Unison allows two replicas of a collection of files and directories to be stored on different hosts (or different disks on the same host), modified separately, and then brought up to date by propagating the changes in each replica to the other. In other words, it can be used for two-way synchronization between your servers.

For illustrative purposes in this example, the Unison Master hostname will be called "master-foo-01"; the Client hostname will be called "slave-foo-02".

To setup Unison on your machine, do the following for both machines:

1.) Download the dependency, OCaml from: http://caml.inria.fr/download.en.html

atmail@master-foo-01# wget "http://caml.inria.fr/pub/distrib/ocaml-3.12/ocaml-3.12.0.tar.gz"

2.) Install emacs (a dependency):

atmail@master-foo-01# yum install emacs

3.) Unpack, install OCaml:

atmail@master-foo-01# tar xvfz ocaml-3.12.0.tar.gz
atmail@master-foo-01# cd ocaml-3.12.0
atmail@master-foo-01# ./configure && make world
atmail@master-foo-01# make opt
atmail@master-foo-01# make install

4.) Download Unison from: http://www.cis.upenn.edu/~bcpierce/unison/download.html

atmail@master-foo-01# wget "http://www.seas.upenn.edu/~bcpierce/unison//download/releases/stable/unison-2.40.63.tar.gz"

5.) Untar, install:

atmail@master-foo-01# make world opt
atmail@master-foo-01# sudo make install

6.) Move the Unison binary to your preferred prefix. We suggest /usr/bin/:

atmail@master-foo-01# mv unison /usr/bin/unison
atmail@master-foo-01# chmod 755 /usr/bin/unison

7.) You will then need to set the keys. Create a SSH public key on the Master server:

atmail@master-foo-01# ssh-keygen -t rsa

8.) This will produce a public key in /home/atmail/.ssh/id_rsa.pub. Copy the .pub file to the Slave machine:

atmail@master-foo-01# scp /home/atmail/.ssh/id_rsa.pub root@slave-foo-02:/home/atmail/.ssh/id_rsa.pub

9.) Pipe the public key into a file called authorized_keys, in your .ssh directory.

atmail@slave-foo-02# cat /home/atmail/.ssh/id_rsa.pub >> authorized_keys

10.) Make sure that the authorized_keys file, and all of the contents of the .ssh directory have 600 permissions:

atmail@slave-foo-02# chmod 600 /home/atmail/.ssh/*

11.) Try to login, sans password, from the Master machine to the Client machine.

atmail@master-foo-01# ssh atmail@slave-foo-02

12.) This should allow you to login. Now, you can try to sync the differences between the users/ directory of the master and slave machines. From any of the machines, execute:

atmail@master-foo-01# unison -batch -auto /usr/local/atmail/users ssh://slave-foo-01//usr/local/atmail/users

13.) The output should be similar to:

UNISON 2.40.63 finished propagating changes at 01:25:25.57 on 18 Apr 2011
Saving synchronizer state
Synchronization complete at 01:25:25  (xx items transferred, 0 skipped, 0 failed)

14.) You will need to set this in cron. Create a file called /home/atmail/unison.sh. In the file:

#!/bin/sh
/usr/bin/unison -batch -auto /usr/local/atmail/users ssh://slave-foo-01//usr/local/atmail/users

15.) Set permissions:

% chmod 755 /home/atmail/unison.sh

16.) Add an entry to your /etc/crontab. It will look like:

01,10,20,30,40,50 * * * * atmail /home/atmail/unison.sh

This will synchronize your /usr/local/atmail/users directory for both machines.

This document details how to test the sending and receiving functions of Atmail. This will shed light on how many messages Atmail can receive or send, and how many concurrent users can be served via POP3 or IMAP.

First, download Postal from: http://www.coker.com.au/postal/postal-0.70.tgz

% wget "http://www.coker.com.au/postal/postal-0.70.tgz"

Untar, install:

% tar xvfz postal-0.70.tgz
% cd postal-0.70
% ./configure && make && make install

Generate a list of users to import into Atmail for testing. It will be much more efficient to affix a common prefix to the accounts unique to the testing. This will make the deletion easier in the future.

For example:

testing-user1, password, test.com
testing-user2, password, test.com
testing-user3, password, test.com
testing-user4, password, test.com

A list of about 100 users should be adequate. The more users, the wider the search parameters, and the more accurate the test will be.

