I love OpenOffice.org, and have been using it for years. One of the benefits is the sheer amount of space that one can save when using OpenOffice Writer - the ODT files are much smaller. In an age where hard drives and other storage doesn't limit the size of files as much, it seems I am a dinosaur for even considering the amount of bytes I can save. Still, the more free space I have, the more I can store. Plus, when it comes to sending and receiving documents, the smaller they are the less impact it is on a network. In the grand scheme of things, I think bloated documents are as bad as low bandwidth in some areas.

This benefit of OpenOffice.org is lost when I have to send someone a Microsoft Office format for a text file. It bugs me, and I often forget to wipe the converted files to save space - maybe I am getting old. Thus, when I came across How to open ODT (openoffice.org text) files in Microsoft Word, I was surprised and happy.

Quoting from the original site:

Office 2007

1. Install Service Pack 1 for Office 2007.
2. Install Sun ODF Plugin for Microsoft Office.
3. Open ODT document via File > Open, or by double-clicking the ODT file and when prompted for the application to open it with, choose Word.

If you have Office 2003, installing the Sun ODF Plugin should just work.

If you don’t have administrator privileges to install software, you can try an online converter such as Zamzar or Media Convert. You can also upload ODT documents to Google Docs or Zoho Writer.

Thank you. Now, when I accidentally send a smaller file and am short on time, I can simply point people to that and allow me to stop converting files because Microsoft itself had never supported ODT - an open standard with open source software that they could easily have allowed for to be intercompatible.

What is gettext and why use it?

gettext is the GNU internationalization and localization (i18n) library. It is commonly used for writing multilingual programs. It has an implementation in a lot of different languages and it's also commonly used in PHP applications.

But what does you mean by internationalisation? Actually, when you write computer code you are also going to write into your code some sentences which will be prompted to the used who is running the application. Those sentences are always written in a language of your choice. But what if that person doesn't understand that language.

The first reaction to solve this problem would be to say : "Ok, but I'm gonna make another version of the code in an other language. I'll translate all those sentences so that my application could be used by other people". And we agree, this is indeed the first solution we get. But this is not optimal since you decide to modify your intial app, you'll have to modify all the translated app too and this is not an issue. It's totally broken to work like this because it imply an enormous quantity of duplicated code and a big amount of work !

That's the moment when gettext came and solved all your problems ! Indeed, the gettext solution proposes te replace all those strings with a call to a gettext function with your sentence as parameter. This function check the chosen language and if it knows a translation of the sentence in that language, it returns the translated sentence, otherwise it returns the initial sentence.

Setup Gettext

Install the gettext library

To use the gettext functions we will use in this tutorial you'll need to install and to import the php-gettext library into your php application. You can easyly find it in the directory /usr/share/php/php-gettext. So go there and pick the directory to put it in your app.

Once done, you'll need to import your php-gettext library in all the files of your application. So let's make a generic file called i18n.php which will contain all the i18n params :

<?php
require_once(dirname(__FILE__).'/lib/gettext/gettext.inc');
require_once(dirname(__FILE__).'/config.php');

$locale = BP_LANG;
$textdomain="my_project";
if (empty($locale))
	$locale = 'fr';
if (isset($_GET['locale']) && !empty($_GET['locale']))
	$locale = $_GET['locale'];
putenv('LANGUAGE='.$locale);
putenv('LANG='.$locale);
putenv('LC_ALL='.$locale);
putenv('LC_MESSAGES='.$locale);
T_setlocale(LC_ALL,$locale);
T_setlocale(LC_CTYPE,$locale);

$locales_dir = dirname(__FILE__).'/../i18n';
T_bindtextdomain($textdomain,$locales_dir);
T_bind_textdomain_codeset($textdomain, 'UTF-8'); 
T_textdomain($textdomain);
?>

And if you are observer, you see we put a mechanism in our i18n.php file to test our translation app easyly. Indeed, if you don't want to change the locale each time you want to test another language, you just can add a parameter to your php query in your browser to set the language of your choice. Like /index.php?locale=en will give you english and index.php?locale=fr will give you french. This makes it easy for testing.

Convert all your strings into gettext strings

First you need to change your code and to use Gettext for all you translatable strings. There are multiple situations you will encounter : If you are between in <?php> tags or outside of them. So let's see how we can do :

<?php
echo '<h1>'.T_('title').'</h1>';
?>
<p><?=T_("Welcome to My PHP Application");?></p>
<p><?=T_gettext("Have a nice day");?></p>

And if you want to use some PHP variables into your text you can do it by using sprintf :

<?php
echo '<h1>'.sprintf(T_('The story of %s'), $author).'</h1>';
?>

Of course, you'll also have more border-line situation as the management of plural forms. In english the plural form is not used on the same manner than in other languages so we'll have to manage it also during the translation operation. Let see how we can for example manage the situation of a variable which determine the plurality of a sentence :

<?php
$n_windows = 5;
# The solution with simple string : 
printf(T_ngettext("%d window", "%d windows", $n_windows), $n_windows);
# Or the solution with composed strings :
echo sprintf(T_ngettext("There is %d window", "There are %d windows", $n_windows), $n_windows)."in that room";
?>

Here the %d value will represent the cardinality of the string and will be adapted in function of his value. If %d is equal to 1 it will be singular, and if %d is equal to more than 1, it will be plural.

Extract all your string for translation

first be sure to create a directory called "i18n" in the root of your application. We will use this directory for our translations (many tutorials are calling the directory "locales" but I prefer "i18n" ... you are of course free to make your own choice, be sure to adapt the path if needed).

Now that all the strings of your PHP application are converted, we will need to extract them. Here comes the moment when we'll need gettext :

xgettext -kT_gettext -kT_ --from-code utf-8 -d my_project -o i18n/my_project.pot -L PHP --no-wrap -f files.txt

This will create a file called my_project.pot in your i18n directory

Create the language files :

The first time you create your translation file you have to use the msginit command :

msginit -l en -o i18n/my_project_en.po -i i18n/my_project.pot

If this is not the first time you extract your messages, you may want to only merge the old files with the new strings. You don't want to erase your previous translations. So therefor you have to use this command :

msgmerge -U i18n/my_project_fr.po i18n/my_project.pot

The old translated strings will stay translated. The similar string will be guessed by gettext and become fuzzy and all the others will be added. If there are strings which are not used anymore, they'll be added at the end of your po file but with a comment tag '#'.

