User:Mhavela: Difference between revisions
(→/etc/postfix/main.cf: Removing old notes) |
|||
| Line 275: | Line 275: | ||
== General == | == General == | ||
Dovecot should be configured to let users fetch their mail through ssl<BR> | Dovecot should be configured to let users fetch their mail through ssl<BR> | ||
The aim is also to be able to fetch mail with mobile devices eg. mobile phones. | The aim is also to be able to fetch mail with mobile devices eg. mobile phones. | ||
== Initial Setup == | == Initial Setup == | ||
Start by following the 'postfix' instructions before you proceed to setup dovecot. | |||
'' | |||
== Dovecot == | == Dovecot == | ||
Revision as of 13:40, 18 May 2009
Creating a bootable alpine-1.9.x iso
Create a build environment
To start with you need a working build environment.
Update your build environment
Inside the build environment you will need latest aports.BR If you don't already have it, run:
git clone http://git.alpinelinux.org/aports /aports
If you already had it you can just update it:
cd /aports && git pull
Upgrading Alpine
This document describes how to replace an Alpine installation with a newer version.
The upgrade process consist of the following steps:
- Backup current setup
- Upgrade Alpine CD/USB
- Execute upgrade script
- Save changes
- Reboot
Backing up current config
Its recommended to make a backup of your config before you start.
The idea is to save the (*apkovl*) from your media to a safe place.
If you need to rollback, simply revert to your old *apkovl.tar.gz*.
Backing up to media
You could replace the existing floppy with a new (dos-formatted) floppy and then run the command:
lbu ci floppy
Or you could use a USB to store your configuration.
lbu ci usb
Download new Alpine
Download latest ISO image (or USB image).
Upgrade CD media
Burn the ISO on a blank CD and replace the existing CD with the new.
/etc/init.d/modloop stop eject
Now you should insert the new media.
/etc/init.d/modloop start
Upgrade USB media
On USB installations you can just download and unpack the latest tar directly to /media/usb.
$ wget -C /media/usb -q -O - \
http://distrib-coffee.ipsl.jussieu.fr/pub/linux/alpine/alpine/v1.7/usbdrive/alpine-1.7.22-i386.tar.gz \
| tar -zvx
Execute upgrade script
The new media has a upgrade script found on root level on media (/media/cdrom/upgrade or /media/usb/upgrade).
Start by executing this script (in our example below we use CD media).
/media/cdrom/upgrade
Example on how a upgrade could look
Before actually upgrading packages it will get an overview what packages will be upgraded.
It migh look something like this:
~ $ /media/usb/upgrade Upgrading from alpine-1.7.2 to alpine-1.7.6 Will try to upgrade packages from fetching usb://apks/INDEX.md5.gz Looking for new packages... The following packages will be updated: alpine-baselayout-1.4.1-r1 < needs updating (index has 1.6.0) alpine-conf-0.9 < needs updating (index has 1.0) busybox-1.5.0-r1 < needs updating (index has 1.7.1) Press Enter to continue or Ctrl-c to abort.
Verify that it looks ok and press [enter] to start the upgrade.
As a first step the upgrade script will try to upgrade apk-tools, uclibc and busybox.
Then it will upgrade all packages by running 'apk_add -u'.
It will look something like this:
fetching usb://apks/busybox-1.7.1.apk updating busybox-1.5.0-r1 to busybox-1.7.1 fetching usb://apks/alpine-baselayout-1.6.0.apk updating alpine-baselayout-1.4.1-r1 to alpine-baselayout-1.6.0 fetching usb://apks/alpine-conf-1.0.apk updating alpine-conf-0.9 to alpine-conf-1.0
When then 'apk_add' application upgrades packages, it will detect that you have modified some config files.
Instead of overwriting your config, it will install the new config with the suffix '.apk-new'.
This way you are able to review and merge in changes from the default config to your own config file.
Config files that are untouched will just silently be replaced.
The 'upgrade' script will execute 'update-conf' to assist you in merging the config files.
It will first display a list of config files that you will need to take care of manually.
