Wednesday, October 31, 2007

Corporate Mail Server

Fast Start with mail server.

In this article given an example setup and adjustments of post system on the basis of operational system Debian "Etch" with a following set of applications:

  • Postfix-SMTP

  • Saslauthd

  • Saslbd2

  • Cyrus-imap

  • Amavisd-new

  • Spamassasin

  • Clamav

First of all, for continuation of setup it is necessary to adjust an environment.
Add to /etc/apt/sources.list additional source for latest version of ClamAV
deb http://volatile.debian.org/debian-volatile etch/volatile main contrib
Further we shall update the list of packages:
apt-get update
On it all preparatory measures is finished. Let's establish necessary for work of a Mail Server packages.
apt-get install postfix libsasl2 libsasl2-modules sasl2-bin cyrus-imapd-2.2 cyrus-pop3d-2.2 cyrus-admin-2.2

Let's adjust a server of authorization saslauthd on use of a database of passwords sasldb2.
For this we shall edit a file /etc/default/saslauthd :
START=yes
MECHANISMS="sasldb"
and start the service /etc/init.d/saslauthd start
Now we shall check up correctly it works, but for the beginning it is necessary to add even one user:

mailserver:~# saslpasswd2 test
Password:
Again (for verification):
mailserver:~# sasldblistusers2
test@mailserver: userPassword
mailserver:~# testsaslauthd -u test -p test

If you have received the message "0: OK "Success." Means everything is all right.
If authorization has not passed- check file
/var/log/auth.log
Now We need to transfer socket of saslauthd to "cherooted" working directory of postfix /var/spool/postfix/ make this by editing /etc/fstab
/var/run/saslauthd /var/spool/postfix/var/run/saslauthd none rw,bind 0 0
Also it is necessary make directory where we shall mount a socket of saslauthd:
mkdir -p /var/spool/postfix/var/run/saslauthdmount /var/run/saslauthd
Now we shall configure postfix for use sasl authorizations:
edit /etc/postfix/main.cf:
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_authenticated_header = yes
smtpd_sasl_application_name = smtpd

Now we forbid to send mail through ours SMTP without authorization,
For this purpose we shall create a file
/etc/postfix/sasl/smtpd.conf with following contents:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Restart the Postfix server and let's closely see following files for mistakes:

  1. /var/log/mail.err

  2. /var/log/mail.info

  3. /var/log/mail.warn

  4. /var/log/mail.log

That "to be friends" saslauthd and postfix it is necessary to execute the following:
adduser postfix sasl

Cyrus-imapd: cyrus will be engaged in rreceive of mail from postfix, sorting it on folders and granting to it of access to users.

Let's edit a file /etc/imapd.conf

admins: cyrus
allowplaintext: yes
sasl_mech_list: PLAIN
sasl_pwcheck_method: saslauthd auxprop
sasl_auxprop_plugin: sasldb

Pay attention, cyrus the same as and saslauthd, it is necessary to cooperate with postfix, therefore they need to be made available each other. We take advantage of already known mechanism (by editing /etc/fstab):

/var/run/cyrus /var/spool/postfix/var/run/cyrus none rw,bind 0 0

It is not forgotten to create a folder for cyrus:

mkdir -p /var/spool/postfix/var/run/saslauthd
mkdir -p /var/spool/postfix/var/run/cyrus
mount /var/spool/postfix/var/run/saslauthd
mount /var/spool/postfix/var/run/cyrus

mount /var/run/cyrus

Now we give an opportunity cyrus to take away mails at postfix by editing /etc/postfix/main.cf :
mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
local_recipient_maps =

Let's add our Mail Server to lmtp group:
addgroup lmtp
adduser postfix lmtp

and make following:
dpkg-statoverride --remove /var/run/cyrus/socket
dpkg-statoverride --force --update --add cyrus lmtp 750 /var/run/cyrus/socket

Names and passwords are stored in a format which is distinct from system, it is necessary to specify the given option. Above mentioned added options "local_recipient_maps =" It means " to accept letters for any addressee ". We add the user cyrus in our base of registration records:
saslpasswd2 -c cyrus

Enter password, and restart the services:
/etc/init.d/postfix restart
/etc/init.d/cyrus2.2 restart
/etc/init.d/saslauthd restart