Translate your app

Now it's time to work on the translation itself. Everything is ready to work with the internationalisation mechanism, but without translation it won't work. So open the created .po files and let's start translation. Be carefull to translate everything on the proper manner and if there are some variables to translate, do it carefully.

Compile and enable your translations

Once everything is translated, it's time to compile and to enable the translations. The tree structure of your i18n files will be like this :

i18n
     /fr
          /LC_MESSAGES
              my_project.mo
     /en
          /LC_MESSAGES
              my_project.mo
     /my_project.pot
     /my_project_en.po
     /my_project_fr.po

This is the last step. So go into your shell and execute the following command :

msgfmt -c -v -o i18n//fr/LC_MESSAGES/my_project.mo i18n/my_project_fr.po
4 messages translated.

That's it. Verify that the .mo file is well created. Now it's should work. Let's change the locale and it'll change the language. Isn't it beautyfull?

Strange, I didn't thought gettext was like that !

for those who are used to gettext, there is not question of T_ before the strings, only a _("string") or gettext("string"). So yes, if you want to make internationalisation possible you have to use a server where all (all of them) the locales are installed, and this is most likely impossible when you are working on a server which is not yours. That's why the specific functions of php-gettext are so usefull because they permit to become server-configuration independant.

I hope this tutorial make things more clear for you. If you still have some questions, don't hesitate to post them in the comments.

First of all, this is a small memo for me because I'll need to use this quite often the next weeks. So if it can be usefull for others, I post it here

• I want to access to a private port on a remote host. This port will be mapped on a local port with the tunnel.
• After creating the tunnel, the service will be accessible on the port localhost:LocalPort
• All the communications will pass trough the SSH connection (so it will be ssl-encrypted)

ssh -f -N -L LocalPort:RemoteHost:RemotePort Login@RemoteHost

• -f is to hide the session
• -N and -L are there for the tunnel

Purpose

To have a mail server Which is working with sessions organised in a postgresql database structure and not based on the unix user sessions

Version of the used software for this tutorial

- Ubuntu 8.10 Intrepid server edition - Courier-imap 4.3.1 - Postfix 2.5.5 - postgresql 8.3

I started from a new installation of my distribution so all the actions described here are from scratch.

Step 1 : Prepare the system

Install postfix, courier-imap, courier-authdaemon and postgresql

The usefull debian command line :

sudo apt-get install postfix courier-imap postgresql courier-authdaemon courier-authlib-postgresql postfix-pgsql

During the installation you will be asked for some questions about postfix. Just answer with the common responses, you will be able to change this later.

After install, you can check if the right ports are open on the localhost 127.0.0.1 :

PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
143/tcp  open  imap
5432/tcp open  postgresql

Create a postfix user

Normally the postfix user is automatically created by the apt-get install, otherwise you can do :

# adduser postfix
# adduser postfix postfix

Step 2 : Postgresql

Configure postgresql for the postfix user :

Login as root in postgres is done with the "postgres" user :

# sudo -s -u postgres
$ psql
postgres# CREATE USER postfix WITH PASSWORD 'postfix';
postgres# CREATE DATABASE postfix;
postgres# GRANT ALL PRIVILEGES ON DATABASE postfix to postfix;

Ok now you'll have a postfix user and an associated database called postfix. In this database we'll put all the informations about our mail configuration.

To prevent permissions problem with postgresql it could be usefull to allow the postfix user to have a history file, so you need to give read/write access to the folder /var/spool/postfix for postfix user :

# chown -R postfix.postfix /var/spool/postfix

Open external ports for postgresql (only if you need to access postgresql from outside)

Configure by opening the access to the database not only for your loopback interface in the file /etc/postgresql/main/8.3/postgresql.conf :

# - Connection Settings -
listen_addresses = '*'				# what IP address(es) to listen on;
									# comma-separated list of addresses;
									# defaults to 'localhost', '*' = all

and now in the file /etc/postgresql/main/8.3/pg_hba.conf we need to allow the used network, here we are using 10.0.2.0.24 (last line):

# "local" is for Unix domain socket connections only
local	all			all								ident sameuser
# IPv4 local connections:
host	all			all			127.0.0.1/32		md5
# IPv6 local connections:
host	all			all			::1/128				md5
# this line add the authorisation for all the subnetwork 10.0.2.* to connect to the
# local postgresql server
host	all			all			10.0.2.0/24			md5

Now your can restart postgresql :

/etc/init.d/postgresql-8.3 restart

To check the accessibility for postgresql, lets test the ports on your external IP (for me 10.0.2.15) and you should have :

PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
143/tcp  open  imap
5432/tcp open  postgresql

Create the tables for the mail

This is the table which will be used to match the aliases to the existing emails :

CREATE TABLE aliases (
  alias varchar(255) NOT NULL default '',
  address text NOT NULL,
  domain varchar(255) NOT NULL default '',
  created time with time zone NOT NULL  default now(),
  modified time with time zone NOT NULL default now(),
  active int NOT NULL default '1',
  PRIMARY KEY  (address)
);

This table content the several domains that are managed by this mail server instance :

CREATE TABLE domain(
  domain varchar(255) NOT NULL default '',
  description varchar(255) NOT NULL default '',
  aliases int NOT NULL default '0',
  mailboxes int NOT NULL default '0',
  maxquota int NOT NULL default '0',
  transport varchar(255) default NULL,
  backupmx int NOT NULL default '0',
  created time with time zone NOT NULL default now(),
  modified time with time zone NOT NULL default now(),
  active int NOT NULL default '1',
  PRIMARY KEY  (domain)
) ;

The mailbox table have all the emails of the users with theirs passwords and mail directory :

CREATE TABLE mailbox (
  username varchar(255) NOT NULL default '',
  password varchar(255) NOT NULL default '',
  name varchar(255) NOT NULL default '',
  maildir varchar(255) NOT NULL default '',
  quota int NOT NULL default '0',
  domain varchar(255) NOT NULL default '',
  created time with time zone NOT NULL default now(),
  modified time with time zone NOT NULL default now(),
  active int NOT NULL default '1',
  PRIMARY KEY  (username)
) ;

Instantiate the tables of the mail database :

This will allow you to test your system if it is working successfully :

