removing .well-know

This commit is contained in:
CaptainArk 2016-03-01 19:32:16 +01:00
parent 1c94323b4f
commit ae846a480e
9 changed files with 292 additions and 293 deletions

View File

@ -114,7 +114,7 @@
<p>I figured I'd share the playbook I use to update the Debian packages !</p>
<h2>The playbook</h2>
<p>I modified <a href="https://gist.github.com/maethor/380676f6b1cec8cc7439">this gist</a> to only use apt-get instead of both apt-get and aptitude.</p>
<div class="highlight"><pre><span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">hosts</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">all</span>
<div class="highlight"><pre><span></span><span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">hosts</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">all</span>
<span class="l l-Scalar l-Scalar-Plain">remote_user</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">admin</span>
<span class="l l-Scalar l-Scalar-Plain">become</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">yes</span>
<span class="l l-Scalar l-Scalar-Plain">become_method</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">sudo</span>

View File

@ -113,7 +113,7 @@
<h2>The script</h2>
<p>All of the following should be done as the root user.</p>
<p>First, create a /etc/default/flexget file with the following content :</p>
<div class="highlight"><pre><span class="c1"># Configuration file for /etc/init.d/flexget</span>
<div class="highlight"><pre><span></span><span class="c1"># Configuration file for /etc/init.d/flexget</span>
<span class="c1"># User to run flexget as.</span>
<span class="c1"># Daemon will not start if left empty.</span>
@ -136,12 +136,12 @@
<p>Please note that the FGUSER variable needs to be defined for the daemon to start. It can be set to your current user, or you can run flexget as its own user.</p>
<p>You can create a flexget user with the following command :</p>
<div class="highlight"><pre>useradd -m -d /var/lib/flexget -r -s /bin/false flexget
<div class="highlight"><pre><span></span>useradd -m -d /var/lib/flexget -r -s /bin/false flexget
</pre></div>
<p>Then, create the /etc/init.d/flexget file :</p>
<div class="highlight"><pre><span class="ch">#!/bin/bash</span>
<div class="highlight"><pre><span></span><span class="ch">#!/bin/bash</span>
<span class="c1">### BEGIN INIT INFO</span>
<span class="c1"># Provides: flexget</span>
@ -161,10 +161,10 @@
<span class="nv">NAME</span><span class="o">=</span><span class="s2">&quot;flexget&quot;</span>
<span class="nv">DAEMON</span><span class="o">=</span><span class="s2">&quot;/usr/local/bin/flexget&quot;</span>
<span class="nv">SETTINGS</span><span class="o">=</span><span class="s2">&quot;/etc/default/</span>$<span class="s2">NAME&quot;</span>
<span class="nv">SETTINGS</span><span class="o">=</span><span class="s2">&quot;/etc/default/</span><span class="nv">$NAME</span><span class="s2">&quot;</span>
<span class="nv">DESC</span><span class="o">=</span><span class="s2">&quot;Flexget&quot;</span>
<span class="nv">PIDFILE</span><span class="o">=</span><span class="s2">&quot;/var/run/</span>$<span class="s2">NAME.pid&quot;</span>
<span class="nv">PIDFILE</span><span class="o">=</span><span class="s2">&quot;/var/run/</span><span class="nv">$NAME</span><span class="s2">.pid&quot;</span>
<span class="nb">set</span> -e
@ -173,36 +173,36 @@
<span class="nb">unset</span> FGUSER CONFIG LOG LEVEL
<span class="c1"># Exit if flexget not installed</span>
<span class="k">if</span> <span class="o">[</span> ! -x <span class="s2">&quot;</span><span class="nv">$DAE</span><span class="s2">MON&quot;</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DE</span><span class="s2">SC: Could not find flexget executable. Exiting.&quot;</span>
<span class="k">if</span> <span class="o">[</span> ! -x <span class="s2">&quot;</span><span class="nv">$DAEMON</span><span class="s2">&quot;</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DESC</span><span class="s2">: Could not find flexget executable. Exiting.&quot;</span>
<span class="nb">exit</span> 2
<span class="k">fi</span>
<span class="c1"># Read configuration variables</span>
<span class="k">if</span> <span class="o">[</span> -r /etc/default/$NAME <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