By this moment can already receive and send mails, create and delete folders on an IMAP-server, establish quotas and access rights on folders means of the utility cyradm. As all the further actions on adjustment for testing will demand to send and receive mail, I result the brief instruction on creation of IMAP accounts (mailboxes).



saslpasswd2 –c
cyradm –user cyrus localhost
localhost>cm user.
localhost>cm user..INBOX
localhost>cm user..Sent
localhost>cm user..Spam
localhost>cm user..Draft
localhost>cm user..Trash



"Be protected, sir". It is necessary to protect itself from a spam and viruses

Let's start installation:
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip unarj unrar bzip2
And make some changes to configuration files amavisd:

Edit /etc/amavis/conf.d/50-user

use strict;
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
$virus_quarantine_to = 'undef';
$sa_local_tests_only = 0;
@inet_acl = qw( 127.0.0.1 [::1] xxx.xxx.xxx.xxx );
#------------ Do not modify anything below this line -------------
1; # insure a defined return

Edit /etc/amavis/conf.d/20-debian_defaults

use strict;
$QUARANTINEDIR = '/var/lib/amavis/virusmails';

$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug'; # switch to info to drop debug output, etc
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
$inet_socket_port = 10024; # default listenting socket
$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
##$sa_tag_level_deflt = -999;
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
##$sa_kill_level_deflt = 999;
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?

# Quota limits to avoid bombs (like 42.zip)
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes

### DM ####
$final_virus_destiny = D_REJECT; # (defaults to D_BOUNCE)
$final_banned_destiny = D_REJECT; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
[qr'^(EICAR|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
[qr/.*/ => 1], # true by default (remove or comment-out if undesired)
);

$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default
# Leave empty (undef) to add no header
$X_HEADER_LINE = "Debian $myproduct_name at $mydomain";

@viruses_that_fake_sender_maps = (new_RE(
[qr'\bEICAR\b'i => 0], # av test pattern name
[qr/.*/ => 1], # true for everything else
));
@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$', # retain full original message for virus checking (can be slow)
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data', # don't trust Archive::Zip
));

# for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample
$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components

# block certain double extensions anywhere in the base name
qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Windows Class ID CLSID, strict

qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,

# qr'^application/x-msmetafile$'i, # Windows Metafile MIME type
# qr'^\.wmf$', # Windows Metafile file(1) type

# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types

# [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed
# [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives

qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
# wmf|wsc|wsf|wsh)$'ix, # banned ext - long

# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.

qr'^\.(exe-ms)$', # banned file(1) types
# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm
# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
@score_sender_maps = ({ # a by-recipient hash lookup table,
# results from all matching recipient tables are summed
# ## per-recipient personal tables (NOTE: positive: black, negative: white)
# 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}],
# 'user3@example.com' => [{'.ebay.com' => -3.0}],
# 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0,
# '.cleargreen.com' => -5.0}],
## site-wide opinions about senders (the '.' matches any recipient)

'.' => [ # the _first_ matching sender determines the score boost

new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],
[qr'^(your_friend|greatoffers)@'i => 5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
),
# read_hash("/var/amavis/sender_scores_sitewide"),
{ # a hash-type lookup table (associative array)
'nobody@cert.org' => -3.0,
'cert-advisory@us-cert.gov' => -3.0,
'owner-alert@iss.net' => -3.0,
'slashdot@slashdot.org' => -3.0,
'securityfocus.com' => -3.0,
'ntbugtraq@listserv.ntbugtraq.com' => -3.0,
'security-alerts@linuxsecurity.com' => -3.0,
'mailman-announce-admin@python.org' => -3.0,
'amavis-user-admin@lists.sourceforge.net'=> -3.0,
'amavis-user-bounces@lists.sourceforge.net' => -3.0,
'spamassassin.apache.org' => -3.0,
'notification-return@lists.sophos.com' => -3.0,
'owner-postfix-users@postfix.org' => -3.0,
'owner-postfix-announce@postfix.org' => -3.0,
'owner-sendmail-announce@lists.sendmail.org' => -3.0,
'sendmail-announce-request@lists.sendmail.org' => -3.0,
'donotreply@sendmail.org' => -3.0,
'ca+envelope@sendmail.org' => -3.0,
'noreply@freshmeat.net' => -3.0,
'owner-technews@postel.acm.org' => -3.0,
'ietf-123-owner@loki.ietf.org' => -3.0,
'cvs-commits-list-admin@gnome.org' => -3.0,
'rt-users-admin@lists.fsck.com' => -3.0,
'clp-request@comp.nus.edu.sg' => -3.0,
'surveys-errors@lists.nua.ie' => -3.0,
'emailnews@genomeweb.com' => -5.0,
'yahoo-dev-null@yahoo-inc.com' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'clusternews@linuxnetworx.com' => -3.0,
lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0,
lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