INSERT INTO domain (domain,description) VALUES ('example.lan', 'Example domain');
INSERT INTO mailbox (username,password,name,maildir)  VALUES ('greg@example.lan','$1$zO3SJ$atwB0hrEgp5KWbrJG.zwE0','Mailbox User','greg@example.lan/');
INSERT INTO aliases (alias,address) VALUES ('gregoire@example.lan', 'greg@example.lan');
INSERT INTO mailbox (username,password,name,maildir)  VALUES ('test@example.lan','$1$8evSJ$CC92TOtQQzdull3QNb4AZ0','Mailbox User','test@example.lan/');

Note : the passwords used here are resectively : - greg@example.lan : secret - test@example.lan : test To generate other passwords you can use the command 'authpasswd' :

# authpasswd
Password: 
Reenter password: 
$1$0h8fJ$w4sbGbaoX487cytcGpmqF1

Create the directory for your mails

# mkdir /home/postfix
# mkdir /home/postfix/Maildir
# chown -R postfix.postfix /home/postfix

Now let's create a folder for each user :

# sudo -s -u postfix
$ cd /home/postfix/Maildir
$ maildirmake greg@example.lan
$ maildirmake test@example.lan

We are now ready to go ahead to the postfix configuration

Step 3 : Configure the authentication system

Configure authdaemon for the postgresql sessions

Edit the file ‘authdaemonrc‘ in the directory ‘/etc/courier/ ‘. This will configure the database access like where it is, how to connect, which user and password and which tables and fields to use.

authmodulelist="authpgsql" 
daemons=5 
authmodulelistorig="authuserdb authpam authldap authmysql authcustom authpipe" 
DEBUG_LOGIN=2 # this can be usefull to get some debug log
authdaemonvar=/var/run/courier/authdaemon

In the file /etc/courier/authpgsqlrc you will find all the configuration data of your system database :

PGSQL_HOST		localhost
PGSQL_PORT		5432
PGSQL_USERNAME		postfix
PGSQL_PASSWORD		postfix
PGSQL_DATABASE		postfix
PGSQL_USER_TABLE	mailbox
PGSQL_CRYPT_PWFIELD	password
# for the uid and the gid you need to use the right for your installation
# use the command 'id postfix' to find it out
PGSQL_UID_FIELD		111
PGSQL_GID_FIELD		119
PGSQL_LOGIN_FIELD	username
PGSQL_HOME_FIELD	'/home/postfix/Maildir'
PGSQL_MAILDIR_FIELD	maildir

Test authdaemon with authtest

First you need to restart the daemons to reload the configuration files

# /etc/init.d/courier-authdaemon restart

To test if the authentication works with the database you can use authtest :

$ authtest greg@example.lan secret
Authentication succeeded.

     Authenticated: greg@example.lan  (uid 109, gid 117)
    Home Directory: /var/spool/postfix
           Maildir: greg@example.lan/
             Quota: (none)
Encrypted Password: $1$zO3SJ$atwB0hrEgp5KWbrJG.zwE0
Cleartext Password: secret
           Options: (none)

If it don't work you can find a lot of informations in the file /var/log/mail.log :

$ tail -n 10 /var/log/mail.log
Dec 18 15:25:25 ubuntu authdaemond: modules="authpgsql", daemons=5
Dec 18 15:25:25 ubuntu authdaemond: Installing libauthpgsql
Dec 18 15:25:25 ubuntu authdaemond: Installation complete: authpgsql
Dec 18 15:25:40 ubuntu authdaemond: received auth request, service=login, authtype=login
Dec 18 15:25:40 ubuntu authdaemond: authpgsql: trying this module
Dec 18 15:25:41 ubuntu authdaemond: SQL query: SELECT username, '', password, 109, 117, '/var/spool/postfix', Maildir, '', '', '' FROM mailbox WHERE username = 'greg@example.lan'
Dec 18 15:25:41 ubuntu authdaemond: authpgsql: sysusername=<null>, sysuserid=109, sysgroupid=117, homedir=/var/spool/postfix, address=greg@example.lan, fullname=<null>, maildir=greg@example.lan/, quota=<null>, options=<null>
Dec 18 15:25:41 ubuntu authdaemond: authpgsql: clearpasswd=secret, passwd=<null>
Dec 18 15:25:41 ubuntu authdaemond: Authenticated: sysusername=<null>, sysuserid=109, sysgroupid=117, homedir=/var/spool/postfix, address=greg@example.lan, fullname=<null>, maildir=greg@example.lan/, quota=<null>, options=<null>
Dec 18 15:25:41 ubuntu authdaemond: Authenticated: clearpasswd=secret, passwd=<null>

Here, as you can see everything is working fine for me cool

Step 4 : Postfix

Configure postfix + postgresql

First we'll need the user id and the group id of postfix :

# id postfix

here are the lines you'll need to append to the /etc/postfix/main.cf file (don't forget to adapt the gid and the uid for your own user, otherwise you'll expect some permissions problems)

home_mailbox = mail/
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU)

# my additions for the virtual domain administration
# to use the Postgresql database.
virtual_gid_maps = static:117
virtual_uid_maps = static:109
virtual_transport = virtual
virtual_mailbox_limit = 51200000
virtual_mailbox_base = /home/postfix/Maildir
virtual_alias_maps = pgsql:/etc/postfix/pgsql_virtual_aliases_maps.cf
virtual_mailbox_domains = pgsql:/etc/postfix/pgsql_virtual_domains_maps.cf
virtual_mailbox_maps = pgsql:/etc/postfix/pgsql_virtual_mailbox_maps.cf

Now let's create the several maps databases for the aliases, domains and mailbox in the correct files :

/etc/postfix/pgsql_virtual_aliases_maps.cf :

# The hosts that Postfix will try to connect to
hosts = localhost
# The user name and password to log into the pgsql server.
user = postfix
password = postfix
# The database name on the servers.
dbname = postfix
query = SELECT address FROM aliases WHERE alias='%s'

/etc/postfix/pgsql_virtual_domains_maps.cf :

user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s'

/etc/postfix/pgsql_virtual_mailbox_maps.cf :

user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1

Test postfix with postmap

Let's check if the configuration we used before is correct and is working :

# postmap -q greg@example.lan  pgsql:/etc/postfix/pgsql_virtual_aliases_maps.cf
# postmap -q greg@example.lan  pgsql:/etc/postfix/pgsql_virtual_domains_maps.cf
# postmap -q greg@example.lan  pgsql:/etc/postfix/pgsql_virtual_mailbox_maps.cf
greg@example.lan/

Here as you can see I have no errors prompted so it's working fine :)-

Note : be sure this works before going further in this tutorial.