. /etc/default/$NAME
<span class="k">if</span> <span class="o">[</span> -r /etc/default/<span class="nv">$NAME</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
. /etc/default/<span class="nv">$NAME</span>
<span class="k">else</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DE</span><span class="s2">SC: /etc/default/</span>$<span class="s2">NAME not found. Exiting.&quot;</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DESC</span><span class="s2">: /etc/default/</span><span class="nv">$NAME</span><span class="s2"> not found. Exiting.&quot;</span>
<span class="nb">exit</span> 2
<span class="k">fi</span>
<span class="c1"># Exit if FGUSER has not been set in /etc/default/flexget</span>
<span class="k">if</span> <span class="o">[</span> -z <span class="nv">$F</span>GUSER <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DE</span><span class="s2">SC: FGUSER not set in /etc/default/</span>$<span class="s2">NAME. Exiting.&quot;</span>
<span class="k">if</span> <span class="o">[</span> -z <span class="nv">$FGUSER</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DESC</span><span class="s2">: FGUSER not set in /etc/default/</span><span class="nv">$NAME</span><span class="s2">. Exiting.&quot;</span>
<span class="nb">exit</span> 2
<span class="k">fi</span>
<span class="c1"># Function to verify if flexget is already running</span>
run_check<span class="o">()</span> <span class="o">{</span>
<span class="k">if</span> <span class="o">[</span> -e $PIDFILE <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
status_of_proc -p $PIDFILE <span class="nv">$DAE</span>MON $NAME &gt; /dev/null <span class="o">&amp;&amp;</span> <span class="nv">RETVAL</span><span class="o">=</span><span class="m">0</span> <span class="o">||</span> <span class="nv">RETVAL</span><span class="o">=</span><span class="s2">&quot;</span><span class="nv">$?</span><span class="s2">&quot;</span>
<span class="k">if</span> <span class="o">[</span> -e <span class="nv">$PIDFILE</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
status_of_proc -p <span class="nv">$PIDFILE</span> <span class="nv">$DAEMON</span> <span class="nv">$NAME</span> &gt; /dev/null <span class="o">&amp;&amp;</span> <span class="nv">RETVAL</span><span class="o">=</span><span class="m">0</span> <span class="o">||</span> <span class="nv">RETVAL</span><span class="o">=</span><span class="s2">&quot;</span><span class="nv">$?</span><span class="s2">&quot;</span>
<span class="k">else</span>
<span class="nv">RETVAL</span><span class="o">=</span><span class="s2">&quot;2&quot;</span>
<span class="k">fi</span>
<span class="o">}</span>
end_log<span class="o">()</span> <span class="o">{</span>
<span class="k">if</span> <span class="o">[</span> $RETVAL -eq <span class="m">0</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<span class="k">if</span> <span class="o">[</span> <span class="nv">$RETVAL</span> -eq <span class="m">0</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
log_end_msg 0
<span class="k">return</span> 0
<span class="k">else</span>
@ -213,39 +213,39 @@ end_log<span class="o">()</span> <span class="o">{</span>
<span class="c1"># Function to define config file, log file and log level</span>
conf_check<span class="o">()</span> <span class="o">{</span>
<span class="k">if</span> <span class="o">[</span> -z <span class="nv">$C</span>ONFIG <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<span class="nv">OPTIONS</span><span class="o">=</span><span class="s2">&quot;</span>$<span class="s2">OPTIONS&quot;</span>
<span class="k">if</span> <span class="o">[</span> -z <span class="nv">$CONFIG</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<span class="nv">OPTIONS</span><span class="o">=</span><span class="s2">&quot;</span><span class="nv">$OPTIONS</span><span class="s2">&quot;</span>
<span class="k">else</span>
<span class="nv">OPTIONS</span><span class="o">=</span><span class="s2">&quot;-c </span><span class="nv">$C</span><span class="s2">ONFIG&quot;</span>
<span class="nv">OPTIONS</span><span class="o">=</span><span class="s2">&quot;-c </span><span class="nv">$CONFIG</span><span class="s2">&quot;</span>
<span class="k">fi</span>