Import the userlist into Atmail:

% cd /usr/local/atmail/webmail/utilities/migration/
% php migrate-users-csv.php [filename] [admin username]

Where [filename is the file], and [admin username] is the admin user. For this example, we will use the filename "userlist.txt" and "admin" as the user. So:

% cd /usr/local/atmail/webmail/utilities/migration/
% php migrate-users-csv.php userlist.txt admin

Once the users are imported, you can then start testing. You can use postal to test SMTP connections. You will need to reformat the file to suit the one that postal requires. This command will generate a file based on your previous list:

% cat userlist.txt | sed 's/,/ /g' | awk '{print $1 "@" $3 ","$2}' > userlist_postal.txt

'userlist_postal.txt' will now contain your userlist for postal. You can now execute this command:

postal -m 10 -r 24000 -t 5 -c 5 -s 0 [server ip] userlist_postal.txt

This command creates a test where messages can vary from 1-10 KB, a maximum of 24,000 messages are sent a minute, with five threads, and 10 maximum messages per connection. Replace [server ip] with the IP of the Atmail server. 'userlist_postal.txt' is the file you generated earlier.

This command will generate messages in intervals of one minute each. 10 minutes should be a good sample size. It will list the amount of messages accepted, sent, and errored out during that period. In the case that you get an error message during this test period, it is likely caused by SMTP limits that Atmail imposes on a per-IP basis. You may need to set the values in the Atmail WebAdmin to accomodate the test (considering that you are sending emails from a singular IP).

Press Control-C to terminate the test.

For the POP3/IMAP tests, this command applies:

rabid  -p 5 -c 5 -r 24000 -s 0 [server ip] userlist_postal.txt

This will create a test with five threads, 5 messages a connection, with a maximum of 24,000 connections a minute. As with above, This command will generate messages in intervals of one minute each. 10 minutes should be a good sample size.

Varnish is a state-of-the-art, high-performance HTTP accelerator, used by sites such as Facebook and Twitter.

You can enable Varnish for your site by following these steps:

1.) Download Varnish from: http://sourceforge.net/projects/varnish/files/

% wget "http://downloads.sourceforge.net/project/varnish/varnish/2.1.2/varnish-2.1.2.tar.gz"

2.) Untar, install:

% tar xvfz varnish-2.1.2.tar.gz
% cd varnish-2.1.2
% ./configure --prefix=/usr/local/varnish/
% make && make install

3.) Open up your /usr/local/varnish/etc/varnish/default.vcl, and set this line block:

 backend default {
.host = "127.0.0.1";
.port = "8080";
}

This will set the hostname and the port where your webserver will stay. This will be the connection details for your webserver. In this case, we will use a local webserver running on port 8080.

4.) Open up your Apache configuration file. Find:

Listen 80

5.) Change to your preferred alternate port:

Listen 8080

6.) Restart Apache:

% apachectl restart

7.) Start Varnish:

% /usr/local/varnish/sbin/varnishd -a :80 -b localhost:8080 -T localhost:8090 -s file,/usr/local/varnish/varnish.cache,4G

To explain the settings briefly:

-a :80 defines the port for Varnish to run on.
-b localhost:8080 defines the port and host of the webserver you want to cache
-T localhost:8090 defines the port and host for the Varnish terminal to run in
-s file,/usr/local/varnish/varnish.cache,4G defines the cache file, and the size limit.

Congratulations! You now have Varnish running.

For more information about Varnish Cache, see: http://varnish-cache.org

With Apache, you can use the mod_expires and mod_deflate modules to gain a performance boost.  The mod_expires module provides caching, while the mod_deflate module compresses downloadable items to decrease bandwidth usage.

Before following this guide, make sure that mod_gzip and mod_expires are enabled for your Apache server. Most base installations of Apache 2.2 and higher are likely to have these by default.

Open up your Apache configuration file. Then, download the configuration file from: http://atmail.com/download/expires-config.txt:

% wget http://atmail.com/download/expires-config.txt

Add the contents of this file to the bottom of your Apache configuration file.

You may use a different Document Root for your Atmail installation; in implementations where you are using the webmail client version, this is usually the case. If this is so, you will need to modify the Directory declarations to suit your Apache root. The config file has the following line that you need to change:

< Directory /usr/local/atmail/webmail/>

Change to your Atmail document root. An installation that uses /var/www/html/atmail/webmail would have the following:

< Directory /var/www/html/atmail/webmail/ >
Save changes, and restart Apache.

Fail2Ban is a great utility which can be found via: http://www.fail2ban.org. It checks for the output of various log files, and assigns an action to take, based on the IP address in the log file.