Configure the SMTP authentication with SASL

Create a directory in the chrooted directory of postfix to enable access to the authdaemon app :

cd /var/spool/postfix
mkdir courier-authdaemon-socket

first check where is installed the socket of the authdaemon. Usually on debian systems it's installed into the /var/run/courier/authdaemon directory. Adapt the tutorial if it's different for you.

Modify your /etc/fstab file so you can mount the right directory in the right place to access to the authdaemon socket from the chrooted directory. Add this line into /etc/fstab :

/var/run/courier/authdaemon /var/spool/postfix/courier-authdaemon-socket none bind 0 0

Now let's mount the directory into the right place and test if it works :

mount /var/spool/postfix/courier-authdaemon-socket
chown -R postfix.postfix /var/spool/postfix/courier-authdaemon-socket

Now we need to configure postfix to authenticate the SMTP requests on the same way as for the IMAP requests. Therefore we will ask to postfix to use authdaemon to authenticate. The authentication system for postfix is called SASL. Let's install it.

apt-get install sasl2-bin libsasl2-modules

Activate SASL in the postfix configuration file /etc/postfix/sasl/smtpd.conf (be sure the directory to the authdaemon socket is right in a chrooted perspective):

pwcheck_method: authdaemond
mech_list: PLAIN LOGIN
authdaemond_path: /courier-authdaemon-socket/socket
log_level: 4

Append the following lines at the end the postfix configuration file /etc/postfix/main.cf :

#
# The settings for the SASL authentication using the autdaemon.
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = no
smtpd_client_restrictions = permit_mynetworks
                            permit_sasl_authenticated

Step 5: Courier Imap and the rest

Configure courier-imap

Configuration is done into the file /etc/courier/imapd. We need to modify this line with the right directory :

MAILDIRPATH=/home/postfix/Maildir

The default configuration is ok for the rest.

Now let's reboot all your daemons in use to be sure every configuration is considered:

# /etc/init.d/postfix restart && /etc/init.d/courier-imap restart && /etc/init.d/courier-authdaemon restart

Configure thunderbird

You can just try to add an account. The data you'll need is :

• IMAP server : your mail server IP
• SMTP server : same IP
• Username : greg@example.lan
• Password : secret
• Use TLS/SSL : no
• Port : 143

Known errors

Note : if you get the following error in /var/log/mail.log :

postfix/trivial-rewrite[19109]: warning: do not list domain example.lan in BOTH mydestination and virtual_mailbox_domain

then it means you configured the "mydestination" variable in /etc/postfix/main.cf to the same domain name as your email server. Please remove "example.lan" from it and it should work now

Postfix configure anti spam with blacklist

Postfix is free and powerful MTA. You can easily configure Postfix to block spam. You need to add following directives to /etc/postfix/main.cf file:

• disable_vrfy_command = yes : Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses.

• smtpd_delay_reject = yes : It allows Postfix to log recipient address information when rejecting a client name/address or sender address, so that it is possible to find out whose mail is being rejected.

• smtpd_helo_required = yes : Require that a remote SMTP client introduces itself at the beginning of an SMTP session with the HELO or EHLO command. Many spam bot ignores HELO/EHLO command and you save yourself from spam. Following lines further restrictions on HELO command:
  • smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, Reject email if remote hostname is not in fully-qualified domain form. Usually bots sending email don't have FQDN names.
  • reject_invalid_hostname, Reject all bots sending email from computers connected via DSL/ADSL computers. They don't have valid internet hostname.

You can put the following access restrictions that the Postfix SMTP server applies in the context of the RCPT TO command.

• smtpd_recipient_restrictions =
  • reject_invalid_hostname, - Reject email if it not valid hostname
  • reject_non_fqdn_hostname, - Reject email if it not valid FQDN
  • reject_non_fqdn_sender, - Reject the request when the MAIL FROM address is not in fully-qualified domain form. For example email send from xyz or abc is rejected.
  • reject_non_fqdn_recipient, - Reject the request when the RCPT TO address is not in fully-qualified domain form
  • reject_unknown_sender_domain, - Reject email, if sender domain does not exists
  • reject_unknown_recipient_domain, Reject email, if recipient domain does not exists
  • permit_mynetworks,
  • reject_rbl_client list.dsbl.org, Configure spam black lists
  • reject_rbl_client sbl.spamhaus.org,
  • reject_rbl_client cbl.abuseat.org,
  • reject_rbl_client dul.dnsbl.sorbs.net,
  • permit

Open /etc/postfix/main.cf file :

$ sudo vim /etc/postfix/main.cf

Set/modify configuration as follows

disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
     reject_non_fqdn_hostname,
     reject_invalid_hostname,
     permit

smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   permit_mynetworks,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   permit

smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

Also force (last lines) Postfix to limit incoming or receiving email rate to avoid spam.

Save and close the file. Restart postfix:

# /etc/init.d/postfix restart

Watch out maillog file. Now you should see lots of spam email blocked by above configuration directive:

# tail -f /var/log/mail.log

Output:

Jan  9 06:07:22 server postfix/smtpd[10308]: NOQUEUE: reject: RCPT from 183-12-81.ip.adsl.hu[81.183.12.81]: 554 Service unavailable; Client host [81.183.12.81] blocked using dul.dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?81.183.12.81; from= to= proto=ESMTP helo=<183-12-230.ip.adsl.hu>
Jan  9 06:07:23 server postfix/smtpd[10308]: lost connection after RCPT from 183-12-81.ip.adsl.hu[81.183.12.81]
Jan  9 06:07:23 server postfix/smtpd[10308]: disconnect from 183-12-81.ip.adsl.hu[81.183.12.81]
Jan  9 06:10:43 server postfix/anvil[10310]: statistics: max connection rate 1/60s for (smtp:81.183.12.81) at Jan  9 06:07:17
Jan  9 06:10:43 server postfix/anvil[10310]: statistics: max connection count 1 for (smtp:81.183.12.81) at Jan  9 06:07:17
Jan  9 06:10:43 server postfix/anvil[10310]: statistics: max cache size 1 at Jan  9 06:07:17
Jan  9 06:16:58 server postfix/smtpd[10358]: warning: 81.92.197.249: address not listed for hostname unassigned.or.unconfigured.reverse.nfsi-telecom.net
Jan  9 06:16:58 server postfix/smtpd[10358]: connect from unknown[81.92.197.249]
Jan  9 06:17:00 server postfix/smtpd[10358]: NOQUEUE: reject: RCPT from unknown[81.92.197.249]: 550 : Recipient address rejected: User unknown in virtual alias table; from=<> to= proto=ESMTP helo=
Jan  9 06:17:00 server postfix/smtpd[10358]: disconnect from unknown[81.92.197.249]

Nagios is a free, open-source tool that can be used to monitor network components and services. When it detects a problem, it can send alert messages by either e-mail or pager. It can also be configured so that only designated personnel can view status information for particular services or equipment. This tutorial will show you how to install Nagios 3 on an Ubuntu 8.10 server.