<span class="k">if</span> <span class="o">[</span> -z $LOG <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<span class="nv">OPTIONS</span><span class="o">=</span><span class="s2">&quot;</span>$<span class="s2">OPTIONS&quot;</span>
<span class="k">if</span> <span class="o">[</span> -z <span class="nv">$LOG</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<span class="nv">OPTIONS</span><span class="o">=</span><span class="s2">&quot;</span><span class="nv">$OPTIONS</span><span class="s2">&quot;</span>
<span class="k">else</span>
<span class="nv">OPTIONS</span><span class="o">=</span><span class="s2">&quot;</span>$<span class="s2">OPTIONS -l </span>$<span class="s2">LOG/flexget.log&quot;</span>
<span class="k">if</span> <span class="o">[</span> ! -d $LOG <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
mkdir -p -m <span class="m">750</span> $LOG
chown <span class="nv">$F</span>GUSER $LOG
<span class="nv">OPTIONS</span><span class="o">=</span><span class="s2">&quot;</span><span class="nv">$OPTIONS</span><span class="s2"> -l </span><span class="nv">$LOG</span><span class="s2">/flexget.log&quot;</span>
<span class="k">if</span> <span class="o">[</span> ! -d <span class="nv">$LOG</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
mkdir -p -m <span class="m">750</span> <span class="nv">$LOG</span>
chown <span class="nv">$FGUSER</span> <span class="nv">$LOG</span>
<span class="k">fi</span>
<span class="k">fi</span>
<span class="k">if</span> <span class="o">[</span> -z $LEVEL <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<span class="nv">OPTIONS</span><span class="o">=</span><span class="s2">&quot;</span>$<span class="s2">OPTIONS&quot;</span>
<span class="k">if</span> <span class="o">[</span> -z <span class="nv">$LEVEL</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<span class="nv">OPTIONS</span><span class="o">=</span><span class="s2">&quot;</span><span class="nv">$OPTIONS</span><span class="s2">&quot;</span>
<span class="k">else</span>
<span class="nv">OPTIONS</span><span class="o">=</span><span class="s2">&quot;</span>$<span class="s2">OPTIONS -L </span>$<span class="s2">LEVEL&quot;</span>
<span class="nv">OPTIONS</span><span class="o">=</span><span class="s2">&quot;</span><span class="nv">$OPTIONS</span><span class="s2"> -L </span><span class="nv">$LEVEL</span><span class="s2">&quot;</span>
<span class="k">fi</span>
<span class="o">}</span>
start_flexget<span class="o">()</span> <span class="o">{</span>
run_check
<span class="k">if</span> <span class="o">[</span> $<span class="nv">RETVAL</span> <span class="o">=</span> <span class="m">0</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DE</span><span class="s2">SC: Already running with PID </span><span class="k">$(</span>cat $PIDFILE<span class="k">)</span><span class="s2">. Aborting.&quot;</span>
<span class="k">if</span> <span class="o">[</span> <span class="nv">$RETVAL</span> <span class="o">=</span> <span class="m">0</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DESC</span><span class="s2">: Already running with PID </span><span class="k">$(</span>cat <span class="nv">$PIDFILE</span><span class="k">)</span><span class="s2">. Aborting.&quot;</span>
<span class="nb">exit</span> 2
<span class="k">else</span>
conf_check
log_daemon_msg <span class="s2">&quot;</span><span class="nv">$DE</span><span class="s2">SC: Starting the daemon.&quot;</span>
start-stop-daemon --start --background --quiet --pidfile $PIDFILE --make-pidfile <span class="se">\</span>
--chuid <span class="nv">$F</span>GUSER --user <span class="nv">$F</span>GUSER --exec <span class="nv">$DAE</span>MON -- $OPTIONS daemon start
log_daemon_msg <span class="s2">&quot;</span><span class="nv">$DESC</span><span class="s2">: Starting the daemon.&quot;</span>
start-stop-daemon --start --background --quiet --pidfile <span class="nv">$PIDFILE</span> --make-pidfile <span class="se">\</span>
--chuid <span class="nv">$FGUSER</span> --user <span class="nv">$FGUSER</span> --exec <span class="nv">$DAEMON</span> -- <span class="nv">$OPTIONS</span> daemon start
<span class="nv">RETVAL</span><span class="o">=</span><span class="nv">$?</span>
end_log
<span class="k">fi</span>
@ -253,26 +253,26 @@ start_flexget<span class="o">()</span> <span class="o">{</span>