# soft-blacklisting (positive score)
'sender@example.net' => 3.0,
'.example.net' => 1.0,
},
], # end of site-wide tables
});
1; # insure a defined return

Add user clamav to group amavis:
adduser clamav amavis
Now we force postfix to give mail for check to antivirus,
Add to file
/etc/postfix/master.cf
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
As add in the end of file /etc/postfix/main.cf :
content_filter=smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

Restart the Postfix it also look there are no error in a logfile
/etc/init.d/postfix restart
tail /var/log/mail.log

Let's still more some tools and we adjust spamassassin:
apt-get install razor pyzor dcc-client

Edit file /etc/spamassassin/local.cf
(take into consideration difference between version 3.0. and 3.1. We review 3.1)

# rewrite_header Subject *****SPAM*****
# report_safe 1
# trusted_networks 10.0.1.
# lock_method flock
# dcc
use_dcc 1
#pyzor
use_pyzor 1
#razor
use_razor2 1
#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1

and uncoment follow line in file /etc/spamassassin/v310.pre :
loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::Razor2
loadplugin Mail::SpamAssassin::Plugin::AntiVirus

Now it is necessary to allow spamassassin to be started:

Edit /etc/default/spamassassin :
ENABLED=1

And restart following services:

  • /etc/init.d/clamav-freshclam restart

  • /etc/init.d/clamav-daemon restart

  • /etc/init.d/spamassassin restart

  • /etc/init.d/amavis restart

  • /etc/init.d/postfix restart


The theme of setup and maintains of a MailServer under Linux can be developed infinitely, :-)
but in this article it is considered fast and easy way of install and configure of corporate Mail Server with IMAP access and antispam antivirus protection.

P.S.
All of the credentials are sent in cleartext which means they can be sniffedm the wire.
... What about TLS ?




Tuesday, October 30, 2007

DNSBL server for Postfix

Personal DNSBL(RBL) server for Postfix

In this article described an example of installation and configuring local DNSBL (RBL) server,
for subsequent using it in the POSTFIX. For the simplicity DNSBL-server, DNS-server BIND and Postfix are being deployed altogether on one machine. The following software is being used in this example: Debian Linux, rbldnsd, BIND, rblcheck and Postfix.

* Configuring rbldnsd
* Configuring of DNS-Server BIND
* Configuring Postfix
* Checking

1) Configuring rbldnsd

First of all rbldnsd is being installed:

# apt-get install rbldnsd rblcheck

Everything is very simple
Further we need to download several DNSBL-zones from internet sites that manage it. For this purpose we will use included in Debian Linux software "rsync"

# rsync -tvPz rsync.dsbl.org::dsbl/rbldns-list.dsbl.org /var/db/rbldnsd/rbldns-list.dsbl.org
# rsync -tvPz rsync-mirrors.uceprotect.net::RBLDNSD-ALL/dnsbl-1.uceprotect.net
/var/db/rbldnsd/dnsbl- 1.uceprotect.net
# rsync -tvPz rsync.spamcannibal.org::zonefiles/bl.spamcannibal.org.in.ip4set.rbl
/var/db/rbldnsd/bl.spamcannibal.org.in.ip4set.rbl

It will be more than enough for the beginning - in "useful links" you may find some additional sites
that allow free access to their DNSBL-lists.
Continue with configuring of rbldnsd in the file /etc/default/rbldnsd:

RBLDNSD="dnsbl -r /var/db/rbldnsd -b 127.0.0.1/530 \
list.dsbl.org:ip4tset:rbldns-list.dsbl.org \
dnsbl-1.uceprotect.net:ip4tset:dnsbl-1.uceprotect.net \
rbl.spamcannibal.org:ip4set:bl.spamcannibal.org.in.ip4set.rbl \
"
Pay attention, that rbldnsd will use UDP-port 530, because UDP-port 53 will remain free for BIND.
Right now let launch rbldnsd and let add it to run level by default.

