Some LDAP setups disallow the use of bind authentication for users - merely acting as storage mechanisms for passwords by access of the admin user. While this is not recommended, these steps outline how to enable authentication of this sort via Exim.

For the following setup, we will use the following parameters:

- the LDAP server is ldap.local
- the administrator DN is 'uid=admin,ou=Admin,o=domain.com'
- the password is 'password'
- the base DN for users is 'ou=People,o=domain.com'
- the attribute for password is 'userpass'
- the objectClass is 'inetOrgPerson'

1.) Open up /usr/local/atmail/mailserver/configure

2.) Find the following line:

# AUTH LOGIN authentication method with MySQL support used by Outlook Express.
#auth_login:
#driver = plaintext
#public_name = LOGIN
#server_condition = ${if eq{$1}{${lookup mysql{SELECT Account FROM UserSession WHERE Account='$1' and Password='$2'}{$value}fail}}{1}{0}}
#server_prompts = "Username:: : Password::"
#server_set_id = $1

3.) Replace with:

auth_login:
driver = plaintext
public_name = LOGIN
server_condition = ${if eq{$2}{${lookup ldap{user="uid=admin,ou=Admin,o=domain.com" pass=193af9q ldap://ldap.local/ou=People,o=domain.com?userpass?sub?(&(uid=$1)(objectclass=inetOrgPerson))}{$value}fail}}{1}{0}}
server_prompts = "Username:: : Password::"
server_set_id = $1

4.) Note the LDAP URL. it takes the following format:

ldap://[host name]/[base DN]?[attribute name]?[scope]?[filter]

For our example, we use:

ldap://ldap.local:389/ou=People,o=domain.com?userpass?sub?(&(uid=$1)(objectclass=account))

Where:

ldap.local:389 is the hostname and port of the LDAP server

ou=People,o=domain.com is our Base DN. This is the distinguished name that forms the base of the LDAP search. If entries have the LDAP format of 'uid=username,ou=People,o=domain.com', the Base DN to use is 'ou=People,o=domain.com'.

userpass is the attribute we are looking for, for comparison

sub is the scope of the search. sub retrieves information about entries at all levels below the distinguished name (base dn) specified in the URL. base retrieves information about the distinguished name (base dn) specified in the URL only.

(&(uid=$1)(objectclass=inetOrgPerson)) is the filter. Normally, a basic filter contains only one set - for example, (objectclass=inetOrgPerson), which specifies that it should only show entries of the object class 'inetOrgPerson'. Since we are looking for a specific object class AND uid, we need to specify both.

In this case, the filter is specified as:

(&(uid=$1)(objectclass=inetOrgPerson))

Which, roughly means:

((uid=$1) AND (objectclass=inetOrgPerson))

The operator "&", standing for "AND", being appended at the front of the filter. This requires that both filter conditions are met.

5.) Restart Atmail.

You can use SSL certificates to allow your users to access Atmail via SSL. This document will show you how to convert SSL certificates in a format that can be used by Apache, Exim and Dovecot.

1.) Upon getting your SSL certificates, you will receive them in two files: .crt and .key. For the purposes of this document, we will put them in the directory: /usr/local/atmail/ssl/ as two files domain.key and domain.crt.

2.) You will need to convert the crt file to .PEM. This command will do it:

% openssl x509 -inform der -in /usr/local/atmail/ssl/domain.crt -out /usr/local/atmail/ssl/domain.pem

3.) Afterwards, you will need a password-less key file:

% openssl rsa -in /usr/local/atmail/ssl/domain.key -out /usr/local/atmail/ssl/domain-nopass.key

4.) Define the pathnames of the key and cert files in WebAdmin > Services > POP3/IMAP.

5.) The SSL Certificate Path corresponds to your .pem file. For this example, the setting will be "/usr/local/atmail/ssl/domain.pem".

6.) The SSL key file corresponds to your passphrase-less key file. For this example, the setting will be "/usr/local/atmail/ssl/domain-nopass.key".

7.) Save changes.

8.) Should you want to verify this manually, open up /usr/local/atmail/mailserver/etc/dovecot.conf, and look for this line block:

ssl = yes
protocols = pop3 imap pop3s imaps
ssl_cert_file = /usr/local/atmail/ssl/domain.pem
ssl_key_file = /usr/local/atmail/ssl/domain-nopass.key

9.) And here is the corresponding entry for /usr/local/atmail/mailserver/configure:

tls_advertise_hosts = *
log_selector = +tls_peerdn
tls_certificate=/usr/local/atmail/ssl/domain.pem
tls_privatekey=/usr/local/atmail/ssl/domain-nopass.key

10.) Restart Atmail services.