stop_flexget<span class="o">()</span> <span class="o">{</span>
run_check
<span class="k">if</span> <span class="o">[</span> $<span class="nv">RETVAL</span> <span class="o">=</span> <span class="m">0</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
log_daemon_msg <span class="s2">&quot;</span><span class="nv">$DE</span><span class="s2">SC: Stopping the daemon.&quot;</span>
start-stop-daemon --stop --quiet --chuid <span class="s2">&quot;</span><span class="nv">$F</span><span class="s2">GUSER&quot;</span> --pidfile <span class="s2">&quot;</span>$<span class="s2">PIDFILE&quot;</span> --retry 30
<span class="k">if</span> <span class="o">[</span> <span class="nv">$RETVAL</span> <span class="o">=</span> <span class="m">0</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
log_daemon_msg <span class="s2">&quot;</span><span class="nv">$DESC</span><span class="s2">: Stopping the daemon.&quot;</span>
start-stop-daemon --stop --quiet --chuid <span class="s2">&quot;</span><span class="nv">$FGUSER</span><span class="s2">&quot;</span> --pidfile <span class="s2">&quot;</span><span class="nv">$PIDFILE</span><span class="s2">&quot;</span> --retry 30
<span class="nv">RETVAL</span><span class="o">=</span><span class="nv">$?</span>
<span class="o">[</span> -e <span class="s2">&quot;</span>$<span class="s2">PIDFILE&quot;</span> <span class="o">]</span> <span class="o">&amp;&amp;</span> rm -f <span class="s2">&quot;</span>$<span class="s2">PIDFILE&quot;</span>
<span class="o">[</span> -e <span class="s2">&quot;</span><span class="nv">$PIDFILE</span><span class="s2">&quot;</span> <span class="o">]</span> <span class="o">&amp;&amp;</span> rm -f <span class="s2">&quot;</span><span class="nv">$PIDFILE</span><span class="s2">&quot;</span>
end_log
<span class="k">else</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DE</span><span class="s2">SC: Not currently running. Aborting.&quot;</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DESC</span><span class="s2">: Not currently running. Aborting.&quot;</span>
<span class="nb">exit</span> 2
<span class="k">fi</span>
<span class="o">}</span>
status_flexget<span class="o">()</span> <span class="o">{</span>
run_check
<span class="k">if</span> <span class="o">[</span> $<span class="nv">RETVAL</span> <span class="o">=</span> <span class="m">0</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DE</span><span class="s2">SC: Currently running with PID </span><span class="k">$(</span>cat $PIDFILE<span class="k">)</span><span class="s2">.&quot;</span>
<span class="k">if</span> <span class="o">[</span> <span class="nv">$RETVAL</span> <span class="o">=</span> <span class="m">0</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DESC</span><span class="s2">: Currently running with PID </span><span class="k">$(</span>cat <span class="nv">$PIDFILE</span><span class="k">)</span><span class="s2">.&quot;</span>
<span class="k">else</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DE</span><span class="s2">SC: Not currently running.&quot;</span>
log_action_msg <span class="s2">&quot;</span><span class="nv">$DESC</span><span class="s2">: Not currently running.&quot;</span>
<span class="k">fi</span>
<span class="nb">exit</span> $RETVAL
<span class="nb">exit</span> <span class="nv">$RETVAL</span>
<span class="o">}</span>
<span class="k">case</span> <span class="s2">&quot;</span><span class="nv">$1</span><span class="s2">&quot;</span> in
@ -298,38 +298,38 @@ status_flexget<span class="o">()</span> <span class="o">{</span>
<p>Then, give execution rights to the script :</p>
<div class="highlight"><pre>chmod +x /etc/init.d/flexget
<div class="highlight"><pre><span></span>chmod +x /etc/init.d/flexget
</pre></div>
<p>And then, generate the necessary symlinks for the service to start on boot :</p>
<p><em>Debian Jessie</em></p>
<div class="highlight"><pre>systemctl <span class="nb">enable</span> flexget
<div class="highlight"><pre><span></span>systemctl <span class="nb">enable</span> flexget
</pre></div>
<p><em>Debian Wheezy</em></p>
<div class="highlight"><pre>insserv flexget
<div class="highlight"><pre><span></span>insserv flexget
</pre></div>
<p>To start, stop or check if the daemon is running :</p>
<p><em>Debian Jessie</em></p>
<div class="highlight"><pre>systemctl start flexget