# /etc/init.d/rbldnsd start

2) Setting up DNS-Server-BIND

Installing
# apt-get install bind


Configuring the following file "/etc/bind/named.conf"

zone "list.dsbl.org" IN {
type forward;
forward first;
forwarders {
127.0.0.1 port 530;
};
};

zone " dnsbl-1.uceprotect.net" IN {
type forward;
forward first;
forwarders {
127.0.0.1 port 530;
};
};

zone "rbl.spamcannibal.org " IN {
type forward;
forward first;
forwarders {
127.0.0.1 port 530;
};
};

- this way we will point BIND to address regarding specified zones to our rbldnsd which is listening on
UDP-port 530 . Let's start BIND add it to run level by default.
# /etc/init.d/named start

Don`t forget to edit "/etc/resolv.conf" for addressing to our local BIND

nameserver 127.0.0.1

3) Configuring Postfix

We are consuming that Postfix already installed and basically configured. We will edit only one section in the following file: "/etc/postfix/main.cf"

smtpd_sender_restrictions =
reject_rbl_client list.dsbl.org,
reject_rbl_client dnsbl-1.uceprotect.net,
reject_rbl_client rbl.spamcannibal.org

We will add only the following lines: reject_rbl_client ..., - Let's consume that you already configured
all other restrictions and rejections.


let launch Postfix and let add it to run level by default.

# /etc/init.d/postfix start

4) Check out

For the check out very simple and comfortable to set up rblcheck software

For instance, let's grab IP address from file DNSBL of DSBL-zone.

# tail -n1 /var/db/rbldnsd/rbldns-list.dsbl.org
1.2.3.4

(the address is fake here) and lets check if our rbldnsd server will consider it as a spam:

# rblcheck -s l27.0.0.1 1.2.3.4
1.2.3.4 RBL filtered by bl.dsbl.org

-Yes, the answer is positive ! In case that IP address is missing from current DNSBL-zone, so answer will be
- not RBL filtered by -

Very simple, easy and short. As far as you see there is nothing complicated to set up and configure your own dedicated DNSBL server for using it with group of mail server and not only...



Friday, October 26, 2007

Samba and SSHFS


Sharing remote file system via Samba
In given article reviewed example installation and configuration "Fuse" for sharing via Samba file system of other server.

From the beginning I use Samba as a gateway to export NFS volumes of other server to Windows clients.
I am using FreeBSD as NFS server and another Linux box (Debian) to mount the remote NFS volume locally, and this box also runs Samba3, export the local directory (on which the NFS volume is mounted) as CIFS shares.
My problem is that when using smbclient to access the CIFS share, I can get a directory listing, but after connecting I received “Error in dskattr: code 0” . If access from Windows clients, it takes a long time to display the directory contents, and then the Explorer window will keep hanging.
I've found other solution instead of NFS. What if I connected to the remote machines via SSHFS on FreeBSD machine and then shared the mounted directories via Samba on Linux machine ??
...So, We going to install SSHFS on Linux box (Debian in my case).
apt-get install sshfs
If You need mount directory as a regular user, you need to be added to the "fuse" group, which the package created:
adduser your-username fuse
Create a file at /etc/fuse.conf
touch /etc/fuse.conf
Put the following line in /etc/fuse.conf:
echo “user_allow_other” > /etc/fuse.conf
now I try to mount remote file system
sshfs root@192.168.0.1:/remotefolder /data/localfolder
and then receive ......failure:
fuse device not found, try 'modprobe fuse' first FATAL: Module fuse not found.
I found that needed to create a module for the kernel “fuse” . for installing fuse-source add following source to your Apt source.list:
deb http://ftp.de.debian.org/debian lenny main
apt-get update
apt--get install fuse-source
apt-get install dpatch ### Dependences
apt-get install module-assistant ### Dependences
apt-get install kernel-headers-`uname -r` ### Dependences
apt-get install kernel-source-`uname -r` ### Dependences
module-assistant build fuse #### Build module from source
m-a install fuse-source #### Installing module
Before loading the fuse kernel module, create the device node manually:
mknod -m 666 /dev/fuse c 10 229
modprobe fuse #### Loading the fuse kernel module
At this point You can rerun mounting : sshfs root@192.168.0.1:/remotefolder /data/localfolder




