openbsd, postfix, sasl, mysql for smtp authentication

In this post i will share my configuration openbsd-postfix for smtp authentication with username/password which saved on mysql database. I use postfix virtual user for postfixadmin username/password for authenticate to this smtp, assume you have openbsd-postfix with mysql virtual user on your system.

1. installing courier-authdaemon
   # pkg_add -n courier-authlib-mysql-0.58p2.tgz
   Pretending to add tcl-8.4.19
   Pretending to add expect-5.43.0p0-no_tk
   Pretending to add courier-authlib-0.58p3
   
   # pkg_add courier-authlib-mysql-0.58p2.tgz
   
   
2. configure authdaemon for mysql
   # vim /etc/courier/authdaemonrc
   --> change
   authmodulelist="authuserdb authpwd authpgsql authldap authmysql authpipe"
   to authmodulelist="authmysql"
   --> change
   authmodulelistorig="authuserdb authpwd authpgsql authldap authmysql authpipe"
   to authmodulelistorig="authmysql"
   
   # vim /etc/courier/authmysqlrc
   MYSQL_SERVER localhost
   MYSQL_USERNAME postfix
   MYSQL_PASSWORD postfixpassword
   MYSQL_SOCKET /var/run/mysql/mysql.sock
   MYSQL_DATABASE postfix
   MYSQL_USER_TABLE mailbox
   MYSQL_CLEAR_PWFIELD password
   MYSQL_UID_FIELD 1000
   MYSQL_GID_FIELD 1000
   MYSQL_LOGIN_FIELD username
   MYSQL_HOME_FIELD "/var/_mail"
   MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(username,'@',-1),'/',SUBSTRING_INDEX(username,'@',1),'/')
   MYSQL_QUOTA_FIELD quota
   
   # vim /etc/rc.local
   mkdir -p /var/run/courier-auth/
   /usr/local/sbin/authdaemond start
   
   
3. re-install postfix with sasl2-mysql, don't forget patch with postfix-VDA
   # cd /usr/ports/mail/postfix/stable/
   # make fetch
   # cd /usr/ports/distfiles/postfix/
   # wget http://vda.sourceforge.net/VDA/postfix-2.6.1-vda-ng.patch.gz
   # gunzip postfix-2.6.1-vda-ng.patch.gz
   # tar zxvf postfix-2.6.1.tar.gz
   # cd postfix-2.6.1
   # patch -p1 < ../postfix-2.6.1-vda-ng.patch
   # cd ..
   # tar zcvf postfix-2.6.1.tar.gz postfix-2.6.1
   # cd /usr/ports/mail/postfix/stable/
   # make makesum
   # env FLAVOR="sasl2 mysql" make install
   # postfix stop
   # postfix start
   
   
4. configure smtp.conf in sasl2 with mysql authentication
   # vim /usr/local/lib/sasl2/smtpd.conf
   pwcheck_method: saslauthd auxprop
   auxprop_plugin: sql
   mech_list: PLAIN LOGIN
   sql_engine: mysql
   sql_user: postfix
   sql_passwd: postfixpassword
   sql_hostnmame: localhost
   sql_database: postfix
   sql_select: select password from mailbox where username='%u@%r'
   sql_verbose: true
   debug_level:7
   
   
5. configure postfix support sasl2
   # vim /etc/postfix/main.cf
   smtpd_recipient_restrictions =
   permit_mynetworks,
   reject_unauth_destination,
   reject_non_fqdn_recipient,
   reject_non_fqdn_sender,
   reject_unknown_recipient_domain,
   check_policy_service inet:127.0.0.1:10030,
   reject_rbl_client bl.spamcop.net,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dnsbl.sorbs.net,
   reject_rbl_client b.barracudacentral.org,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client sbl-xbl.spamhaus.org,
   reject_rbl_client bl.spamcannibal.org,
   reject_rbl_client multi.uribl.com,
   reject_rbl_client dsn.rfc-ignorant.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client ix.dnsbl.manitu.net,
   reject_rbl_client combined.rbl.msrbl.net,
   reject_rbl_client rabl.nuclearelephant.com,
   permit_sasl_authenticated
   permit
   broken_sasl_auth_clients = yes
   smtpd_sasl_auth_enable = yes
   smtpd_sasl_local_domain =
   smtpd_sasl_security_options = noanonymous
   
   
6. restart postfix
   # postfix reload
   
   
7. test smtp
   --> test it using outlook express and set smtp authentication enable, set your email_address as username and email_password as password
   
   

hope this post can help....