Nagios3 is in the repository for Ubuntu 8.10.

Install Nagios

sudo apt-get install nagios3

You can see that it will install a number of packages to make it all work.

Once it is installed run a pre-flight check to verify it is working correctly.

Pre-Flight Check

sudo nagios3 -v /etc/nagios3/nagios.cfg

Create Nagios user

By default it should run and you should be able to login to the web interface after you create the nagios user. Move into the /etc/nagios3 directory and create a user to access the web interface.

cd /etc/nagios3
sudo htpasswd -c htpasswd.users nagios
New password:
Re-type new password:
Adding password for user nagios

Login into nagios webpage

Now login to the web interface with http://ip_address/nagios3

You will not have all of the rights to view everything but for the purposes of making sure it all works you will see it is all running. Now you need to configure it for your settings.

Basic Configuration

The configuration is where you will get to set up the services and hosts that you need.

Now, cd to the /etc/nagios3 directory.

cd /etc/nagios3

Here you will see the base file nagios.cfg. The additional configuration files are located in conf.d.

contacts_nagios2.cfg          generic-service_nagios2.cfg      localhost_nagios2.cfg
extinfo_nagios2.cfg           host-gateway_nagios3.cfg         services_nagios2.cfg
generic-host_nagios2.cfg      hostgroups_nagios2.cfg           timeperiods_nagios2.cfg

Check the "timeperiods_nagios2.cfg" file to define different time periods for when you want certain functions to happen. Here’s an example:

# Time periods
# All times are valid for all
# checks and notifications

define timeperiod{
timeperiod_name 24×7
alias              24 Hours A Day, 7 Days A Week
sunday          00:00-24:00
monday        00:00-24:00
tuesday         00:00-24:00
wednesday    00:00-24:00
thursday        00:00-24:00
friday            00:00-24:00
saturday        00:00-24:00
}

define timeperiod{
timeperiod_name 8×5
alias                8 Hours A Day, 5 Days A Week
monday          08:00-16:00
tuesday           08:00-16:00
wednesday     08:00-16:00
thursday         08:00-16:00
friday             08:00-16:00
}

Check, the "contacts_nagios2.cfg" file. This will define the types of notifications that individuals and groups will receive, and when they will be contacted.

# Contacts–Individuals and Groups

define contact{
contact_name                                greg
alias                                              Nagios Admin
service_notification_period          24×7
host_notification_period               24×7
service_notification_options        w,u,c,r
host_notification_options              d,r
service_notification_commands    notify-by-email
host_notification_commands         host-notify-by-email
email                                              greg@localhost
}

The email account that you add for the Nagios Admin should be your main email account as this will be used to send you information.

# contact groups
# Nagios only talks to contact groups, not individuals
# Members must be Nagios users, alias and contact_group
# are whatever you want

define contactgroup{
contactgroup_name               admins
alias                                       Nagios Administrators
members                                 greg
}

In this file, each person who is to be a contact must have his own "define contact" section. Each person must also be a member of a "contactgroup". Also, each person who is to be a contact must have a system account on the Nagios server, have a Nagios password, and be a member of the "nagios" group. (This group will be created automatically when you install Nagios.)

sudo useradd -m -G nagios greg

If you haven’t yet created the Nagios password database, you’ll use the "htpasswd" command with the -c option to create the new file.

sudo htpasswd -c /etc/nagios/htpasswd.users nagios

If the database has already been created, and you just want to add a new user to it, then omit the -c option. You can also add a line into the file using this script http://home.flash.net/cgi-bin/pw.pl

References

• Nagios Network Monitoring System Setup in Ubuntu
• Ubuntu quickstart
• Install Nagios 3 on Ubuntu 8.10

This is a small python script which can be used to extract the local IP address of a host in function of his interface. You can modify this script to adapt it to your purposes.

#!/usr/bin/python
# Shell script scripts to read ip address
# -------------------------------------------------------------------------
# Copyright (c) 2008 Greg theClimber <http://www.theclimber.be/>
# This script is licensed under GNU GPL version 3.0
# -------------------------------------------------------------------------
from commands import *
import getopt
import sys

def usage():
	print "Usage : python getip.py [(-i | --interface) name]"

try:
	opts, args = getopt.getopt(sys.argv[1:], "hi:", ["help", "interface="])
except getopt.GetoptError, err:
	# print help information and exit:
	print str(err) # will print something like "option -a not recognized"
	usage()
	sys.exit(2)
intf = None
for o, a in opts:
	if o in ("-h", "--help"):
		usage()
		sys.exit()
	elif o in ("-i", "--interface"):
		intf = a
	else:
		assert False, "unhandled option"

os=getoutput('uname')
ifs=getoutput('ifconfig | grep "Ethernet" | grep -v "vnet" | cut --delimiter=L -f1').splitlines()
interfaces=[]

linux="ifconfig %s | grep 'inet '| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'"
freebsd="ifconfig %s | grep -E 'inet.[0-9]' | grep -v '127.0.0.1' | awk '{ print $2}'"
sunos="ifconfig -a %s | grep inet | grep -v '127.0.0.1' | awk '{ print $2}'"

if not intf:
	print "Please select the interface to use :"
	for n, i in enumerate(ifs):
		i = i.rstrip(' ')
		interfaces.append(i)
		print "%s) %s" % (n, i)
	print "default = 0"
	try:
		num = input()
		num = int(num)
		i = interfaces[num]
	except: num=0
else:
	i = intf

if i:
	if os == 'Linux':
		ip = getoutput(linux % i)
	elif os =='FreeBSD':
		ip = getoutput(freebsd % i)
	elif os == 'SunOS':
		ip = getoutput(sunos % i)
	else:
		ip = "Unknown"
#	print "%r:%r" % (i, ip)

print ip

The first part of this tutorial explains how to setup the DJBdns server :

• DJBdns : How to setup DJBdns as DNS server (part I)

Here you will find the tutorial concerning the basis configuration of a DJBdns server based on the setup did before.

