It happens, you forget the admin user password for Atmail, or your sysadmin leaves without providing the password.

So how do you reset the adminitration password for Atmail? Easy.

1: Find the mysql details for Atmail under webmail/config/dbconfig.ini

2: Connect to the mysql server, e.g

mysql -u root -p

3: Reset the password via SQL

update AdminUsers set Password=MD5('mynewpass') where Username='admin' and UMasterAdmin='1';

4: Login via the Atmail Webadmin with the new password!

While tools such as yum, apt-get and pkg_add can make our life a lot easier when it comes to installing PHP and it's extensions (among other things), there is often a time when we need to go the old-fashioned route and compile from source. This brief article explains how to build PHP 5.3.x from source while detailing the configure options required for compiling PHP 5.3.x so that it plays nice with Atmail 6 and ArchiveVault.

General Install Instructions

1. Download the PHP 5.3.x source from http://php.net
2. extract into a temporary location on your server, say /tmp
3. cd into the php-5.3.x/ dir that you just extracted
4. now it's time to configure the PHP source for the options you want compiled so run this command:./configure --with-apxs2=/usr/sbin/apxs --with-mysql --enable-mbstring --with-ldap --with-pdo-mysql --with-zlib --with-openssl
5. Once configure has successfully completed run this command : make install

Notes:

1. You will need to replace /usr/sbin/apxs with the path to your apxs
2. you may need to install mysql-devel if you run into configure or compile errors relating to the mysql extension
3. you may need to install the zlib library if you run into errors relating to zlib extension (and may need to point to the location of zlib with --with-zlib=/path/to/zlib)
4. you may need to install the OpenSSL library if it is not on your system
5. On some 64bit systems (eg CentOS, RH) you may need to run: ln -s /usr/lib64/mysql/libmysqlclient.so /usr/lib/mysql/libmysqlclient.so

Fail2Ban is a great utility which can be found via: http://www.fail2ban.org. It checks for the output of various log files, and assigns an action to take, based on the IP address in the log file.

This can be handy for introducing lockouts for various services. In this scenario, we will use Fail2Ban to create a lockout time for 3 consecutive failed logins to Courier-IMAP, via IP tables.

Prerequisites:

- IPTables

- Python 2.3 or newer

Steps:

1.) Download Fail2Ban for your distribution via: http://www.fail2ban.org/wiki/index.php/Downloads

2.) If using the source version, untar the file, then install:

% tar xvfj fail2ban-0.8.3.tar.bz2
% cd fail2ban-0.8.3
% python setup.py install

3.) This will create the fail2ban binary. To check if everything is running fine, run:

% fail2ban-client -h

This will have an output similar to:

% fail2ban-client -h
Usage: /usr/bin/fail2ban-client [OPTIONS]

Fail2Ban v0.8.3 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.

4.) Download the jail.conf and courierlogin.conf files from the following links:

- http://atmail.com/kb/attach/courierlogin.conf

- http://atmail.com/kb/attach/jail.conf

5.) Place jail.conf in /etc/fail2ban/. Place courierlogin.conf in /etc/fail2ban/filter.d/.

6.) Start the fail2ban service:

% fail2ban-client start

7.) You can further alter the parameters. By default, if a user fails to login to Courier for three times, the user is blocked from port 143 for about 10 minutes. Should you want to change this behaviour, open the /etc/fail2ban/jail.conf file, and find the following lines:

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

8.) So should you wish to  set it so that the user can fail to login for five times in the span of 20 minutes, before banning the IP for an hour, the settings will look like:

# "bantime" is the number of seconds that a host is banned.
bantime  = 3600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 1200

# "maxretry" is the number of failures before a host get banned.
maxretry = 5

9.) Stop and start Fail2Ban afterwards:

% fail2ban-client stop
% fail2ban-client start

As of Firefox version 3.0.7 some text only emails will not display in the popup "read email" window on the Advanced Interface. To resolve the issue you have two options:

Option 1

If you have access to our Trac you can download the fixed version of the relevant file from http://dev.atmail.com/tracphp/browser/trunk/webmail/lang/html/xul/readmail-frame.html?rev=1846&format=txt

Save this file to html/lang/xul/readmail-frame.html and from your Atmail web-root you will then need to run:

php lang.php english lang/languages/english/english.lang

Of cause replace "english" with your required language if required

Option 2

Edit html/{your-lang}/xul/readmail-frame.html:

Add this into the body tag: onload="msgwinint()"

and near the bottom of the file replace:

msgwin.document.open();
msgwin.document.write('' + document.getElementById('atmailmsg').innerHTML);
msgwin.document.close();

with:

function msgwinint() {
msgwin.document.open();
msgwin.document.write('' + document.getElementById('atmailmsg').innerHTML);
msgwin.document.close();
}

You can limit AtMail to only access the local Mailserver by doing the following:

- go to WebAdmin > Config > Mail Configuration

- set the MailServer field to "127.0.0.1"

- save changes

- download the file from: http://atmail.com/kb/attach/mailserver-update.txt

- place it on your server as: /usr/local/atmail/webmail/modules/mailserver-update.php

- execute the file:

% cd /usr/local/atmail/webmail/modules/ && php mailserver-update.php

- this will update every local user's MailServer definition to " 127.0.0.1 "

- you can further limit access by setting WebAdmin > Config > Mail Configuration > Mail Type to "No External Servers"

- save changes, restart Apache.