OpenBSD as mail Filter

assume u have openbsd installation with postfix running, this post will give short mail filter configuration which i like. Here we will use SpamAssassin as antispam and spampd proxy interface, clamav as antivirus and clamsmtp for the interface, and postgrey as grey listing filter.

1. installing postgrey using package
   # pkg_add postgrey-1.32p0.tgz
   
   
2. configuring postgrey
   --> add this line check_policy_service inet:127.0.0.1:10030,
   # vim /etc/postfix/main.cf
   smtpd_recipient_restrictions =
   permit_mynetworks,
   reject_unauth_destination,
   reject_non_fqdn_recipient,
   reject_non_fqdn_sender,
   reject_unknown_recipient_domain,
   check_policy_service inet:127.0.0.1:10030,
   reject_rbl_client bl.spamcop.net,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dnsbl.sorbs.net,
   reject_rbl_client b.barracudacentral.org,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client sbl-xbl.spamhaus.org,
   reject_rbl_client bl.spamcannibal.org,
   reject_rbl_client multi.uribl.com,
   reject_rbl_client dsn.rfc-ignorant.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client ix.dnsbl.manitu.net,
   reject_rbl_client combined.rbl.msrbl.net,
   reject_rbl_client rabl.nuclearelephant.com,
   permit_sasl_authenticated
   permit
   
   
3. postgrey startup script
   # vim /etc/rc.local
   ### postgrey
   /usr/local/libexec/postgrey -d --inet=10030 --greylist-text="Temporary Blocked, try again after a minute" --auto-whitelist-clients
   :wq!
   
   
4. installing SpamAssassin from package
   --> remember dependencies
   # pkg_add -n p5-Mail-SpamAssassin-3.2.5p1.tgz
   Pretending to add re2c-0.13.5
   Pretending to add p5-Mail-SPF-Query-1.999.1p2:p5-Net-CIDR-Lite-0.20
   Pretending to add p5-Mail-SPF-Query-1.999.1p2:p5-Sys-Hostname-Long-1.4p0
   Pretending to add p5-Mail-SPF-Query-1.999.1p2:p5-URI-1.37
   Pretending to add p5-Mail-SPF-Query-1.999.1p2
   Pretending to add p5-IO-Socket-INET6-2.56p0:p5-Socket6-0.22
   Pretending to add p5-IO-Socket-INET6-2.56p0
   Pretending to add gnupg-1.4.9
   Pretending to add p5-IO-Socket-SSL-1.22:p5-Net-SSLeay-1.35
   Pretending to add p5-IO-Socket-SSL-1.22
   Pretending to add p5-HTML-Parser-3.56p0:p5-HTML-Tagset-3.20
   Pretending to add p5-HTML-Parser-3.56p0
   Pretending to add p5-libwww-5.805p1:p5-Crypt-SSLeay-0.57p0
   Pretending to add p5-libwww-5.805p1:libghttp-1.0.9p1
   Pretending to add p5-libwww-5.805p1:p5-HTTP-GHTTP-1.07p1
   Pretending to add p5-libwww-5.805p1
   Pretending to add p5-Mail-SpamAssassin-3.2.5p1
   # pkg_add p5-Mail-SpamAssassin-3.2.5p1.tgz
   
   
5. configruing SpamAssassin with SARE-Rule
   # vim /etc/mail/spamassassin/local.cf
   report_safe 0
   required_score 8.0
   use_bayes 1
   bayes_path /var/db/spamassassin/bayes
   auto_whitelist_path /var/db/spamassassin/autowhitelist
   
   skip_rbl_checks 0
   use_razor2 1
   use_pyzor 0
   dns_available yes
   score DCC_CHECK 4.000
   score SPF_FAIL 10.000
   score SPF_HELO_FAIL 10.000
   score RAZOR2_CHECK 2.500
   score BAYES_99 5.000
   score BAYES_95 4.500
   score BAYES_80 3.500
   :wq!
   