You can set custom Welcome Messages for each domain you host in Atmail via this method:

- open up /usr/local/atmail/webmail/application/models/users.php

- find:

$messageBody = self::generateWelcome($userData, $this->_globalConfig['welcome_msg']);

- change this to:

$domainRef = $userData['UserSession']['Account'];
$domainRef = explode("@", $domainRef);
$welcomeMsg = "/usr/local/atmail/mailserver/etc/$domainRef[1].html";
if (!file_exists($welcomeMsg)) $welcomeMsg = "/usr/local/atmail/mailserver/etc/welcome-message.html";
$messageBody = self::generateWelcome($userData, $welcomeMsg);
- save changes,

- create copies of the /usr/local/atmail/mailserver/etc/welcome-message.html with the filenames being the domain name you wish to have customized welcome messages for. For example, a domain called juno.com:

% cp /usr/local/atmail/mailserver/etc/welcome-message.html /usr/local/atmail/mailserver/etc/juno.com.html

This will then provide the appropriate welcome message for each domain.

To make Atmail detect the hostname of your Atmail URL, and make it automatically detect the domain name for the login page, do the following:

- open up /usr/local/atmail/webmail/application/modules/mail/views/scripts/auth
index.phtml

- find this line block:

$("#loginPage").bind('submit', function() {
email = $("#email").val();
//alert(email);
emailArgs = email.split('@');
//alert(emailArgs[0] + ":" + emailArgs[1]);
$("input[name=emailName]").val(emailArgs[0]);
$("input[name=emailDomain]").val(emailArgs[1]);

Change this to:

$("#loginPage").bind('submit', function() {
email = $("#emailName").val() + "@" + $("#emailDomain").val();
emailArgs = email.split('@');
$("input[name=emailName]").val(emailArgs[0]);
$("input[name=emailDomain]").val(emailArgs[1]);

Then, find:

RememberMe();

Below this, add:
emailDom = window.location.host.substring(8);
$("#emailDomain").attr('value', emailDom);

Note the number "8". This assumes that you use webmail.domain.com for your Atmail vhost. If you are using another Alias like mail.domain.com, the number will change from the number of the letters in the Alias plus one - making it:

emailDom = window.location.host.substring(5);

Then, find:

<tr>
<td>
<label class="user"><?php print $this->translate('Email') ?>:</label> <input id="email" class="input-email" type="text" name="email" tabindex="1" />
</td>
</tr>

Change to:

<tr>
<td>
<label class="user"><?php print $this->translate('Email') ?>:</label> <input id="emailName" class="input-email" type="text" name="emailName" tabindex="1" />
</td>
</tr>
<tr>
<td>
<label class="user"><?php print $this->translate('Domain') ?>:</label> <input id="emailDomain" class="input-email" type="text" name="emailDomain" tabindex="1" />
</td>
</tr>

This will then auto-fill the login page with the domain part of the URL entered.

Varnish is a state-of-the-art, high-performance HTTP accelerator, used by sites such as Facebook and Twitter.

You can enable Varnish for your site by following these steps:

1.) Download Varnish from: http://sourceforge.net/projects/varnish/files/

% wget "http://downloads.sourceforge.net/project/varnish/varnish/2.1.2/varnish-2.1.2.tar.gz"

2.) Untar, install:

% tar xvfz varnish-2.1.2.tar.gz
% cd varnish-2.1.2
% ./configure --prefix=/usr/local/varnish/
% make && make install

3.) Open up your /usr/local/varnish/etc/varnish/default.vcl, and set this line block:

 backend default {
.host = "127.0.0.1";
.port = "8080";
}

This will set the hostname and the port where your webserver will stay. This will be the connection details for your webserver. In this case, we will use a local webserver running on port 8080.

4.) Open up your Apache configuration file. Find:

Listen 80

5.) Change to your preferred alternate port:

Listen 8080

6.) Restart Apache:

% apachectl restart

7.) Start Varnish:

% /usr/local/varnish/sbin/varnishd -a :80 -b localhost:8080 -T localhost:8090 -s file,/usr/local/varnish/varnish.cache,4G

To explain the settings briefly:

-a :80 defines the port for Varnish to run on.
-b localhost:8080 defines the port and host of the webserver you want to cache
-T localhost:8090 defines the port and host for the Varnish terminal to run in
-s file,/usr/local/varnish/varnish.cache,4G defines the cache file, and the size limit.

Congratulations! You now have Varnish running.

For more information about Varnish Cache, see: http://varnish-cache.org

With Apache, you can use the mod_expires and mod_deflate modules to gain a performance boost.  The mod_expires module provides caching, while the mod_deflate module compresses downloadable items to decrease bandwidth usage.

Before following this guide, make sure that mod_gzip and mod_expires are enabled for your Apache server. Most base installations of Apache 2.2 and higher are likely to have these by default.