This is a tutorial on how to setup AtMail with public-folders. An example scenario, your a company with over 10 employees and you need a global Support and Sales folder.

This folder should be shared and accessible to selected users, with the ability to use IMAP or Webmail to access the shared folders.

Public folders are vital to improve work flow, help consolidate email messages from clients, and provide a central repstitory of messages that can be searched.

So how do we do this in AtMail?

Pre-requirements:

Step 1:

Define a CSV file of users you wish to share a public folder with, e.g

publicfolder.csv:

Support, ben@company.org
Support, jason@company.org
Support, andyg@company.org

Where the above user@company.org is a real user on AtMail, has an account and mailbox already created.Upload the CSV file to the server and execute the script batch-publicfolder.php

cd /usr/local/atmail/webmail/modules/
php batch-publicfolder.php < /tmp/publicfolder.csv

Once executed, for each user on the system the following will be returned.

Creating public folder for Support for user@company.org
Creating PublicFolder /usr/local/atmail/users/shared/.Support
Adding maildir /usr/local/atmail/users/shared/.Support
Adding maildir /usr/local/atmail//users/u/s/user@company.org/shared-folders/SharedFolder/Support
Creating Symlink  /usr/local/atmail//users/u/s/user@company.org/shared-folders/SharedFolder/Support to  /usr/local/atmail//users/u/s/user@company.org/.Support
Adding  /usr/local/atmail//users/u/s/user@company.org/SharedFolder/PremiumSupport/shared

Step 2:

Once the public-folder is created, an email alias must be setup to direct the messages into the public folder created.

Visit the AtMail Webadmin > Email > Email Aliases and define the alias-name, and the directory of the new public folder ( In this example, the directory is named /usr/local/atmail/users/shared/.Support )

Step 3:

Once the alias and public folders are created, simply email the support@company.org email, and messages will be stored on the Shared folder.

Each user that logs in via IMAP or Webmail will analyze the shared folder, and symlink each message to the users personal maildir. This is required to keep message flags ( unread/read/replied ) status for each user, while simply referring to the public-folder email on disk via a symlink.

This article will detail the procedures required to install and configure the APC opcode cache on your server. This article does not cover setting up APC on Windows servers.

What is APC?

From php.net:

"The Alternative PHP Cache (APC) is a free and open opcode cache for PHP. It was conceived of to provide a free, open, and robust framework for caching and optimizing PHP intermediate code."
So basically we can use APC to squeeze even better performance out of @Mail.

Installing APC

APC is a PHP PECL extension so I will cover using the pecl command to insall APC. If you find that pecl is not available on your system performing the following command for your system should install it:

You will also need the apache apxs tool. If apxs is not on your system you can install it as such:

Once you have pecl and apxs installed perform the following command:

# pecl install apc

Once the compile and installation is complete you will need to enable the extension by adding the following line to your php.ini:

extension=apc.so

You can test that the APC module is installed by using the 'php -m' command. This will list the installed PHP modules and APC should be near the top:

# php -m
[PHP Modules]
apc
bcmath
bz2
calendar
ctype
date
dba
...etc

Once you have enabled APC in php.ini, in order to load APC for the Apache PHP module simply restart Apache, usually

apachectl restart

or

apache2ctl restart

Now APC is ready and waiting to spice up performance.

Configuring APC

APC has several settings you can tweak according to your setup and desired functionality. The first two settings you should consider are

apc.shm_size

and

apc.stat

These two settings adjust how much shared memory you want to set aside for APC and whether you want APC to check for file modification on every request, respectively.

First lets consider

apc.shm_size

How large a memory segment you can assign to APC depends on amount of available RAM and your OS type and configuration. The amount is specified in MB and the default is 30. In my testing with APC and @Mail I maxed out at 8.895MB of memory usage for the APC cache so I'd suggest the recommended minimum setting for a server running @Mail is about 10MB. If the server is running other php scripts via apache then you will need to either increase this value or use the technique described in the "Conditional Caching" section.

This setting determines whether APC checks for file modification on every request. The default is 'On', and APC will check each script for modification upon each request. If the script has been modified then it will not use the cached version, but recompile and re-cache the new version. Also with apc.stat

on, with every request made APC will have to find absolute paths for all files included or required with a relative path. This obviously adds some overhead.

Changing apc.stat to 'Off' can produce a significant performance gain and simply means if you modify any @Mail files you will need to restart Apache before the changes will come into effect. Not a big deal on a production server where files stay static for long periods.

