Postfix : “error writing message: File too large”

Sometimes we get some undelivered mails from our users. It shows "cannot update mailbox /var/mail/xxxx. error writing message: File too large".


To get rid of that problem I knocked google and found the following. 

Just put a line in postfix main.cf file.

virtual_mailbox_limit = 0


Lets see how it works.

:)

IPv6 Address Format

We know the IPv6 address size is 128 bits. The preferred IPv6 address representation is: x:x:x:x:x:x:x:x, where each x is the hexadecimal values of the eight 16-bit pieces of the address. IPv6 addresses range from 0000:0000:0000:0000:0000:0000:0000:0000 to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff.

In addition to this preferred format, IPv6 addresses might be specified in two other shortened formats:

Omit leading zeros

Specify IPv6 addresses by omitting leading zeros. For example, IPv6 address 2302:0000:0000:0000:0005:0000:300c:326b can be written as 2302:0:0:0:5:0:300c:326b

OR,

Double colon

Specify IPv6 addresses by using double colons (::) in place of a series of zeros. For example, IPv6 address 2302:0:0:0:5:0:300c:326b can be written as 2302::5:0:300c:326b

Mind it,

Double colons can be used only once in an IP address. So if you write the above address like below:

2302::5::300c:326b. ## This is wrong. Because of double colon appears twice here.

The loopback Address:

     IPv4 Format- 127.0.0.1/8

     IPv6 Format- ::1/128

We will discuss about the address type of IPv6 in next post.

Introduction to IPv6

IPv6 is the next and updated version of IPv4. The future addressing system of Internet. It has some very basic differences with IPv4. Let’s see what they are…

1. The first change is the address space. IPv4 is 32 bit and IPv6 is 128 bit.
2. As the subnet mask will be very difficult to calculate, we can always use it with CIDR notation everywhere.
3. It will be representing as follows with 8 slots and each slot contains 4 digits, each digit represents 4 bits of Hexadecimal value, separated with colon (:) not dot (.).
   
   xxxx : xxxx : xxxx : xxxx : xxxx : xxxx : xxxx : xxxx
   
   
4. IPv6 eliminates the need for DHCP server configuration. Because the IPv6 autoconfiguration feature automatically configures interface addresses and default routes for you. In stateless autoconfiguration, IPv6 takes the MAC address of the machine and a network prefix provided by a local router and combines these two addresses to create a new, which is a unique IPv6 address.
5. To make non-interrupted migration of IPv4 to IPv6 it supports concurrent and harmless parallel configurations on the same device. As a result you can run both IPv4 and IPv6 applications on same device.
6. Domain Name System (DNS) supports AAAA addresses and a new domain for reverse lookups, which is IP6.ARPA. The DNS retrieves IPv6 information. Where IPv4 supports A addresses/ A records.
7. The testing tools: ping, traceroute, netstat, nslookup already supports IPv6.

So these are the basic idea of IPv6. There are lots of more features of IPv6. We will discuss those in later posts.

webmail changepassword in linux

I was working with squirrelmail change password plugin on RHEL 5. Though it works, I know, but unfortunately it was not working on that day. I have tried all the possible ways but failed. Then I have to go for alternate way and did changepassword on that server. Here is how I did it.

Download it on your server.

wget  <the link for changepassword-0.9.tar.gz>

untar the file:

tar –zxvf  changepassword-0.9.tar.gz

Now enter the directory do the following steps (I have a cgi-bin dir in /var/www):

cd changepassword-0.9

./configure –help

./configure --enable-cgidir=/var/www/cgi-bin --disable-smbpasswd --disable-squidpasswd

make && make install

Now open the page with the follwing URL and change your password:

http://<your-server-IP>/cgi-bin/changepassword.cgi

To make easier for user we have to change the path:

mkdir /var/www/changepass

cd /var/www/changepass

vim index.html

## type the following lines in this file and save it ##

<HTML><HEAD>

<TITLE>Webmail Password change</TITLE>

<meta http-equiv="Refresh" content="0; URl=http://<your-server-ip>/cgi-bin/changepassword.cgi">

</HEAD><BODY>

</body>

</html>

Now restart the apache service and open the below URL:

http://<your-server-ip>/changepass/

htaccess (Apache Authentication)

Sometimes we may face problem with our webmail when the spam mails generated from it changing the from ID and from server itself (127.0.0.1).

In that case we may enforce a authentication to access our webmail. Lets see how we can do it.

Create a file:
vim /var/www/.htaccess


AuthType Basic
AuthName "Password Required"
AuthUserFile /var/www/webmail/.htpasswd
AuthGroupFile /dev/null
Require user test

Save and Exit.

Create another file:
vim /var/www/webmail/.htpasswd

Save and exit.

Edit the following file:
vim /etc/apache2/sites-available/default

Change AllowOverride None to AllowOverride All

Save and Exit.

Now create the password:
htpasswd -m /var/www/webmail/.htpasswd test

New password:
Re-type new password:

Now restart apache:
/etc/init.d/apache2 restart

Access your webmail address now.