   # pkg_add razor-agents-2.85.tgz
   # sa-update
   # wget http://saupdates.openprotect.com/pub.gpg
   # sa-update --import pub.gpg
   # sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com
   # crontab -e
   0 0 * * * sa-update --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spamassassin.org && /usr/local/bin/spamassassin --lint
   
   
6. download spampd proxy
   # wget http://www.worlddesign.com/Content/rd/mta/spampd/spampd-2.30.tar.gz
   # tar zxvf spampd-2.30.tar.gz
   # mv spampd /usr/local/sbin/
   # cd /usr/local/sbin/
   # vim spampd
   --> change some configuration to this
   my $relayport = 10032;
   my $port = 10031;
   my $user = '_spamdaemon';
   my $group = '_spamdaemon';
   my $tagall = 1;
   :wq!
   
   
7. configuring spampd proxy and postfix for after queue
   # vim /etc/postfix/main.cf
   content_filter = spampd:[127.0.0.1]:10031
   header_checks = regexp:/etc/postfix/header.check
   
   # vim /etc/postfix/master.cf
   spampd unix - - n - 30 smtp
   127.0.0.1:10032 inet n - n - 30 smtpd
   -o content_filter=clamsmtpd:[127.0.0.1]:10033
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o myhostname=penyu.solonet.co.id
   -o smtpd_helo_restrictions=
   -o smtpd_client_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks=127.0.0.0/8
   
   # vim /etc/postfix/header.check
   /X-Spam-Level:[ \t]\*{8,}/ DISCARD
   
   
8. spampd proxy startup script
   # vim /etc/rc.local
   ###spampd 10031
   /usr/local/sbin/spampd --aw
   :wq!
   
   
9. installing clamav from ports
   # cd /usr/ports/security/clamav/
   # make install
   # vim /etc/clamd.conf
   --> remove Example line
   --> change to this
   LocalSocket /var/run/clamd.socket
   :wq!
   
   # vim /etc/freshclam.conf
   --> remove Example line
   :wq!
   
   
10. update antivirus database
    # freshclam
    # crontab -e
    0 0 * * * sa-update --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spam
    assassin.org && /usr/local/bin/spamassassin --lint && /usr/local/bin/freshclam
    
    
11. installing clamsmtpd from ports
    # cd /usr/ports/mail/clamsmtp/
    # make install
    
    
12. configure clamsmtpd
    # vim /etc/clamsmtpd.conf
    OutAddress: 10034
    Listen: 0.0.0.0:10033
    ClamAddress: /var/run/clamd.socket
    
    
13. clamsmtpd startup script
    # vim /etc/rc.local
    ###clamd 10033
    /usr/local/sbin/clamd
    /usr/local/sbin/clamsmtpd
    :wq!
    
    
14. configure clamsmtpd and postfix
    # vim /etc/postfix/master.cf
    ### Clamd with ClamSTMP
    clamsmtpd unix - - n - 30 smtp
    -o smtp_send_xforward_command=yes
    -o smtp_enforce_tls=no
    127.0.0.1:10034 inet n - n - 30 smtpd
    -o header_checks=regexp:/etc/postfix/clamsmtpd.check
    -o content_filter=
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks_style=host
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
    :wq!
    

now restart server, and done. hope this help

bridging on openbsd

this is little stuff to make bridging in openbsd

# ifconfig bridge0 create
# brconfig bridge1 add sk0
# brconfig bridge1 add sk1
# brconfig bridge1 up

now you have bridging in your openbsd and giving it rule,
# brconfig bridge1 rule block in on sk0 src 00:e0:4c:78:40:67
--> it will block all packet from host have mac-address 00:e0:4c:78:40:67 which connect from sk0 interface

# brconfig bridge1 rule pass in on sk0 src 00:e0:4c:78:40:67 tag CLIENT
# vim /etc/pf.conf
--> add this line
block in on sk0 from 192.168.0.2 to any tagged CLIENT
# pfctl -f /etc/pf.conf
# pfctl -e
--> that's will tagged host with mac-address 00:e0:4c:78:40:67 using CLIENT name, blocking it using pf if CLIENT have ip 192.168.0.2

for startup bridging, use this
# vim /etc/bridgename.bridge0
add sk0
add sk1
up
:wq!


i hope this stuff can help

postfix, Mysql virtual domain on OepnBSD 4.5

I assume you have been installing postfix in openbsd and running well as smtp server, here i will give litle bit configuration to make that postfix can save virtual domain and user in mysql database. What we really need is mysql-server installation, i assume you have know how to install it, if not check in here.