Conditional Caching

If the server running @Mail is also serving other PHP scripts then you may want to limit the caching to @Mail scripts only in order to reduce the chance of running out of cache slots or allocated RAM. You can do this by using the following settings: apc.cache_by_default

apc.cache_by_default is On by default and means all php scripts served by Apache are cached. If you want to cache only @Mail scripts then you will need to set apc.cache_by_default = Off

in your php.ini or apc.ini file.

Once you have turned apc.cache_by_default off then you can use a .htaccess file in @Mail's web-root to turn it back on for @Mail only. If you have other scripts/apps you would like to enable caching for then simply add the .htaccess file to their web-root also. The .htaccess file should contain just this line:

php_value apc.cache_by_default On

Once you have the .htaccess file in place all @Mail scripts will be cached. You will also need to restart Apache for the main apc.cache_by_default = Off setting to take.

How Can I Tell What is Currently Cached?

A simple solution is to create a short php script with this in it:

print_r(apc_cache_info());

Save it to a file that is web readable and load it within your web browser. This will give you some information on the current state of your APC cache, including what files are cached. Here is an excerpt of the output given after having used @Mail:

Array
(
[num_slots] => 2000
[ttl] => 0
[num_hits] => 11
[num_misses] => 35
[start_time] => 1214447228
[expunges] => 0
[mem_size] => 4645714
[num_entries] => 35
[num_inserts] => 35
[file_upload_progress] => 1
[memory_type] => mmap
[locking_type] => pthread mutex
[cache_list] => Array
(
[0] => Array
(
[filename] => /usr/local/atmailphp/webmail/libs/PEAR/Mail/mime.php
[device] => 2051
[inode] => 261912
[type] => file
[num_hits] => 0
[mtime] => 1203282990
[creation_time] => 1214447477
[deletion_time] => 0
[access_time] => 1214447477
[ref_count] => 0
[mem_size] => 125640
)

[1] => Array
(
[filename] => /usr/local/atmailphp/webmail/libs/PEAR/Mail/RFC822.php
[device] => 2051
[inode] => 261911
[type] => file
[num_hits] => 0
[mtime] => 1207549212
[creation_time] => 1214447477
[deletion_time] => 0
[access_time] => 1214447477
[ref_count] => 0
[mem_size] => 120242
)

[2] => Array
(
[filename] => /usr/local/atmailphp/webmail/libs/PEAR/Mail/mimePart.php
[device] => 2051
[inode] => 261908
[type] => file
[num_hits] => 0
[mtime] => 1203282990
[creation_time] => 1214447477
[deletion_time] => 0
[access_time] => 1214447477
[ref_count] => 0
[mem_size] => 58013
)

Final Words

There are several other APC settings that you may wish to tweak for your system. More information on these settings can be found here: http://php.net/manual/en/apc.configuration.php

You should place all these setting in your php.ini, or alternatively if you have a directory on your system that php will read .ini files from then create a file in there called apc.ini and place the APC settings in it.

You should find that @Mail and APC work just fine together and you should see improved performance, especially on busier servers - of course if you have any feedback or experience problems let us know.

If you are experiencing problems with logging into SubAdmin due to session error try the following.

1> cat /etc/php.ini | grep session

2> Find session.save_path = "/var/lib/php/session"
This directory must be owned by the webserver user.

3> ps aux |grep httpd
To find the webserver username.

4> chown -R atmail /var/lib/php/session

Question:Our need is to block all email addresses/domain not configured in the @mail server.
So I want to avoid mail deliveries from addresses like bill.gates@microsoft.com or george.bush@whitehouse.org.

Answer:Yes this can be done. Follow the step detailed below.
Open and edit the Exim configuration file located at /usr/local/atmail/mailserver/configure, please remember to also back up this file before changes are made. Find and delete the following code.

# This router routes addresses that are not in local domains by doing a DNS
# lookup on the domain name.
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more

Restart the @mail server and test.

Question: Where would I go about changing or removing the 8 digit password requirement from the @mail server?

Answer: @mail version 5.2 uses a password complexity requirement. Meaning that all passwords must meet a certain requirement. If you would like to remove this from your @mail installation please do the following.

Go to webmail/webadmin/js/newuser-validate.js in the @mail directory and remove the following

if (theForm.password.value.length < 5)
{
alert("Please enter at least 5 characters in the \"password\" field.");
theForm.password.focus();
return (false);
}

This is for when a new user is created in the @mail WebAdmin > new user.

Go to html/english/javascript/validate_password.js in the @mail directory and remove the following

if (theForm.newpass.value.length < 8 )
{
alert("Please enter at least 8 characters in the 'New Password' field.");
theForm.newpass.value = "";
theForm.newpass2.value = "";
theForm.newpass.focus();
return (false);
}

This is for when a user decides to change their password via the WebMail interface.