Configure a cache-server dnscache

• Official howto

Now that everything is installed you will need all your attention for the next steps. Now it becomes a bit harder if you never installed DJBdns before.

First you have to understand the difference between a cache-server and a name-server. Here we are going to install the cache server. This means that you’ll have on your machine the port 53 opened and when you have a query for a domain name, you’ll query it directly to your created server. This server will give you the IP associated to the domain-name and vice-versa.

The first thing to do is to create the two users who are going to manage the service. Call them dnscache and dnslog and don’t let them login in the computer. They are only “background users” :

sudo useradd -d /var/dnscache -s /bin/false dnscache
sudo useradd -d /var/dnscache -s /bin/false dnslog

If not done by useradd, create the home directory for the two system accounts above: {mkdir /var/dnscache}. Otherwise, empty that directory from stuff automatically copied into it by useradd, eg. Desktop, .bashrc, etc.

Configure the cache directory :

sudo dnscache-conf dnscache dnslog /var/dnscache/dnscache 10.0.2.15

where 10.0.2.15 is the IP address on which dnscache should listen for queries. In other words use the local address 127.0.0.1 if you only want to access to this server from your computer, otherwise use the external IP of your server. If unsure, use your external IP.

Allow the rest of your network 10.0.2.* to query dnscache:

sudo touch /var/dnscache/dnscache/root/ip/10.0.2 

Add dnscache to the list of services to be monitored by svscan:

ln -s /var/dnscache/dnscache /service/
sleep 5

Step 1 creates the link. Step 2 is just a reminder that you should not do ANYTHING with the dnscache system for at least 5 seconds, because that’s how long it will take daemontools to find that dnscache is a new directory under the /service directory, create all necessary supervise directories, perform other logistical work, and lastly, run dnscache and its logging system. Many wierd problems occur when someone ups or downs the service within a few seconds of creating the symlink, or when someone creates the symlink before application configuration is complete. Remember, the symlink is more than a directory redirection — creating it actually causes the app to be installed.

Let’s check that it now shows up through

pstree -p 

To check if the service was correctly started you can also look at the open ports on your computer and see if the right port is open :

nc -v 127.0.0.1 53

If it don’t work, it means that the supervisor daemon is not working correctly and you need to look at that problem again (see the section about daemontools installation). To go further and ignore this problem you can also run supervisor manually :

cd /service
sudo svscan &

Now you can use the supervisor tools to see if everything looks running :

$ svstat /service/*
dnscache: up (pid 5772) 45 seconds

The cache server is working correctly, perfect. Let’s now configure it so that the computer can use it. So open the /etc/resolv.conf file and put the following line into it :

nameserver 127.0.0.1

And test:

dnsip www.cnn.com
dnsip www.fsf.org

Configure a name-server tinydns

• Official howto

Now that your dns cache server is working correctly you can go further for the next step : configuring the name-server. If your cache-server is not working correctly I advise you to wait before working on the name-server. It’ll be easier to work on only one server at the same time.

So let’s begin by creating (like we did for dnscache) the users for tinydns :

sudo useradd -d /var/dnscache -s /bin/false tinydns
sudo useradd -d /var/dnscache -s /bin/false tinylog

Run the following command to create the configuration directory of tinydns :

tinydns-conf tinydns dnslog /var/dnscache/tinydns 127.0.0.1

Here the IP is the interface on which your name-server will run. As far as your cache-server and name-server are running on the same computer, you can use the loopback address without problem because the link between the two server will not cause any problem.

Note: The reason we have tinyDNS listen on the loopback is that dnscache is already listening on the Ethernet interface. We will set up dnscache to query tinyDNS when it needs to resolve zones for which tinyDNS is authoritative.

Let’s now run tinydns by creating the next symlink :

$ sudo ln -s /var/dnscache/tinydns /service/
$ sleep 5
$ svstat /service/*
/service/dnscache: up (pid 5772) 503 seconds 
/service/tinydns: up (pid 5945) 32 seconds

If you want to have log files live in /var/spool/dnscache instead of /etc/tinydns/log/main, edit /var/dnscache/tinydns/log/run, and replace “./main” with /var/log/tinydns

Now it works. Of course nothing is yet configured, but it works! For the next step we will configure the data file to announce the right routes.

Add entries in the DNS table

In our case, the domain name of our network is “knowledgeplaza.lan” and the DNS server has the IP 10.0.2.15. A mail server (MX) is also running on the same computer.

Add records:

cd /var/dnscache/tinydns/root
./add-ns knowledgeplaza.lan 10.0.2.15
./add-ns 2.0.10.in-addr.arpa 10.0.2.15
./add-mx knowledgeplaza.lan 10.0.2.15
./add-host ns.knowledgeplaza.lan 10.0.2.15
./add-alias mail.knowledgeplaza.lan 10.0.2.15
make

• add-ns : this configures the name-server
• add-mx : this configures the mail-server associated to the domain name
• add-host : this add a host to the domain knowledgeplaza.lan
• add-alias : this is if you want to add a second name to the same host (the same as CNAME for bind)
• make : is compiling the entries on your server

To apply the modifications, restart the services :

sudo svc -t /service/*

Link dnscache and tinydns together

To let dnscache know how to query tinyDNS for zones for which tinyDNS is authoritative, create the {/var/dnscache/dnscache/root/servers/knowledgeplaza.lan} file with the following line:

127.0.0.1

… followed by:

cp /var/dnscache/dnscache/root/servers/knowledgeplaza.lan /var/dnscache/dnscache/root/servers/2.0.10.in-addr.arpa

Refresh dnscache :

sudo svc -t /service/*

Configure ucspi-tcp

UCSPI defines a command-line structure and environment variable specifications for inter-process communications helper programs to make it easy to write clients and servers. It’s basically a replacement for inetd/xinetd, SunOS’ mconnect, socket, faucet/hose, netcat.