• download postfixadmin
  # wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3rc7/postfixadmin_2.3rc7.tar.gz
  
  
• install postfixadmin
  # tar zxvf postfixadmin_2.3rc7.tar.gz
  # mv postfixadmin-2.3rc7/ /var/www/htdocs/mailadmin
  # chown -R www.www /var/www/htdocs/mailadmin/
  # vim /var/www/htdocs/mailadmin/config.inc.php
  $CONF['configured'] = true;
  $CONF['setup_password'] = 'dirubahsaksakelah';
  $CONF['postfix_admin_url'] = 'http://192.168.0.1/mailadmin';
  $CONF['database_type'] = 'mysql';
  $CONF['database_host'] = 'localhost';
  $CONF['database_user'] = 'postfix';
  $CONF['database_password'] = 'mypostfixdbpassword';
  $CONF['database_name'] = 'postfix';
  $CONF['database_prefix'] = '';
  $CONF['encrypt'] = 'cleartext';
  $CONF['domain_path'] = 'YES';
  $CONF['domain_in_mailbox'] = 'NO';
  $CONF['quota'] = 'YES';
  $CONF['alias_control'] = 'YES';
  $CONF['alias_control_admin'] = 'YES';
  $CONF['special_alias_control'] = 'YES';
  
  :g/change-this-to-your.domain.tld/s//mx.mydomain.org/g
  :wq!
  
  
• create mysql server user and database
  # mysql -u root -p mysql
  mysql> GRANT ALL PRIVILEGES ON postfix.* TO postfix@localhost IDENTIFIED BY 'mypostfixdbpassword';
  mysql> FLUSH PRIVILEGES;
  mysql> CREATE DATABASE postfix;
  
  
• create user/group for handle virtual postfix
  # groupadd _virtual
  # group info _virtual
  name _virtual
  passwd *
  gid 1001
  members
  # useradd -g 1001 -s /sbin/nologin -d /var/mail -u 10001 _virtual
  # id _virtual
  uid=10001(_virtual) gid=1001(_virtual) groups=1001(_virtual)
  
  
• configure postfix (main.cf)
  # vim /etc/postfix/main.cf
  ###Postfix-mysql Virtual
  virtual_alias_domains =
  virtual_uid_maps = static:1001
  virtual_gid_maps = static:1001
  virtual_mailbox_base = /var/mail ### virtual domain/user place
  virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf
  virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
  virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf
  virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf
  virtual_mailbox_limit_override = yes
  virtual_maildir_extended = yes
  virtual_create_maildirsize = yes
  virtual_maildir_limit_message = "The user you are trying to reach is over quota."
  virtual_overquota_bounce = yes
  virtual_mailbox_limit = 512000000000
  virtual_minimum_uid = 1000
  virtual_transport = virtual
  
  
• create postfix-mysql file connector
  # mkdir -p /etc/postfix/sql
  # vim /etc/postfix/sql/mysql_virtual_alias_maps.cf
  user = postfix
  password = mypostfixdbpassword
  hosts = localhost
  dbname = postfix
  query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
  
  # vim /etc/postfix/sql/mysql_virtual_domains_maps.cf
  user = postfix
  password = mypostfixdbpassword
  hosts = localhost
  dbname = postfix
  query = SELECT domain FROM domain WHERE domain='%u'
  
  # vim /etc/postfix/sql/mysql_virtual_mailbox_maps.cf
  user = postfix
  password = postfixdbpassword
  hosts = localhost
  dbname = postfix
  query = SELECT CONCAT(SUBSTRING_INDEX(username,'@',-1),'/',SUBSTRING_INDEX(username,'@',1),'/') FROM mailbox WHERE username='%s'
  
  # vim /etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf
  user = postfix
  password = postfixdbpassword
  hosts = localhost
  dbname = postfix
  query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
  
  
• config postfix neede file
  # touch /etc/postfix/relay_domains
  # postmap /etc/postfix/relay_domains
  # postalias /etc/postfix/aliases
  # postmap /etc/postfix/transport
  
  
• install postfixadmin from web
  open http://192.168.0.1/mailadmin/setup.php and follow the instruction
  
  
• restart postfix
  # postfix reload
  
  
• create a user from postfixadmin
• check new domain and user have been created
  # ls -la /var/mail/new_domain/new_user
  
  
• try send email to new user have been created before
  # echo wakakakak | mail new_user@new_domain
  # more /var/mail/new_domain/new_user/new/12.....
  