Like this:
The following config files have been updated and need attention: /etc/profile /etc/modules /etc/inittab /etc/hosts /etc/init.d/syslog /etc/init.d/networking /etc/init.d/modloop
Afterward it will step through every file, displaying a diff and give you options to act:
--- /etc/profile 2007-05-31 14:11:47 +0000 +++ /etc/profile.apk-new 2007-09-07 06:33:36 +0000 @@ -1,4 +1,3 @@ export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin export PAGER=less umask 022 -export LBU_MEDIA=usb New /etc/profile available: Quit, Next, Show diff, Edit new, Zap new, Use new (q/n/s/e/z/u) [s]:
In this case we have added 'export LBU_MEDIA=usb' so we don't need to specify the media to 'lbu'.
We want to keep our current file as it is so we just press 'z' (and [enter]) to zap the new config and keep the old.
Next is file is '/etc/modules':
--- /etc/modules 2007-05-09 16:02:31 +0000 +++ /etc/modules.apk-new 2007-09-07 06:33:36 +0000 @@ -1,4 +1,2 @@ deadline-iosched af_packet -xt_state -xt_tcpudp New /etc/modules available: Quit, Next, Show diff, Edit new, Zap new, Use new (q/n/s/e/z/u) [s]:
Also here we just keep the current config by pressing 'z' since the modules are needed for our ipsec.
Next file is '/etc/inittab':
--- /etc/inittab 2007-06-20 13:21:20 +0000 +++ /etc/inittab.apk-new 2007-09-07 06:33:36 +0000 @@ -4,7 +4,7 @@ ::wait:/etc/init.d/rcL # Set up a couple of getty's -::respawn:/sbin/cttyhack /sbin/getty - 9600 vt100 +::respawn:/usr/bin/cttyhack /sbin/getty - 9600 vt100 tty2::respawn:/sbin/getty 38400 tty2 tty3::respawn:/sbin/getty 38400 tty3 tty4::respawn:/sbin/getty 38400 tty4 New /etc/inittab available: Quit, Next, Show diff, Edit new, Zap new, Use new (q/n/s/e/z/u) [s]:
This time the change is not caused by us, but its a change in the default config.
This is even related to where the login screen should appear so if we dont merge this change, we might not be able to see the login screen!
We choose 'u' to use the new config.
Continue go through every config file.
Sometimes you might want to edit the new file, or leave the upgrade process to take care of the config file manually by using option 'q'.
You can always resume later by either running the 'upgrade' script again or by executing 'update-conf -i'.
Save changes
Now that all upgrades are done, we should save our settings to our media (which you hopefully have backed up).
lbu ci floppy
Rebooting
In most cases you will need to reboot Alpine (specially if there are changes in the kernel):
kill 1
Note: If you know what you are doing, you might not need to reboot.
But make sure that all services affected by the upgrade are restarted.
Postfix on 1.9
General
The idea is to create a postfix config to host multiple maildomains.
I want to document both how it's set up and how it's maintained
Dovecot should be configured to let users fetch their mail through ssl
The aim is also to be able to fetch mail with mobile devices eg. mobile phones.
Initial Setup
Burn alpine_1.9alpha10 on a CD and boot the machine.
Suggestion: Follow notes on Setting_up_a_ssh-server to be able to remotely administer this box.
Postfix
Install
apk_add postfix
Prepare
We need to create a user on this system that has rights to read/write mail on you system.
Let's call this user vmail (you can choose another name if you like).
You will get prompted for a password.
adduser vmail
Now we need to know what gid/uid that user got.
Take notes on the numbers, you will need the in the upcoming configuration (in my case I got uid/gid '1001').
grep vmail /etc/passwd
This newly-created user will need permissions in the mail group.
Edit /etc/group and add vmail to the postdrop group. Se example below:
postdrop:x:208:vmail
Create missing dirs
Seems we are missing /var/spool/mail and /var/mail so we need to create those
mkdir /var/spool/mail ln -s /var/spool/mail /var/mail
Create virtual maildir
In the upcoming configuration we are going to specify /var/mail/vhosts/ as the virtual_mailbox_base so we need to create it.
mkdir /var/mail/vhosts
And we need to give permissions to our vmail user so he can read/write in this folder.
chown vmail:vmail /var/mail/vhosts
Configuration
For now I just dump whatever I have. I will clean up these notes soon.