Open up your Apache configuration file. Then, download the configuration file from: http://atmail.com/download/expires-config.txt:

% wget http://atmail.com/download/expires-config.txt

Add the contents of this file to the bottom of your Apache configuration file.

You may use a different Document Root for your Atmail installation; in implementations where you are using the webmail client version, this is usually the case. If this is so, you will need to modify the Directory declarations to suit your Apache root. The config file has the following line that you need to change:

< Directory /usr/local/atmail/webmail/>

Change to your Atmail document root. An installation that uses /var/www/html/atmail/webmail would have the following:

< Directory /var/www/html/atmail/webmail/ >
Save changes, and restart Apache.

This document covers the steps you need to take to have Atmail working with the NginX platform.

Nginx is a free, open-source, high-performance HTTP server and reverse proxy. It uses an event-driven architecture that distingtuishes it from the likes of Apache. It uses low-resources, and is used for high-performance environments. See: http://wiki.nginx.org/Main for more info.

First, download spawn-fcgi from http://redmine.lighttpd.net/projects/spawn-fcgi/news:

% wget "http://www.lighttpd.net/download/spawn-fcgi-1.6.3.tar.gz"

Untar, install:

% tar xvfz spawn-fcgi-1.6.3.tar.gz
% cd spawn-fcgi-1.6.3
% ./configure && make && make install

Then, download nginx from http://nginx.org/en/download.html:

% wget "http://nginx.org/download/nginx-0.8.40.tar.gz"

Untar, install:

% tar xvfz nginx-0.8.40.tar.gz
% cd nginx-0.8.40
% ./configure && make && make install

This will install nginx in /usr/local/nginx/. You will then need to move the /usr/local/nginx/conf/nginx.conf file, and replace it with the file from: http://atmail.com/download/nginx.conf.txt

% mv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.old
% cd /usr/local/nginx/conf
% wget "http://atmail.com/download/nginx.conf.txt"
% mv nginx.conf.txt nginx.conf

Spawn the FastCGI process afterwards. For this example, we will run it in port 34480:

% /usr/local/bin/spawn-fcgi -f /usr/bin/php-cgi -a 127.0.0.1 -p 34480 -P /var/run/fastcgi-php.pid -C 2

You will then need to edit the /usr/local/nginx/conf/nginx.conf file. It will contain this line:

  fastcgi_pass   127.0.0.1:34480;  # IP and Port of your spawn-fcgi process

If you change the spawn-fcgi port, you will need to edit it in the nginx.conf file as well. For example, a spawn-fcgi port of 51000 will have this command:

/usr/local/bin/spawn-fcgi -f /usr/bin/php-cgi -a 127.0.0.1 -p 51000 -P /var/run/fastcgi-php.pid -C 2

And this configuration line:

  fastcgi_pass   127.0.0.1:51000;  # IP and Port of your spawn-fcgi process

The configuration file will also contain the following lines of interest:

root   /usr/local/atmail/webmail/;  

This defines the document root you wish to have.

user  atmail;

This defines the username you want to run nginx as.

worker_processes  2;

This sets the number of processes that nginx spawns. We recommend it to be set to the number of CPU cores you have available.

When you are satisfied, run the nginx process:

% /usr/local/nginx/sbin/nginx

This guide covers the steps you need to take to install EAccelerator (http://eaccelerator.net). eAccelerator is a free open-source PHP accelerator and optimizer. It optimizes scripts to speed up their execution, typically reducing server load and increasing the speed of your PHP code by up to ten times.

First, download the latest version of EAccelerator from: http://bart.eaccelerator.net/source/

% wget "http://bart.eaccelerator.net/source/0.9.6/eaccelerator-0.9.6.tar.bz2"

Untar, then go to the unpacked directory:

% tar xvfj eaccelerator-0.9.6.tar.bz2
% cd eaccelerator-0.9.6

Find the base directory of your PHP installation. Typically, this resides two directories down from where your PHP binary is. For this guide, we will assume that php is installed in "/usr/local/bin/php" - therefore, making the base directory "/usr/local".

Execute the following commands inside the eAccelerator directory:

% export PHP_PREFIX="/usr/local/"
% $PHP_PREFIX/bin/phpize

Then, run the configure script:

% ./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
% make
% make install

The last command will output a path. Take note of this. For our example, the path will look like:

Installing shared extensions:     /usr/local/lib/php/extensions/no-debug-non-zts-20090626/

Find your php.ini file. It is commonly under /etc/php.ini or /usr/local/lib/php.ini. Add these lines to your php.ini file:

[eaccelerator]

zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20090626/eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

Make sure that the line in bold (zend_extension) is defined as the same path you took note of earlier in the installation. Restart Apache afterwards:

% apachectl restart

To test if eAccelerator is active, execute the following command:

% php -v

This should output something similar to:

PHP 5.3.1 (cli) (built: Jan 14 2010 22:06:44)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies
    with eAccelerator v0.9.6, Copyright (c) 2004-2010 eAccelerator, by eAccelerator

Congratulations! You now have eAccelerator active.