  

OAMP (OpenBSD Apache Mysql and PHP)

This is my sort post for install and configure PHP and MySQL on OpenBSD. OpenBSD have Apache Server on default installation, but this server usually not running from start-up. Here is my step by step:

• PHP5 Install and Configuration
  
  1. Check Needed Package
     # pkg_add -n php5-core-*.tgz
     Pretending to add libxml-2.6.32p2
     
     # pkg_add -n php5-bz2-5.2.8.tgz
     Pretending to add bzip2-1.0.5
     
     # pkg_add -n php5-curl-5.2.8.tgz
     Pretending to add libidn-1.11
     Pretending to add curl-7.19.3
     
     # pkg_add -n php5-gd-5.2.8-no_x11.tgz
     Pretending to add t1lib-5.1.0p1
     Pretending to add jpeg-6bp3
     Pretending to add png-1.2.33
     
     # pkg_add -n php5-imap-5.2.8.tgz
     Pretending to add c-client-2007e
     
     # pkg_add -n php5-mbstring-5.2.8.tgz
     Pretending to add libxml-2.6.32p2
     
     # pkg_add -n php5-mcrypt-5.2.8.tgz
     Pretending to add mhash-0.9.9
     Pretending to add libmcrypt-2.5.7p2
     
     # pkg_add -n php5-mhash-5.2.8.tgz
     Pretending to add mhash-0.9.9
     
     # pkg_add -n php5-mysql-5.2.8.tgz
     Pretending to add libxml-2.6.32p2
     
     # pkg_add -n php5-ncurses-5.2.8.tgz
     Pretending to add libxml-2.6.32p2
     
     # pkg_add -n php5-pdo_sqlite-5.2.8.tgz
     Pretending to add sqlite3-3.6.10
     
     # pkg_add -n php5-xmlrpc-5.2.8.tgz
     Pretending to add libxml-2.6.32p2
     
     # pkg_add -n php5-xsl-5.2.8.tgz
     Pretending to add bzip2-1.0.5
     Pretending to add sqlite3-3.6.10
     Pretending to add python-2.5.4
     Pretending to add libgcrypt-1.4.3p0:libgpg-error-1.5
     Pretending to add libgcrypt-1.4.3p0
     Pretending to add libxml-2.6.32p2
     
     
     
     
     
  2. Installing & Configure Package
     # pkg_add php5-core-5.2.8p0.tgz
     # ln -s /var/www/conf/modules.sample/php5.conf \
     /var/www/conf/modules
     
     # pkg_add php5-bz2-5.2.8.tgz
     # ln -fs /var/www/conf/php5.sample/bz2.ini \
     /var/www/conf/php5/bz2.ini
     
     # pkg_add php5-curl-5.2.8.tgz
     # ln -fs /var/www/conf/php5.sample/curl.ini \
     /var/www/conf/php5/curl.ini
     
     # pkg_add php5-gd-5.2.8-no_x11.tgz
     # ln -fs /var/www/conf/php5.sample/gd.ini \
     /var/www/conf/php5/gd.ini
     
     # pkg_add php5-imap-5.2.8.tgz
     # ln -fs /var/www/conf/php5.sample/imap.ini \
     /var/www/conf/php5/imap.ini
     
     # pkg_add php5-mbstring-5.2.8.tgz
     # ln -fs /var/www/conf/php5.sample/mbstring.ini \
     /var/www/conf/php5/mbstring.ini
     
     # pkg_add php5-mcrypt-5.2.8.tgz
     # ln -fs /var/www/conf/php5.sample/mcrypt.ini \
     /var/www/conf/php5/mcrypt.ini
     
     # pkg_add php5-mhash-5.2.8.tgz
     # ln -fs /var/www/conf/php5.sample/mhash.ini \
     /var/www/conf/php5/mhash.ini
     
     # pkg_add php5-mysql-5.2.8.tgz
     # ln -fs /var/www/conf/php5.sample/mysql.ini \
     /var/www/conf/php5/mysql.ini
     
     # pkg_add php5-ncurses-5.2.8.tgz
     # ln -fs /var/www/conf/php5.sample/ncurses.ini \
     /var/www/conf/php5/ncurses.ini
     