<div class="highlight"><pre><span></span>systemctl start flexget
systemctl stop flexget
systemctl status flexget
</pre></div>
<p><em>Debian Wheezy / Jessie</em></p>
<div class="highlight"><pre>service flexget start
<div class="highlight"><pre><span></span>service flexget start
service flexget stop
service flexget status
</pre></div>
<p><em>Debian Wheezy</em></p>
<div class="highlight"><pre>/etc/init.d/flexget start
<div class="highlight"><pre><span></span>/etc/init.d/flexget start
/etc/init.d/flexget stop
/etc/init.d/flexget status
</pre></div>

View File

@ -122,7 +122,7 @@
<p>I used screen before tmux, so I configured the prefix key on C-a instead of C-b. tmux has the advantage of being <em>much</em> simpler to configure than screen.</p>
<p>If you want to use this configuration, simply copy the following in ~/.tmux.conf. This file is read by default when tmux starts.</p>
<p>If you simply want to try it out, copy it in a file somewhere else and have tmux load with the -f parameter (<code>tmux -f ~/tmux-test.conf</code>).</p>
<div class="highlight"><pre># use utf8
<div class="highlight"><pre><span></span># use utf8
set -g utf8
set-option -g status-utf8 on
set-window-option -g utf8 on
@ -237,7 +237,7 @@ bind &#39;&quot;&#39; choose-window
<h2>Aliases</h2>
<p>I also use two functions with tmux (in ~/.bash_aliases).</p>
<p>The first one creates a new "mytmux" tmux session if one doesn't exist yet, opens 10 shells and selects the first one.</p>
<div class="highlight"><pre>mytmux<span class="o">()</span> <span class="o">{</span>
<div class="highlight"><pre><span></span>mytmux<span class="o">()</span> <span class="o">{</span>
tmux has-session -t mytmux
<span class="k">if</span> <span class="o">[</span> <span class="nv">$?</span> !<span class="o">=</span> <span class="m">0</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
tmux new-session -s mytmux -n <span class="k">$(</span>hostname<span class="k">)</span> -d
@ -258,7 +258,7 @@ bind &#39;&quot;&#39; choose-window
<p>The second one changes the tmux window name whenever I ssh to a remote host, and switches the window name back to the name of my computer when I logout from the host.</p>
<div class="highlight"><pre><span class="k">if</span> <span class="o">[</span> -n <span class="s2">&quot;</span>$<span class="s2">TMUX&quot;</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
<div class="highlight"><pre><span></span><span class="k">if</span> <span class="o">[</span> -n <span class="s2">&quot;</span><span class="nv">$TMUX</span><span class="s2">&quot;</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
ssh<span class="o">()</span> <span class="o">{</span>
<span class="k">if</span> <span class="o">[</span> <span class="nv">$#</span> -le <span class="m">2</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
tmux rename-window <span class="s2">&quot;</span><span class="si">${</span><span class="p">@: -1</span><span class="si">}</span><span class="s2">&quot;</span>

View File

@ -116,7 +116,7 @@
<h2>SSH Keys</h2>
<p>If you don't have one already, you'll need a ssh-key to connect to the git repo.</p>
<p>On your computer, in a shell, as your usual user :</p>
<div class="highlight"><pre>ssh-keygen -t rsa -b 3072
<div class="highlight"><pre><span></span>ssh-keygen -t rsa -b 3072
Generating public/private rsa key pair.
Enter file in which to save the key <span class="o">(</span>/home/user/.ssh/id_rsa<span class="o">)</span>:
Enter passphrase <span class="o">(</span>empty <span class="k">for</span> no passphrase<span class="o">)</span>:
@ -130,7 +130,7 @@ The key fingerprint is:
<p>For security reasons, configuring a passphrase is recommended. On Mac OS X and most desktop environnements on Linux, you can store this passphrase for the duration of your session using the <code>ssh-add</code> command, so you won't have to type it every time you want to connect to a host.</p>
<p>On the server, we also have to create a ssh-key for the user that is running our webserver (you'll need to have sudo installed) :</p>
<div class="highlight"><pre>sudo -H -u www-data ssh-keygen -t rsa -b 3072
<div class="highlight"><pre><span></span>sudo -H -u www-data ssh-keygen -t rsa -b 3072
Generating public/private rsa key pair.