This portion of the guide covers the steps necessary to use the MySQL NDB Cluster with two storage engines and one management server. This will allow the two MySQL servers to share data independently, and still have the same information for both. In the case of one server going down, the other server will still be active. Changes made to the other server during this period will be "healed" by the MySQL NDB management system.

Packages for MySQL NDB exist for a lot of systems. However, this guide will cover the process of installing it from source - along with PHP.

For this guide, we will have three servers - server1.local (192.168.0.1), server2.local (192.168.0.2), and server3.local (192.168.0.3). The first two servers will be the replicated storage engines. The third server will act as an NDB management machine.

Setting up the Storage Machines

This step applies to server1.local and server2.local. First, download the MySQL Cluster package from: http://dev.mysql.com/downloads/cluster/. Then, untar to your preferred base directory. For this example, we will use /usr/local/:

% tar xvfz mysql-cluster-gpl-7.1.3-linux-i686-glibc23.tar.gz -C /usr/local/

Create a symlink for ease, or rename the folder:

% ln -s /usr/local/mysql-cluster-gpl-7.1.3-linux-i686-glibc23 /usr/local/mysql

Then, install MySQL:

Then, create a file called /etc/my.cnf. In the file, add:

[mysqld]
ndbcluster
ndb-connectstring=192.168.0.3
[mysql_cluster]
ndb-connectstring=192.168.0.3

Replace "192.168.0.3" with your management server's (server3.local) IP. Then, create the required directories:

% mkdir /var/lib/mysql-cluster

Setting up the Management Server

The MySQL Cluster package will contain the following files:

bin/ndb_mgm
bin/ndb_mgmd

Transfer these files to the server3.local server, as:

/usr/bin/ndb_mgm
/usr/bin/ndb_mgmd

Then, assign permissions:

% chmod +x /usr/bin/ndb_mgm
% chmod +x /usr/bin/ndb_mgmd

Then, create the required directories:

% mkdir /var/lib/mysql-cluster

In the directory, setup the configuration file called "/var/lib/mysql-cluster/config.ini". In the file:

[NDBD DEFAULT]
NoOfReplicas=2
[MYSQLD DEFAULT]
[NDB_MGMD DEFAULT]
[TCP DEFAULT]
# NDB MGM Server
[NDB_MGMD]
HostName=192.168.0.3
# MySQL servers
[NDBD]
HostName=192.168.0.1
DataDir= /var/lib/mysql-cluster
[NDBD]
HostName=192.168.0.2    
DataDir=/var/lib/mysql-cluster
[MYSQLD]
[MYSQLD]

Change the IP addresses accordingly, depending on your setup. Now, start the NDB management process:

% /usr/bin/ndb_mgmd

Starting the NDB processes

On the two MySQL servers, execute:

/usr/local/mysql/bin/ndbd --initial
/etc/rc.d/init.d/mysql.server start

You can check if the MySQL NDB is active by typing this in the third server (server3.local):

% ndb_mgm

This will show a terminal. Type:

ndb_mgm> show

It will show something similar to:

Cluster Configuration
---------------------
[ndbd(NDB)]    2 node(s)
id=2    @192.168.0.1  (mysql-5.1.44 ndb-7.1.3, Nodegroup: 0, Master)
id=3    @192.168.0.2  (mysql-5.1.44 ndb-7.1.3, starting, Nodegroup: 0)

Congratuations! You have MySQL NDB active.

This is a document for users who want to create publicly accessible folders via Atmail. This applies for the Atmail Server version.

- first, open up /usr/local/atmail/mailserver/etc/dovecot.conf
- find this line:

info_log_path = /usr/local/atmail/mailserver/spool/log/dovecot_info_log

- below this, add:

namespace public {
  separator = .
  prefix = shared.
  location = maildir:/usr/local/atmail/users/shared/:INDEX=~/public
  subscriptions = no
}

- create the shared directory:

% mkdir /usr/local/atmail/users/shared

- apply the right permissions:

% chown atmail:atmail /usr/local/atmail/users/shared

- save changes. restart Dovecot afterwards:

% /etc/init.d/atmailserver restart

A "shared" container should then be created inside of the user's webmail interface. To create folders inside this container, create the directory manually:

% mkdir /usr/local/atmail/users/shared/.Foldername

Where ".Foldername" is the folder name prefixed by a full stop (".") . For example, a shared folder called "Gouda" would be created this way:

% mkdir /usr/local/atmail/users/shared/.Gouda

Set the permissions correctly afterwards:

% chown atmail:atmail /usr/local/atmail/users/shared/.Gouda

This will then have the folder publicly accessible by all users in your system.