     # pkg_add php5-pdo_sqlite-5.2.8.tgz
     # ln -fs /var/www/conf/php5.sample/pdo_sqlite.ini \
     /var/www/conf/php5/pdo_sqlite.ini
     
     # pkg_add php5-xmlrpc-5.2.8.tgz
     # ln -fs /var/www/conf/php5.sample/xmlrpc.ini \
     /var/www/conf/php5/xmlrpc.ini
     
     # pkg_add php5-xmlrpc-5.2.8.tgz
     # ln -fs /var/www/conf/php5.sample/xmlrpc.ini \
     /var/www/conf/php5/xmlrpc.ini
     
     # pkg_add php5-xsl-5.2.8.tgz
     # ln -fs /var/www/conf/php5.sample/xsl.ini \
     /var/www/conf/php5/xsl.ini
     
     
  3. Configuring Apache (httpd.conf)
     # vim /var/www/conf/httpd.conf
     :g/index\.html/s//index\.html index\.php/g
     :g/^#.*php\ \.php/s//AddType\ application\/x\-httpd\-php\ \.php/g
     :wq!
     
     
  4. Configuring PHP (php.ini)
     # vim /var/www/conf/php.ini
     :g/short_open_tag\ =\ Off/s//short_open_tag\ =\ On/g
     :g/post_max_size\ =\ 8M/s//post_max_size\ =\ 20M/g
     :wq!
     
     
  5. configure startup to starting apache after boot
     # vim /etc/rc.conf
     :g/httpd_flags=NO/s//httpd_flags=""/g
     :wq!
     
     
  6. create temp directory for php on Apache chroot
     # mkdir /var/www/tmp
     # chmod 777 /var/www/tmp
     # chmod +s /var/www/tmp
     # chown www.www /var/www/tmp
     
     
  7. starting & testing apache support php
     # apachectl start
     # echo "" > /var/www/htdocs/info.php
     # lynx http://127.0.0.1/info.php
     --> you should get message that inform php configuration
     
     

• MySQL Server 5 Install and Configuration
  
  1. Checking Needed Package
     # pkg_add -n mysql-server-5.0.77.tgz
     Pretending to add mysql-client-5.0.77
     Pretending to add p5-DBD-mysql-4.010:p5-Net-Daemon-0.43
     Pretending to add p5-DBD-mysql-4.010:p5-PlRPC-0.2018p0
     Pretending to add p5-DBD-mysql-4.010:p5-DBI-1.607
     Pretending to add p5-DBD-mysql-4.010
     Pretending to add mysql-server-5.0.77
     
     
  2. Installing Package
     # pkg_add mysql-server-5.0.77.tgz
     # mysql_install_db
     
     
  3. Configuring Database (my.cnf)
     # vim /etc/my.cnf
     port = 3306
     socket = /var/run/mysql/mysql.sock
     skip-locking
     key_buffer = 256M
     max_allowed_packet = 1M
     table_cache = 256
     sort_buffer_size = 1M
     read_buffer_size = 1M
     read_rnd_buffer_size = 4M
     myisam_sort_buffer_size = 64M
     thread_cache_size = 8
     query_cache_size= 16M
     thread_concurrency = 8
     max_connections = 200
     
     
  4. Configure startup for mysql-server
     # vim /etc/rc.local
     --> add this line
     ### mysql server
     if [ -x /usr/local/bin/mysqld_safe ] ; then
     /usr/local/bin/mysqld_safe >/dev/null 2>&1 &
     echo -n ' mysql'
     fi
     
     
  5. starting mysql-server manually, and change mysql root password
     # mysqld_safe &
     # mysql -u root -p
     Enter password:
     mysql> \u mysql
     Database changed
     mysql> UPDATE user set password=password('mynewpassword');
     Query OK, 5 rows affected (0.00 sec)
     Rows matched: 5 Changed: 5 Warnings: 0
     
     mysql> flush privileges;
     Query OK, 0 rows affected (0.00 sec)
     
     mysql>
     
     
• Support Apache-PHP with MySQL (for Apache chroot)
  # mkdir /var/www/var/run/mysql
  # ln -f /var/run/mysql/mysql.sock /var/www/var/run/mysql/
  
  
• Restart Apache and test Apache PHP-MySQL
  # apachectl restart
  # lynx http://127.0.0.1/info.php
  
  

i hope this post help.

openbsd 4.5 and postfix

I need openbsd 4.5 for mail server with smtp authentication process, in this post i will explain my step by step to do it. Using postfix for MTA. Requirement system (openbsd 4.5, standard/default install).