Enter file in which to save the key <span class="o">(</span>/var/www/.ssh/id_rsa<span class="o">)</span>:
Enter passphrase <span class="o">(</span>empty <span class="k">for</span> no passphrase<span class="o">)</span>:
@ -146,24 +146,24 @@ The key fingerprint is:
<h2>Server management</h2>
<p>All of the commands in this section have to be run as root.</p>
<p>First thing first, we have to install the git package on the server that will be hosting our git repos :</p>
<div class="highlight"><pre>apt update <span class="o">&amp;&amp;</span> apt install git -y
<div class="highlight"><pre><span></span>apt update <span class="o">&amp;&amp;</span> apt install git -y
</pre></div>
<p>Then, we have to create a user named git :</p>
<div class="highlight"><pre>useradd -s /usr/bin/git-shell -m -r git
<div class="highlight"><pre><span></span>useradd -s /usr/bin/git-shell -m -r git
</pre></div>
<p>This will create a system user (UID &lt; 1000) with a /home/git home directory. If you want to host your git repos somewhere else on your filesystem, you should add a <code>-d /home/directory/for/git</code> in the previous command.</p>
<p>This user will use the git-shell shell. This limits remote connection to that user to git commands (like the rssh shell can limit remote connection to a user to scp or rsync commands).</p>
<p>We have to configure our system to allow the use of this shell :</p>
<div class="highlight"><pre><span class="nb">echo</span> <span class="s1">&#39;/usr/bin/git-shell&#39;</span> &gt;&gt; /etc/shells
<div class="highlight"><pre><span></span><span class="nb">echo</span> <span class="s1">&#39;/usr/bin/git-shell&#39;</span> &gt;&gt; /etc/shells
</pre></div>
<p>From this point, you should have to following output if you try to SSH to your server with that user :</p>
<div class="highlight"><pre>ssh git@git.captainark.net
<div class="highlight"><pre><span></span>ssh git@git.captainark.net
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have <span class="nb">read</span> and execute access.
Connection to git@git.captainark.net closed.
@ -171,33 +171,33 @@ Connection to git@git.captainark.net closed.
<p>We now need to create the .ssh/authorized_keys file for the git user with the correct permissions :</p>
<div class="highlight"><pre>sudo -H -u git mkdir /home/git/.ssh <span class="o">&amp;&amp;</span> chmod <span class="m">700</span> /home/git/.ssh
<div class="highlight"><pre><span></span>sudo -H -u git mkdir /home/git/.ssh <span class="o">&amp;&amp;</span> chmod <span class="m">700</span> /home/git/.ssh
sudo -H -u git touch /home/git/.ssh/authorized_keys <span class="o">&amp;&amp;</span> chmod <span class="m">600</span> /home/git/.ssh/authorized_keys
</pre></div>
<p>You can now copy/paste the content of the two <code>$HOME/.ssh/id_rsa.pub</code> files we've created earlier using the <code>ssh-keygen</code> command in <code>/home/git/.ssh/authorized_keys</code>.</p>
<p>The last thing we have to do is to create our first git repo. In this example, my project will be called 'captainarkdotnet' as it will be hosting this blog :</p>
<div class="highlight"><pre>sudo -H -u git mkdir /home/git/captainarkdotnet.git
<div class="highlight"><pre><span></span>sudo -H -u git mkdir /home/git/captainarkdotnet.git
<span class="nb">cd</span> /home/git/captainarkdotnet.git
sudo -H -u git git init --bare
</pre></div>
<p>The last command should give you the following output :</p>
<div class="highlight"><pre>Initialized empty Git repository in /home/git/captainarkdotnet.git/.git/
<div class="highlight"><pre><span></span>Initialized empty Git repository in /home/git/captainarkdotnet.git/.git/
</pre></div>
<p>We're done with the server configuration. Let's now actually push stuff to our repo !</p>
<h3>Initial push</h3>
<p>The files for my blog are store in the ~/Documents/projects/captainarkdotnet on my computer. Before doing anything else, we first have to make sure that we currently are in that folder :</p>
<div class="highlight"><pre><span class="nb">cd</span> ~/Documents/projects/captainarkdotnet
<div class="highlight"><pre><span></span><span class="nb">cd</span> ~/Documents/projects/captainarkdotnet
</pre></div>
<p>Let's now push the content of that folder to our repo :</p>
<div class="highlight"><pre>git init
<div class="highlight"><pre><span></span>git init
git add .
git commit -m <span class="s1">&#39;initial commit&#39;</span>
git remote add origin git@git.captainark.net:captainarkdotnet.git
@ -207,7 +207,7 @@ git push origin master
<p>Please note that you'll need to edit <strong>git.captainark.net</strong> to the FQDN or IP of your git server, and <strong>captainarkdotnet.git</strong> to the name of the git project on your server.</p>
<p>If everything went well, the last command should give you the following output :</p>
<div class="highlight"><pre>Counting objects: 69, <span class="k">done</span>.
<div class="highlight"><pre><span></span>Counting objects: 69, <span class="k">done</span>.