Sample Script to reboot a telnet enabled device

This is a sample script for a device restart. You can run it in cron schedular. In my script my device is using 10.2.150.2 IP and its  password is:1234. To run this script I need a package named "expect"

Install expect:
apt-get install expect

Now create a file with your code.
vi /usr/local/bin/device-reboot


#!/usr/bin/expect -f

set timeout 5

# router password
set pass "1234"

# router IP address
set routerip "10.2.150.2"


# start telnet
spawn telnet $routerip

# send username & password
expect "Password:"  ### [the prompt should be like Password: in this step on your device]
send -- "$pass\r"


# execute command
expect ">"   ### [the prompt should be like > in this step on your device]
send -- "reboot\r"
# exit
expect ">"  ### [the prompt should be like > in this step on your device]
send -- "^D"

Save and close the file.

Now make it executable. 
#chmod 777 /usr/local/bin/device-reboot

You can include it in your cron schedular to reboot the device periodically.

Increase squirrelmail attachment size

By default Squirrel mail (webmail) has maximum attachment size limit 2MB. But in our daily mail transections we need to send large files as attachment.

To increase the attachment size edit /etc/php5/apache2/php.ini file.

#vi /etc/php5/apache2/php.ini

upload_max_filesize = 2M [increase the size as you need]

post_max_size = 20M [increase the size as you need]

save and close.

Now restart apache.
#/etc/init.d/apache2 restart

Kernel Neighbour table overflow

Sometimes we may see this kind of messages in /var/log/messages


Oct 31 11:15:38 mail kernel: [ 4897.071608] __ratelimit: 97 callbacks suppressed
Oct 31 11:15:40 mail kernel: [ 4898.932524] Neighbour table overflow.

The neighbour table is generally known as ARP table and the default value for gc_thresh1 is 128.

Check the present value with the following command and the result should be like this:

# cat /proc/sys/net/ipv4/neigh/default/gc_thresh1

128

the 128 value is not enough. We also need to change the gc_thresh2 (soft limit) and gc_thresh3 (hard limit) for this. 

To resolve this problem edit the /etc/sysctl.conf file and add the following lines there.

net.ipv4.neigh.default.gc_thresh1 = 4096

net.ipv4.neigh.default.gc_thresh2 = 8192
net.ipv4.neigh.default.gc_thresh3 = 8192
net.ipv4.neigh.default.base_reachable_time = 86400
net.ipv4.neigh.default.gc_stale_time = 86400

then check with #sysctl -P

Hope the problem will be solved. 

Connection error: Connection refused (111)

After installing the change password plugin when we try to change a password from webmail, we may see this error.

"Connection error: Connection refused (111)"

This is because the plugin is dependent to another package named "poppassd"

Just install it by the following command.

apt-get install poppassd

and restart the apace2 service. 

The problem will be solved.

Postfix SASL authentication with SMTP port 465

By default postfix SMTP works on 25 port. You can check this by following command with the output below:

#netstat -nat
tcp        0      0 0.0.0.0:25             0.0.0.0:*               LISTEN   


Here we will change the port to 465 with SASL authentication. It is useful technique to fight against spam. Users those travel here and there with their laptops need not to change their e-mail client software settings also.

Here is how we can do it.

1. Edit the file /etc/dovecot.conf and make sure your auth default section has the lines below.

auth default {
  socket listen {
    client {
 path = /var/spool/postfix/private/auth
 mode = 0660
 user = postfix
 group = postfix
    }
  }
  mechanisms = plain login
}


2. Edit /etc/postfix/main.cf, find the keys below and change its values as follows or add it at the bottom of the file if the key (the word before the = sign) cannot be found.
mynetworks = 127.0.0.0/8
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated, reject
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = permit_sasl_authenticated


3. Edit /etc/postfix/master.cf
Put hash before the following line.
#smtp      inet  n       -       -       -       -       smtpd
Remove hash from the following lines.
smtps     inet  n       -       -       -       -       smtpd

-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject


Restart postfix service
Restart dovecot service

Now check the port again with the command:

#netstat -nat

tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN

Check more with telnet:

#telnet localhost 465

Sender Access Check in Postfix

I am working with a Debian Linux server and Postfix is using as its MTA. To control unwanted sender access to use that MX please go for the following steps:


Add a line in main.cf file:
vim /etc/postfix/main.cf
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access



create sender_access file and give all the valid users account as following:

vim /etc/postfix/sender_access
user1@example.com      OK
user2@example.com      OK
and more.....

save and exit the file.

Run the following Command:

postmap /etc/postfix/sender_access



restart postfix service.
/etc/init.d/postfix restart


Check the mail log with non-listed user of sender_access file.
tail -f /var/log/mail.log

pop-before-smtp configuration with Postfix

pop-before-smtp configuration:-
At first install the following packages.