As before, we need to create two users :

useradd -d /var/dnscache -s /bin/false axfrdns
useradd -d /var/dnscache -s /bin/false axfrlog 

Create the config directory (where the IP is the address of the tindydns server):

axfrdns-conf axfrdns axfrlog /var/dnscache/axfrdns /var/dnscache/tinydns 127.0.0.1

Edit /var/dnscache/axfrdns/tcp to list hosts that are allowed to transfer zones:

10.0.2.15:allow,AXFR="knowledgeplaza.lan/2.0.10.in-addr.arpa"
:deny

Add axfrdns for svcan to handle:

ln -sf /var/dnscache/axfrdns /service 

Note: if you’re configuring a secondary name-server : From the remote host 10.0.2.16 acting as the secondary, perform a zone transfer:

cd /tmp
tcpclient 10.0.2.15 53 axfr-get internal data data.tmp

Voilà! The zone has been transfered into data. If the secondary is running BIND, you are on familiar ground.

Test the name-server (tinydns)

Here is how to systematically verify that tinydns is publishing the right IP address for a name: for example, that it is publishing IP address 10.0.2.15 for www.knowledgeplaza.lan.

First, check that the address is in /service/tinydns/root/data in tinydns-data format:

+www.knowledgeplaza.lan:10.0.2.15 

IP addresses can be assigned by + lines, = lines, @ lines, . lines, and & lines.

Second, use tinydns-get to check that the address is in /service/tinydns/root/data.cdb:

$ cd /service/tinydns/root 
$ tinydns-get a www.knowledgeplaza.lan 
answer: www.knowledgeplaza.lan 86400 A 10.0.2.15

although perhaps with a number other than 86400. Common reasons that this answer is missing or obsolete: you didn’t run make after changing data; you don’t have . lines (or Z lines) in data specifying relevant name servers.

If you want to check reverse lookups, replace a www.knowledgeplaza.lan with ptr 15.2.0.10.in-addr.arpa :

$ tinydns-get ptr 15.2.0.10.in-addr.arpa
answer: 15.2.0.10.in-addr.arpa 86400 PTR ns.knowledgeplaza.lan

Third, check that the IP address of tinydns is one of this computer’s addresses:

cat /service/tinydns/env/IP 
netstat -n -i 

Fourth, check that the tinydns service is up:

svstat /service/tinydns 

If tinydns-get reported more than 512 bytes, you also need TCP service; check that the axfrdns service is up.

Fifth, ask tinydns about the name:

dnsq a www.knowledgeplaza.lan 127.0.0.1

Here 127.0.0.1 is the IP addresses of your DNS name-server (tinydns). The output of dnsq should be identical to the previous output of tinydns-get.

Sixth, ask your DNS cache for the address:

dnsqr a www.knowledgeplaza.lan

If dnscache can’t find the address, the problem is almost certainly that the parent servers haven’t delegated the relevant domains to your tinydns. Read the log in /service/dnscache/log/main/current to see which servers dnscache is contacting and what information they are providing. For a thorough debugging scan, use dnstrace.

Do not use nslookup to test your DNS servers.

Configure clients

Now that your DNS server is working perfectly, it’s time to configure the other hosts of the network to use it. Therefor you need to specify to those clients to use the right dns-server.

Go into the /etc/resolv.conf file and setup the right entry of your DNS-server :

nameserver 10.0.2.15

Most likely if you are on Ubuntu (like me) this file will be automatically updated at each update of your network configuration. So if you want to make the configuration permantent you’ll need to modify the file /etc/dhcp3/dhclient.conf.

Backup the file first:

sudo cp /etc/dhcp3/dhclient.conf /etc/dhcp3/dhclient.conf.bak

Edit the /etc/dhcp3/dhclient.conf file and look for the following line:

#prepend domain-name-servers 127.0.0.1;

Remove the comment (#) and change it to:

prepend domain-name-servers 10.0.2.15;

Next, look for the domain-name-servers, and remove it:

prepend domain-name-servers 10.0.2.15;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name,
netbios-name-servers, netbios-scope;
#require subnet-mask, domain-name-servers;

Restart your network

sudo/etc/init.d/networking restart

check if the /etc/resolv.conf file has the right content :

cat /etc/resolv.conf

References

Here are some links to usefull websites over DNS and DJBdns :

• Comprendre, installer et configurer djbdns
• Official website of DJBdns
• Quick and dirty guide to DJBdns
• DJBdns intro
• Configurer tindydns (djbdns)
• DJBdns guide : Setup your own nameserver

Overview

djbdns is a DNS server which want to propose an alternative solution for BIND which is the warlord concerning DNS servers and which is widely used. The thing is that even if BIND is a very complete implementation of the DNS functionalities, it has a very heavy footprint which means that it’s not very flexible and usable on low-performance servers. On the other hand, DJBdns is optimized to have a very light footprint and very secure (instead of bind which is a lot less).

DJBdns developed by D.J. Bernstein, is oriented light and secure before its completeness. Moreover, the developer propose $1000 to the person who officially publish a security hole into his software. This is a good way to improve his software by motivating people to find bugs.

In this tutorial we will see how to install and use this lightweight DNS server. This tutorial was made on and works fine on Ubuntu 8.10 and 8.04. Because it’s not se easy to install, every step is detailed separately.

Your djbdns installation can be easy or hard. If you want it easy, it’s important to do it in the correct order:

1. Download source tarballs for daemontools, ucspi-tcp and djbdns
2. Install daemontools
3. Install ucspi-tcp
4. Install djbdns
5. Configure dnscache on an alias to the network card
6. Configure tinydns on the external IP
7. Link dnscache to tinydns

Daemontools and ucspi-tcp are systems that launch most DJB software, including djbdns. Daemontools is a system for launching daemons, very similar to the scripts in the /etc/rc.d tree. ucspi-tcp is a system for running background software, very similar to the inetd and xinetd systems on a normal Linux system. Daemontools and ucspi-tcp coexist with /etc/rc.d, inetd and xinetd perfectly.

Preparing the system

I suppose you had a bind server running on your computer before. If this is true, it means that the BIND software is running. DJBdns have to use the same resources than BIND so to avoid any conflict you need to shutdown and deactivate BIND :

sudo /etc/init.d/bind9 stop

Let’s also deactivate the load of the BIND software at start of the computer. So that the boot can load the right software on the right port:

sudo update-rc.d -f bind9 remove

(If you need to reactivate bind, you can use the following command : sudo update-rc.d bind9 default

Now that you did this you can begin the installation.