Delta compression using up to <span class="m">4</span> threads.
Compressing objects: 100% <span class="o">(</span>64/64<span class="o">)</span>, <span class="k">done</span>.
Writing objects: 100% <span class="o">(</span>69/69<span class="o">)</span>, 1.01 MiB <span class="p">|</span> <span class="m">0</span> bytes/s, <span class="k">done</span>.
@ -220,13 +220,13 @@ To git@git.captainark.net:captainarkdotnet.git
<p>That's it, we've now pushed our first commit to our server !</p>
<h2>First pull</h2>
<p>Alright, time to pull the files we've just pushed on our webserver. I personally store my web content in <code>/var/www</code> ; if you don't, you'll have to adjust the path accordingly :</p>
<div class="highlight"><pre><span class="nb">cd</span> /var/www
<div class="highlight"><pre><span></span><span class="nb">cd</span> /var/www
sudo -H -u www-data git clone git@git.captainark.net:captainarkdotnet.git
</pre></div>
<p>SSH will ask you to type 'yes' since it's the first time the www-data user connects to the server. If everything goes well, you should have the following output :</p>
<div class="highlight"><pre>Cloning into <span class="s1">&#39;captainarkdotnet&#39;</span>...
<div class="highlight"><pre><span></span>Cloning into <span class="s1">&#39;captainarkdotnet&#39;</span>...
remote: Counting objects: 70, <span class="k">done</span>.
remote: Compressing objects: 100% <span class="o">(</span>65/65<span class="o">)</span>, <span class="k">done</span>.
remote: Total <span class="m">70</span> <span class="o">(</span>delta 16<span class="o">)</span>, reused <span class="m">0</span> <span class="o">(</span>delta 0<span class="o">)</span>

View File

@ -13,7 +13,7 @@
&lt;p&gt;I used screen before tmux, so I configured the prefix key on C-a instead of C-b. tmux has the advantage of being &lt;em&gt;much&lt;/em&gt; simpler to configure than screen.&lt;/p&gt;
&lt;p&gt;If you want to use this configuration, simply copy the following in ~/.tmux.conf. This file is read by default when tmux starts.&lt;/p&gt;
&lt;p&gt;If you simply want to try it out, copy it in a file somewhere else and have tmux load with the -f parameter (&lt;code&gt;tmux -f ~/tmux-test.conf&lt;/code&gt;).&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;# use utf8
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;# use utf8
set -g utf8
set-option -g status-utf8 on
set-window-option -g utf8 on
@ -128,7 +128,7 @@ bind &amp;#39;&amp;quot;&amp;#39; choose-window
&lt;h2&gt;Aliases&lt;/h2&gt;
&lt;p&gt;I also use two functions with tmux (in ~/.bash_aliases).&lt;/p&gt;
&lt;p&gt;The first one creates a new "mytmux" tmux session if one doesn't exist yet, opens 10 shells and selects the first one.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mytmux&lt;span class="o"&gt;()&lt;/span&gt; &lt;span class="o"&gt;{&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mytmux&lt;span class="o"&gt;()&lt;/span&gt; &lt;span class="o"&gt;{&lt;/span&gt;
tmux has-session -t mytmux
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; &lt;span class="nv"&gt;$?&lt;/span&gt; !&lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="m"&gt;0&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
tmux new-session -s mytmux -n &lt;span class="k"&gt;$(&lt;/span&gt;hostname&lt;span class="k"&gt;)&lt;/span&gt; -d
@ -149,7 +149,7 @@ bind &amp;#39;&amp;quot;&amp;#39; choose-window
&lt;p&gt;The second one changes the tmux window name whenever I ssh to a remote host, and switches the window name back to the name of my computer when I logout from the host.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -n &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;$&lt;span class="s2"&gt;TMUX&amp;quot;&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -n &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$TMUX&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
ssh&lt;span class="o"&gt;()&lt;/span&gt; &lt;span class="o"&gt;{&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; &lt;span class="nv"&gt;$#&lt;/span&gt; -le &lt;span class="m"&gt;2&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
tmux rename-window &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="si"&gt;${&lt;/span&gt;&lt;span class="p"&gt;@: -1&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;