/etc/postfix/main.cf
These are the variables that varies from the defaults
## These settings differers from the default config ## soft_bounce = yes # For testing myhostname = mail.example.net mydomain = example.net myorigin = $mydomain mydestination = localhost, mail.localdomain, localhost.localdomain, localdomain # See 'virtual_mailbox_domains' for more information mynetworks = 192.168.10.0/24, 127.0.0.0/8 relayhost = in_flow_delay = 1s home_mailbox = Maildir/ mail_spool_directory = /var/spool/mail smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) ## The following is added to the config ## virtual_mailbox_domains = example.net virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_minimum_uid = 100 virtual_uid_maps = static:1001 virtual_gid_maps = static:1001 virtual_alias_maps = hash:/etc/postfix/valias
/etc/postfix/valias
postmaster@example.net user1@example.net hostmaster@example.net user2@example.net
/etc/postfix/vmailbox
user1@example.net example.net/user1/ user2@example.net example.net/user2/ @example.net example.net/catchall #everyone else doesn't match rule above
Create DB's
Once you created the above config-files, you need to make generate some DB's
postmap /etc/postfix/vmailbox postmap /etc/postfix/valias
I am not 100% if the next command is needed, but I think that you need to create the 'aliases' DB.
postmap /etc/postfix/aliases
Start postfix
It's time to start. Hopefully it works!
/etc/init.d/postfix start
Debugging
In case something goes wrong you should have a look in your syslog.
Personally I use to tail the logfile while debugging
tail -f /var/log/messages
Dovecot on 1.9
General
Dovecot should be configured to let users fetch their mail through ssl
The aim is also to be able to fetch mail with mobile devices eg. mobile phones.
Initial Setup
Start by following the 'postfix' instructions before you proceed to setup dovecot.
Dovecot
Install
apk_add dovecot
Prepare
The upcoming configuration is going to need some certificates.
Certificates
We want to keep things clean, so we create a dovecot folder for it's certs/keys
mkdir /etc/ssl/dovecot
Now we start creating the certs
openssl genrsa 512/1024 > server.pem openssl req -new -key server.pem -days 365 -out request.pem # You will get prompted for various information that is added the the file openssl genrsa 2048 > server.key openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem
Configuration
For now I just dump whatever I have. I will clean up these notes soon.
/etc/dovecot/dovecot.conf
## These settings varies from the default configuration ##
base_dir = /var/run/dovecot/
protocols = imap imaps
listen = *
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/dovecot/server.pem
ssl_key_file = /etc/ssl/dovecot/server.key
ssl_parameters_regenerate = 168
verbose_ssl = yes
login_chroot = yes
login_greeting = Dovecot ready.
mail_location = maildir:/var/spool/mail/vhosts/%d/%n
mail_privileged_group = mail
mail_debug = no
verbose_proctitle = no
valid_chroot_dirs = /var/mail
protocols lda { # This line is not changed - it's here to help you know where to make edits
postmaster_address = postmaster@example.net
} # This line is not changed - it's here to help you know where to make edits
auth_verbose = yes
auth_debug = yes
auth_worker_max_count = 30
auth default { # This line is not changed - it's here to help you know where to make edits
mechanism = plain login digest-md5
passdb passwd-file {
args = /etc/dovecot/dovecot-passwd
}
userdb passwd-file {
args = /etc/dovecot/dovecot-users
}
socket listen {
path = /var/spool/postfix/private/auth
user = postfix
group = postfix
mode = 0660
}
} # This line is not changed - it's here to help you know where to make edits
/etc/dovecot/dovecot-users
The uid/gid number below '1004' should match your 'vmail' account (the account that owns '/var/mail/vhosts')
user1@example.net::1004:1004::/var/spool/vhosts/example.net/:/bin/false:: user2@example.net::1004:1004::/var/spool/vhosts/example.net/:/bin/false::
/etc/dovecot/dovecot-passwd
To generate the passwords you can use the dovecotpw command.
The output can be used to create a password for your 'dovecot-passwd'
dovecotpw -s MD5-CRYPT
The /etc/dovecot/passwd file should look like this:
user1@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0 user2@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
Start dovecot
It's time to start. Hopefully it works!
/etc/init.d/dovecot start
Debugging
In case something goes wrong you should have a look in your syslog.
Personally I use to tail the logfile while debugging
tail -f /var/log/dovecot