1. download ports
   # wget http://ftp.eu.openbsd.org/pub/OpenBSD/4.5/ports.tar.gz
   
   
2. extract ports
   # tar zxvf ports.tar.gz -C /usr/
   
   
3. download postfix from ports
   # cd /usr/ports/mail/postfix/stable/
   # make fetch
   
   
4. extract postfix
   # cd /usr/ports/distfiles/postfix/
   # tar zxvf postfix-2.5.6.tar.gz
   # wget http://vda.sourceforge.net/VDA/postfix-2.5.6-vda-ng-64bit.patch.gz
   # gunzip postfix-2.5.6-vda-ng-64bit.patch.gz
   
   
5. patch postfix with postfix-vda
   # cd postfix-2.5.6
   # patch -p1 < ../postfix-2.5.6-vda-ng-64bit.patch
6. compress postfix with postfix-vda
   # tar -zcvf postfix-2.5.6.tar.gz postfix-2.5.6/
   
   
7. installing postfix with postfix-vda support sasl and mysql via ports
   # cd /usr/ports/mail/postfix/stable/
   # make makesum
   # env FLAVOR="mysql sasl2" make install
   
   
8. getting postfix with postfix-vda support sasl and mysql packages
   # cp /usr/ports/packages/i386/all/postfix-2.5.6-sasl2-mysql.tgz /root/pkgs/
   
   
9. configuring postfix as smtp server
   (this is my /etc/postfix/main.cf file and not editing in /etc/postfix/master.cf)
   # vim /etc/postfix/main.cf
   queue_directory = /var/spool/postfix command_directory = /usr/local/sbin daemon_directory = /usr/local/libexec/postfix #mail_spool_directory = /var/spool/mail sendmail_path = /usr/local/sbin/sendmail
   newaliases_path = /usr/local/sbin/newaliases
   mailq_path = /usr/local/sbin/mailq
   html_directory = /usr/local/share/doc/postfix/html
   manpage_directory = /usr/local/man
   sample_directory = /etc/postfix
   readme_directory = /usr/local/share/doc/postfix/readme
   data_directory = /var/postfix
   
   inet_protocols = all
   
   relay_domains = hash:/etc/postfix/relay_domains
   transport_maps = hash:/etc/postfix/transport
   alias_maps = hash:/etc/postfix/aliases
   alias_database = hash:/etc/postfix/aliases
   local_transport = local
   
   biff = no
   empty_address_recipient = MAILER-DAEMON
   queue_minfree = 75000000
   message_size_limit = 50000000
   mailbox_size_limit = 100000000
   
   
   mail_owner = _postfix
   setgid_group = _postdrop
   
   myhostname = mx.example.com
   mydomain = $myhostname
   mydestination = $myhostname, localhost.$myhostname
   mynetworks = 127.0.0.0/8, 192.168.0.0/24
   
   smtpd_banner = $myhostname ESMTP Example
   debug_peer_level = 2
   debugger_command =
   PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
   ddd $daemon_directory/$process_name $process_id & sleep 5
   
   
   
   smtpd_delay_reject = no
   #header_checks = regexp:/etc/postfix/header_checks
   header_checks = pcre:/etc/postfix/header_checks
   #smtpd_helo_required = yes
   disable_vrfy_command = yes
   strict_rfc821_envelopes = yes
   message_size_limit = 40096000
   
   #sender_bcc_maps = hash:/etc/postfix/bcc_maps
   #recipient_bcc_maps = hash:/etc/postfix/rec_maps
   smtp_data_done_timeout = 1800s
   smtpd_soft_error_limit = 2
   smtpd_error_sleep_time = 1m
   address_verify_poll_count = 1
   address_verify_sender = <>
   
   unknown_client_reject_code = 550
   unknown_address_reject_code = 550
   unknown_hostname_reject_code = 550
   unverified_sender_reject_code = 550
   unverified_recipient_reject_code = 550
   unknown_local_recipient_reject_code = 550
   