This can be handy for introducing lockouts for various services. In this scenario, we will use Fail2Ban to create a lockout time for 3 consecutive failed logins to Courier-IMAP, via IP tables.

Prerequisites:

- IPTables

- Python 2.3 or newer

Steps:

1.) Download Fail2Ban for your distribution via: http://www.fail2ban.org/wiki/index.php/Downloads

2.) If using the source version, untar the file, then install:

% tar xvfj fail2ban-0.8.3.tar.bz2
% cd fail2ban-0.8.3
% python setup.py install

3.) This will create the fail2ban binary. To check if everything is running fine, run:

% fail2ban-client -h

This will have an output similar to:

% fail2ban-client -h
Usage: /usr/bin/fail2ban-client [OPTIONS]

Fail2Ban v0.8.3 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.

4.) Download the jail.conf and courierlogin.conf files from the following links:

- http://atmail.com/kb/attach/courierlogin.conf

- http://atmail.com/kb/attach/jail.conf

5.) Place jail.conf in /etc/fail2ban/. Place courierlogin.conf in /etc/fail2ban/filter.d/.

6.) Start the fail2ban service:

% fail2ban-client start

7.) You can further alter the parameters. By default, if a user fails to login to Courier for three times, the user is blocked from port 143 for about 10 minutes. Should you want to change this behaviour, open the /etc/fail2ban/jail.conf file, and find the following lines:

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

8.) So should you wish to  set it so that the user can fail to login for five times in the span of 20 minutes, before banning the IP for an hour, the settings will look like:

# "bantime" is the number of seconds that a host is banned.
bantime  = 3600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 1200

# "maxretry" is the number of failures before a host get banned.
maxretry = 5

9.) Stop and start Fail2Ban afterwards:

% fail2ban-client stop
% fail2ban-client start

You can configure imapproxy for @Mail to improve performance. Just do the following:

1.) download imap proxy from: http://freshmeat.net/redir/imapproxy/35569/url_tgz/up-imapproxy-1.2.4.tar.gz

2.) untar, install:

% tar xvfz up-imapproxy-x.x.x.tgz
% cd up-imapproxy-x.x.x
% ./configure
% make && make install && make install-conf && make install-init

3.) If the installation is successful, edit your /etc/imapproxy.conf file. Find:

server_hostname localhost

4.) change "localhost" to your server's hostname, if necessary. Then, find:

listen_port

5.) change this to:

listen_port 143

6.) then find:

server_port 144

7.) change this to:

server_port 144

8.) afterwards, open up /usr/local/atmail/mailserver/etc/imapd. Find:

PORT=143

9.) change this to:

PORT=144

10.) Restart the services:

% /etc/init.d/imapproxy stop
% /etc/init.d/atmailserver restart
% /etc/init.d/imapproxy start

This will then run your IMAP port through a cached proxy.

Configuring and Installing binary packages on Solaris can
be a challenge, here is a fix for when gcc is unable to
recognise the path for the libs (libiconv, libmysqlclient
for example). To resolve this, run the following:

crle -c /var/ld/ld.config -l /usr/lib:/usr/local/lib:/usr/local/ssl/lib:/usr/local/mysql/lib/mysql/

# make install

Specifying the library path in this way enables gcc to access the path to the libraries, ensuring your Exim install on Solaris will be smoother.

When you recieve this error in a Mandrake Courier-IMAP install:

authpgsql.h:8:29: libpq-fe.h: No such file or directory

This means that your configure file still looks for the postgresql libs,
and cannot find it. To solve, just install the postgresql-devel packages,
or run this in your IMAP install:

./configure --enable-workarounds-for-imap-client-bugs --with-trashquota
--prefix=/usr/local/atmail/mailserver/ --with-authpgsql
--with-authpgsql-includes=/usr/include/pqsql --without-authldap
--without-authplain --with-authmysql --with-mysql-libs=/usr/local/mysql/lib/mysql/
--with-mysql-includes=/usr/local/mysql/include/mysql/

( one line )

make

as user 'atmail', and

make install

as 'root'

When updating via apt-get in Debian for dependencies, you get this error:

E: Dynamic MMap ran out of room
E: Error occured while processing sqlrelay-sqlite (NewPackage)
E: Problem with MergeList /var/lib/apt/lists/ftp.us.debian.org_debian_dists_woody_contrib_binary-i386_Packages
E: The package lists or status file could not be parsed or opened.

Edit your /etc/apt/apt.conf file, and insert the following:

APT::Cache-Limit "8388608";