Step 1: apt-get install libtimedate-perl libnet-netmask-perl libberkeleydb-perl

Step 2:- apt-get install pop-before-smtp

Step 3:- vim /etc/pop-before-smtp/pop-before-smtp.conf

( unhash the following lines)

$logto = '/var/log/pop-before-smtp';
$dbfile = '/var/lib/pop-before-smtp/hosts';


and the 4 lines portion of the following

# For Dovecot POP3/IMAP when using syslog.
( unhash the following four  lines)

$pat = '^[LOGTIME] \S+ (?:dovecot: )?(?:imap|pop3)-login: ' .
   'Login: .*? (?:\[|rip=)[:f]*(\d+\.\d+\.\d+\.\d+)[],]';
$out_pat = '^[LOGTIME] \S+ (?:dovecot: )?(?:imap|pop3)-login: ' .
   'Disconnected.*? (?:\[|rip=)[:f]*(\d+\.\d+\.\d+\.\d+)[],]';


Now integrate with postfix.

vim /etc/postfix/main.cf

hash:/var/lib/pop-before-smtp/hosts (add this line with my networks)



restart pop-before-smtp
restart postfix

Checking log: tail –f /var/log/pop-before-smtp

Specific file extension block in postfix

How to block attachment file extension in Postfix (OS= Debian)?


vim /etc/postfix/main.cf


Add the following line.

mime_header_checks = regexp:/etc/postfix/mime_header_checks

Save and close the file.




Now open /etc/postfix/mime_header_checks file:

vim /etc/postfix/mime_header_checks

 Append following line:

/name=[^>]*\.(bat|exe|dll|eml|vbs)/ REJECT    ### File ext that you want to block ####

Save and close the file.



Restart Postfix service and check with mail log.

Root Password Recover (Debian)

To recover root password in debian:

1.       Reboot the Machine and wait for loading the GRUB menu.

2.       Select “single user mode” from the menu and press “e” from the keyboard.

3.       Select “kernel” line from the menu and press “e” from the keyboard.

4.       At the end of the line type: init=/bin/sh and press “enter”.

5.       While selecting “kernel” line press “b” from the keyboard.

6.       After booting type the following: mount –o remount, rw /

7.       Now type “passwd” command and choose your password.

8.     Reboot your server. 

Openwebmail redirect

vim /var/www/index.html <HTML><HEAD> <TITLE>Auto-Redirect Page for Open Webmail</TITLE> <meta http-equiv="Refresh" content="0; URL=http://192.168.1.1/cgi-bin/openwebmail/openwebmail.pl"> </HEAD><BODY> </body> </html>

Squirrelmail problem: Connection refused 111

Squirrelmail problem: Connection refused 111 First go to ./configure of squirrelmail select General Options make it >> 17. Disable secure forms         : true then save and exit now  apt-get install poppassd and apt-get install xinetd vim /etc/xinetd.d/poppassd service poppassd { disable = no socket_type             = stream wait                    = no user                    = root server                  = /usr/sbin/poppassd log_on_success          += USERID log_on_failure          += USERID }  /etc/init.d/xinetd restart

Squirrelmail index.html (Auto-Redirect)

vim /var/www/index.html

<HTML><HEAD>
<TITLE>Auto-Redirect Page for Webmail</TITLE>
<meta http-equiv="Refresh" content="0; URL=http://192.168.1.1/webmail/">
</HEAD><BODY>
</body>
</html>

Openwebmail Configuration

I used Debian 6.0.0 OS. At first we need apache. apt-get install apache2 Download openwebmail tar from internet. #wget http://www.openwebmail.org/openwebmail/download/release/openwebmail-2.53.tar.gz tar -zxvf openwebmail-2.53.tar.gz you will get to dirrectories named: "data" and "cgi-bin" cp -R cgi-bin/openwebmail  /usr/lib/cgi-bin/ cd data/ cp -R openwebmail  /var/www vim /usr/lib/cgi-bin/openwebmail/etc/openwebmail.conf Edit the following: domainnames             pijush.com auth_module             auth_unix.pl mailspooldir            /var/mail ow_cgidir               /usr/lib/cgi-bin/openwebmail ow_cgiurl               /cgi-bin/openwebmail ow_htmldir              /var/www/openwebmail ow_htmlurl              /openwebmail logfile                 /var/log/openwebmail.log vim /usr/lib/cgi-bin/openwebmail/etc/defaults/auth_unix.conf Edit the following: passwdfile_encrypted    /etc/shadow passwdmkdb              none vim /usr/lib/cgi-bin/openwebmail/etc/defaults/dbm.conf Edit the following: dbm_ext                 .pag dbmopen_ext             none dbmopen_haslock         no Install the following dependencies. apt-get install perl-suid apt-get install libhtml-template-perl cd /usr/lib/cgi-bin/openwebmail #chmod 4555 *.pl cd /var/www # chown -R www-data:www-data openwebmail cd /usr/lib/cgi-bin/openwebmail/etc/ #  chmod 777 sessions cd /usr/lib/cgi-bin/openwebmail # ./openwebmail-tool.pl --init