   
   smtpd_recipient_restrictions =
   permit_mynetworks,
   reject_unauth_destination,
   reject_non_fqdn_recipient,
   reject_non_fqdn_sender,
   reject_unknown_recipient_domain,
   reject_rbl_client bl.spamcop.net,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dnsbl.sorbs.net,
   reject_rbl_client b.barracudacentral.org,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client sbl-xbl.spamhaus.org,
   reject_rbl_client bl.spamcannibal.org,
   reject_rbl_client multi.uribl.com,
   reject_rbl_client dsn.rfc-ignorant.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client ix.dnsbl.manitu.net,
   reject_rbl_client combined.rbl.msrbl.net,
   reject_rbl_client rabl.nuclearelephant.com,
   permit
   
   notify_classes = protocol,resource,software
   
   # touch /etc/postfix/relay_domains
   # postmap /etc/postfix/relay_domains
   # touch /etc/postfix/transport
   # postmap /etc/postfix/transport
   # touch /etc/postfix/aliases
   # postalias /etc/postfix/aliases
   # postfix reload
   
   
10. Testing postfix as smtp server
    I test using outlook express and set my smtp server to my new mail server ip address, and just test for sending new mail. If your destination mail is receive new mail, check it header.
    
    

openbsd compile kernel (my standard)

This is my step to compile openbsd kernel, which i use for mail server and or bandwidth limitter. What we need is sys.tar.gz depend on your version of openbsd.

1. download sys.tar.gz
   # wget ftp://ftp.openbsd.org/pub/OpenBSD/[openbsd version]/sys.tar.gz
   
2. extract sys.tar.gz to /usr/src
   # tar zxvf sys.tar.gz -C /usr/src/
   
3. create config kernel file
   # cd /usr/src/sys/arch/i386/conf/
   # cp GENERIC MINE
   
4. configure config kernel file
   # vim MINE
   --> add this line
   option DUMMY_NOPS # speed hack
   option UVM # speed swap
   option BUFCACHEPERCENT=35 # 25% of memory for filesystem cache buffer, more less more good
   #### for mail server
   option MSGMNB=32768 # max characters per message queue
   option MSGMNI=40 # max number of message queue identifiers
   option MSGSEG=2048 # max number of message segments in the system
   option MSGSSZ=64 # size of a message segment (Must be 2^N)
   option MSGTQL=1024 # max amount of messages in the system
   
   # vim ../include/param.h
   --> change
   #define NMBCLUSTERS 6144 to #define NMBCLUSTERS 32768
   
   # vim ../../../altq/altq_hfsc.h
   --> change
   #define HFSC_MAX_CLASSES 64 to #define HFSC_MAX_CLASSES 32768
   
   
5. compile & install kernel
   # config MINE
   # cd ../compile/MGTX/
   # cp /bsd /bsd.old
   # make depend; make; make install
   
   
6. reboot openbsd system, it will boot with new kernel

openbsd configuration (standard of mine)

This is my first post at 2009 in widiastono.blogspot.com. Not much i know about openBSD, but now i will share my experience in configuring openBSD which usually i do.

1. package needed (bash and vim), and checking dependencies
   # pkg_add -n bash-*.tgz
   Pretending to add libiconv-1.12
   Pretending to add gettext-0.17p0
   Pretending to add bash-3.2.48
   
   # pkg_add -n vim-*-no_x11.tgz
   Pretending to add libiconv-1.12
   Pretending to add gettext-0.17p0
   Pretending to add vim-7.2.77-no_x11
   
   
2. installing package for editor and shell
   # pkg_add bash-*.tgz
   # pkg_add vim-*-no_x11.tgz
   
   
3. config & change default shell to bash
   # ln -s /usr/local/bin/bash /bin/
   # chsh
   :g/ksh/s//bash/g
   :wq!
   
   
4. config & change vi default editor to vim
   # mv /usr/bin/vi /usr/bin/vi.old
   # ln -s /usr/local/bin/vim /usr/bin/vi
   # ln -s /usr/local/share/vim/vim72/vimrc_example.vim /usr/local/share/vim/vimrc
   
   
5. config root profile
   # vim /root/.profile
   --> change this line
   export PATH to export PATH TERM=linux
   --> remove this line
   if [ -x /usr/bin/tset ]; then
   eval `/usr/bin/tset -sQ \?$TERM`
   fi
   
   
6. logout and login again
7. Little bit for shutdown your service
   # vim /etc/rc.conf
   --> edit sendmail_flags to sendmail_flags="-bd"
   # vim /etc/inetd.conf
   :g/^/s//#/g
   :wq!
   
   
8. reboot openbsd system