Limit

# Upload limit (in mega bits)
UPLD=1mbit          # UPLOAD Limit

# IP address of the machine we are controlling
IP=216.3.128.12     # Host IP

# Filter options for limiting the intended interface.
U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32"

start() {

# We'll use Hierarchical Token Bucket (HTB) to shape bandwidth.
# For detailed configuration options, please consult Linux man
# page.

$TC qdisc add dev $IF root handle 1: htb default 30
$TC class add dev $IF parent 1: classid 1:1 htb rate $DNLD
$TC class add dev $IF parent 1: classid 1:2 htb rate $UPLD
$U32 match ip dst $IP/32 flowid 1:1
$U32 match ip src $IP/32 flowid 1:2

# The first line creates the root qdisc, and the next two lines
# create two child qdisc that are to be used to shape download
# and upload bandwidth.
#
# The 4th and 5th line creates the filter to match the interface.
# The 'dst' IP address is used to limit download speed, and the
# 'src' IP address is used to limit upload speed.

}

stop() {

# Stop the bandwidth shaping.
$TC qdisc del dev $IF root

}

restart() {

# Self-explanatory.
stop
sleep 1
start

}

show() {

# Display status of traffic control status.
$TC -s qdisc ls dev $IF

}

case "$1" in

start)

echo -n "Starting bandwidth shaping: "
start
echo "done"
;;

stop)

echo -n "Stopping bandwidth shaping: "
stop
echo "done"
;;

restart)

echo -n "Restarting bandwidth shaping: "
restart
echo "done"
;;

show)

echo "Bandwidth shaping status for $IF:"
show
echo ""
;;

*)

pwd=$(pwd)
echo "Usage: tc.bash {start|stop|restart|show}"
;;

esac exit 0