Postfix - second instance

How-To run Postfix second instance

Adding a second Postfix instance
1.Add new IP address to the server.
2.Copy /etc/postfix to /etc/postfix_new_instance cp ­rp /etc/pstfix /etc/postfix_new_instance
3.Create an additional spool directory /var/spool/postfix_new_instance
4.Edit the new config files (/etc/postfix_new_instance/main.cf):
a) add queue_directory = /var/spool/postfix_new_instance
b) add inet_interfaces = xxx.xxx.xxx.xxx (127.0.0.1 not need)
mynetwork = xxx.xxx.xxx.xxx
c)myhostname = .... , mydomain = ..... , myorigin = $mydomain
d)mydestination = $myhostname, $mydomain
5.Edit the old config file (/etc/postfix/main.cf)
add inet_interfaces = 127.0.0.1 , xxx.xxx.xxx.xxx all needed IP's
(don't forget 127.0.0.1 !!!!)
6.Let Postfix create the appropriate subdirectories and permissions:
postfix ­c /etc/postfix_new_instance check
cp ­rp /var/spool/postfix/etc /var/spool/postfix_new_instance
cp ­rp /var/spool/postfix/usr /var/spool/postfix_new_instance
cp ­rp /var/spool/postfix/lib /var/spool/postfix_new_instance
7.Create startup script for secondary instance:
cd /etc/init.d/
touch postfix_new_instance
paste in fail
#!/bin/sh
# Start or stop second Postfix Instances
PATH=/bin:/usr/bin:/sbin:/usr/sbin
DAEMON=/usr/sbin/postfix
NAME=Postfix
case "$1" in
start)
echo ­n "Starting mail transport agent: Postfix­priv"
$DAEMON ­c /etc/postfix_new_instance start 2>&1 |
(grep ­v 'starting the Postfix' 1>&2 || /bin/true)
echo "."
;;
stop)
echo ­n "Stopping mail transport agent: Postfix­out"
$DAEMON ­c /etc/postfix_new_instance stop 2>&1 |
(grep ­v 'stopping the Postfix' 1>&2 || /bin/true)
echo "."
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: /etc/init.d/postfix_new_instance {start|stop|restart}"
exit 1
;;
esac
exit 0
8.pwd ­> /etc/init.d Ok. !
9. update­rc.d postfix_new_instance defaults
Adding system startup for /etc/init.d/postfix_priv ...
/etc/rc0.d/K20postfix_new ­> ../init.d/postfix_new
/etc/rc1.d/K20postfix_new ­> ../init.d/postfix_new
/etc/rc6.d/K20postfix_new ­> ../init.d/postfix_new
/etc/rc2.d/S20postfix_new ­> ../init.d/postfix_new
/etc/rc3.d/S20postfix_new ­> ../init.d/postfix_new
/etc/rc4.d/S20postfix_new ­> ../init.d/postfix_new
/etc/rc5.d/S20postfix_new ­> ../init.d/postfix_new
/etc/init.d/postfix restart
/etc/init.d/postfix_new_instance start



Curiculum Vitae

Talented, results-driven Unix oriented System Administrator, with extensive background in
Systems and network Engineering, Design, Support, and Installation. Proven ability to design and implement large-scale network and system infrastructures at the national and global levels.
Adept at determining requirements, project scheduling, and technology planning.

QUALIFICATIONS

Install configure and patch Linux (such as Debian, SuSE), FreeBSD Operating System.
Build, install, and configure complex Open Source software.
Create and maintain scripts of various kinds. (Perl, PHP, Bash, Ksh).
Ability to code/troubleshoot low-complexity web-applications in PHP, Perl.
Develop web-based and console tools that assist other teams in configuring and maintain services.
Manipulate data and log files to provide extensive statistical reporting.
Execute new system roll-outs, migrations and modifications.
VMWare, architecture/design and network experience. Install and configure GSX, ESX.
Hight skill level in hardware design, diagnosis, repair / upgrade, strong troubleshooting abilities
and electronic repair.
Network professional (CCNA level).Good knowledge of Protocol Stacks / OSI model
(TCP/IP, HTTP, STP, RSTP, RIP,OSPF, etc)
Fast self-learner.