Download the source files

We will need a couple of files to run the installations of the several softwares. Let’s download them into a fresh created directory :

mkdir /home/user/djbdns
cd /home/user/djbdns
wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
wget http://installer-djbdns.ps2v.com/djbpatches.tar.gz

Now we can untar those files :

tar xvfz djbdns-1.05.tar.gz
tar xvfz daemontools-0.76.tar.gz
tar xvfz ucspi-tcp-0.88.tar.gz
mkdir patches
tar xvfz djbpatches.tar.gz
mv *.patch patches/

In the next steps you’ll need to compile those sources, so you’ll need to have all the C compilators and related tools. Be sure to install the package “build-essential”.

Install daemontools

• Howto of the official website

Let’s change directory into the directory of the daemontools sources :

cd /home/user/djbdns/admin/daemontools-0.76
sudo ./package/install

If you got the same error as me :

/lib/libc.so.6: could not read symbols: Bad value
collect2: ld returned 1 exit status
make: *** [envdir] Error 1
Copying commands into ./command...
cp: cannot stat `compile/svscan': No such file or directory

Then we need to apply a patch to the error.h file :

patch /home/user/djbdns/admin/daemontools-0.76/src/error.h /home/user/djbdns/patches/daemontools-0.76.errno.patch

You can reload the installation :

sudo ./package/install

Now it should work. And reboot the computer

At next start, test if svscan or svbootscan were loaded. If not, you’ll need to create a bootscript like explained in the next section. Otherwise you can skip the next section.

Boot the supervise daemon automatically

Now you need to add the svscan daemon to your boot procedure to load it at each startup of the computer. If you are on Ubuntu (like me) here there is the way to do this :

create/edit the daemontools startup file:

sudo vim /etc/event.d/svscanboot

put the contents of the following in the svscanboot file:

# svscan - DJB's daemontools
#
# This service starts daemontools (svscanboot) from the point the system is
# started until it is shut down again.

start on runlevel 2
start on runlevel 3
start on runlevel 4
start on runlevel 5

stop on shutdown

respawn
exec /usr/local/bin/svscanboot

DJB style installs (most likely) will use the following exec command:

exec /command/svscanboot

Validate the installation

check svscanboot:

sudo status svscanboot
svscanboot (stop) waiting

Let’s start it :

sudo start svscanboot
svscanboot (start) waiting
svscanboot (start) starting
svscanboot (start) pre-start
svscanboot (start) spawned, process 663
svscanboot (start) post-start, (main) process 663
svscanboot (start) running, process 663

check the status (this is a bit redundant given the above result) - you should see something like this:

$ sudo status svscanboot
svscanboot (start) running, process 663

Perfect, let’s go to the next step

Install ucspi-tcp

• Howto of the official website

Go into the directory with the sources and launch the compiling :

cd /home/user/djbdns/ucspi-tcp-0.88
make

You may encounter the same error as with daemontools and you’ll need to apply the patch to the error.h file :

patch /home/user/djbdns/ucspi-tcp-0.88/error.h /home/user/djbdns/patches/ucspi-tcp-0.88.errno.patch

Normally it should work this time. And after compiling just run the installation :

make
sudo make setup check

Install djbdns

As you go through the installation and configuration process, please keep notes of exactly what you did and exactly what the computer did. So if there is any problem we could help.

First go into the sources directory :

cd /home/user/djbdns/djbdns-1.05

Compile the djbdns programs:

echo gcc -O2 -include /usr/include/errno.h > conf-cc
make

The first line, modifying conf-cc, is necessary for some Linux systems, to work around a Linux bug. It can be skipped under BSD, Solaris, and other systems that comply with IEEE Std 1003.1-1990.

This time I didn’t got any error with compiling. But should it happen, again you can apply the patch to the error.h file :

patch /home/user/djbdns/djbdns-1.05/error.h /home/user/djbdns/patches/djbdns-1.05.errno.patch
make

As root, install the djbdns programs under /usr/local:

sudo make setup check

The second part of this tutorial explains how to configure the basis of DJBdns :

• DJBdns : How to configure and use DJBdns as DNS server (part II)

Installation of the IMAP server

Let’s begin with :

apt-get install courier-imap

Now courier-imap will be configurable into the /etc/courier/imapd file. There you can specify the port to use or the name of the path you want to use for the mail. By default the mail directory is called “Maildir” (you can modify it with the parameter MAILPATH=~/Maildir or MAILDIRPATH). To configure it for an user, go into the directory with the same privilege than the user :

cd /home/user
sudo -s -u user
maildirmake Maildir

Installation of the SMTP server

For postfix it’s quite simple, there is a user-friendly interface helping us to configure it :

sudo dpkg-reconfigure postfix

Choose the internet server :

Add the domain-name of your network (the same than for the DNS server)

In our case, don’t use procmail, we don’t need to have an anti-spam engine or so, so just reply no to the question.

For a local network is IPv4 more than enough.

Now we just need to add one line into the postfix configuration file /etc/postfix/main.cf to specify the user mail directory :

home_mailbox = ~/Maildir/

Test the mail server

First reload the server to enable the last modification of the configuration.

sudo /etc/init.d/postfix restart && sudo /etc/init.d/courier-imap restart && sudo /etc/init.d/courier-authdaemon restart

Install the tools we’ll need :

sudo apt-get install mailutils

Let’s send a mail to an existing user :

# mail user@knowledgeplaza.lan
Subject: this is a test message
hello foo bar
.
Cc: 

To quit the body of the mail you can do “CTRL+d” or add a “.” in an empty line.

Let’s check if the mail was correctly recieved :

ls /home/user/Maildir/new/

It should work.

Configure your favorite mail client

First we need to startup qemu with the right ports open. Otherwise it’ll be impossible to reach the virtual server. So add to que qemo command -redir tcp:5525::25 and -redir tcp:5514::143. Once done, go into your favorite mail client and create a new account with the following parameters :

• Email address : user@knowledgeplaza.lan (with your own hostname of course)
• IMAP server : 127.0.0.1
• IMAP port : 5514
• SMTP server : 127.0.0.1
• SMTP port : 5525
• Login : user
• Password : user unix password

Now it should work for the configured user.

More references:

• Serveur mail (documentation ubuntu)
• Serveur mail avec postfix et courier-imap (documentation ubuntu)
• Postfix (documentation ubuntu)