@ -170,7 +170,7 @@ bind &amp;#39;&amp;quot;&amp;#39; choose-window
&lt;p&gt;I figured I'd share the playbook I use to update the Debian packages !&lt;/p&gt;
&lt;h2&gt;The playbook&lt;/h2&gt;
&lt;p&gt;I modified &lt;a href="https://gist.github.com/maethor/380676f6b1cec8cc7439"&gt;this gist&lt;/a&gt; to only use apt-get instead of both apt-get and aptitude.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="p p-Indicator"&gt;-&lt;/span&gt; &lt;span class="l l-Scalar l-Scalar-Plain"&gt;hosts&lt;/span&gt;&lt;span class="p p-Indicator"&gt;:&lt;/span&gt; &lt;span class="l l-Scalar l-Scalar-Plain"&gt;all&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="p p-Indicator"&gt;-&lt;/span&gt; &lt;span class="l l-Scalar l-Scalar-Plain"&gt;hosts&lt;/span&gt;&lt;span class="p p-Indicator"&gt;:&lt;/span&gt; &lt;span class="l l-Scalar l-Scalar-Plain"&gt;all&lt;/span&gt;
&lt;span class="l l-Scalar l-Scalar-Plain"&gt;remote_user&lt;/span&gt;&lt;span class="p p-Indicator"&gt;:&lt;/span&gt; &lt;span class="l l-Scalar l-Scalar-Plain"&gt;admin&lt;/span&gt;
&lt;span class="l l-Scalar l-Scalar-Plain"&gt;become&lt;/span&gt;&lt;span class="p p-Indicator"&gt;:&lt;/span&gt; &lt;span class="l l-Scalar l-Scalar-Plain"&gt;yes&lt;/span&gt;
&lt;span class="l l-Scalar l-Scalar-Plain"&gt;become_method&lt;/span&gt;&lt;span class="p p-Indicator"&gt;:&lt;/span&gt; &lt;span class="l l-Scalar l-Scalar-Plain"&gt;sudo&lt;/span&gt;
@ -217,7 +217,7 @@ bind &amp;#39;&amp;quot;&amp;#39; choose-window
&lt;h2&gt;SSH Keys&lt;/h2&gt;
&lt;p&gt;If you don't have one already, you'll need a ssh-key to connect to the git repo.&lt;/p&gt;
&lt;p&gt;On your computer, in a shell, as your usual user :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;ssh-keygen -t rsa -b 3072
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;ssh-keygen -t rsa -b 3072
Generating public/private rsa key pair.
Enter file in which to save the key &lt;span class="o"&gt;(&lt;/span&gt;/home/user/.ssh/id_rsa&lt;span class="o"&gt;)&lt;/span&gt;:
Enter passphrase &lt;span class="o"&gt;(&lt;/span&gt;empty &lt;span class="k"&gt;for&lt;/span&gt; no passphrase&lt;span class="o"&gt;)&lt;/span&gt;:
@ -231,7 +231,7 @@ The key fingerprint is:
&lt;p&gt;For security reasons, configuring a passphrase is recommended. On Mac OS X and most desktop environnements on Linux, you can store this passphrase for the duration of your session using the &lt;code&gt;ssh-add&lt;/code&gt; command, so you won't have to type it every time you want to connect to a host.&lt;/p&gt;
&lt;p&gt;On the server, we also have to create a ssh-key for the user that is running our webserver (you'll need to have sudo installed) :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;sudo -H -u www-data ssh-keygen -t rsa -b 3072
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;sudo -H -u www-data ssh-keygen -t rsa -b 3072
Generating public/private rsa key pair.
Enter file in which to save the key &lt;span class="o"&gt;(&lt;/span&gt;/var/www/.ssh/id_rsa&lt;span class="o"&gt;)&lt;/span&gt;:
Enter passphrase &lt;span class="o"&gt;(&lt;/span&gt;empty &lt;span class="k"&gt;for&lt;/span&gt; no passphrase&lt;span class="o"&gt;)&lt;/span&gt;:
@ -247,24 +247,24 @@ The key fingerprint is:
&lt;h2&gt;Server management&lt;/h2&gt;
&lt;p&gt;All of the commands in this section have to be run as root.&lt;/p&gt;
&lt;p&gt;First thing first, we have to install the git package on the server that will be hosting our git repos :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;apt update &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; apt install git -y
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;apt update &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; apt install git -y
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Then, we have to create a user named git :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;useradd -s /usr/bin/git-shell -m -r git
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;useradd -s /usr/bin/git-shell -m -r git
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;This will create a system user (UID &amp;lt; 1000) with a /home/git home directory. If you want to host your git repos somewhere else on your filesystem, you should add a &lt;code&gt;-d /home/directory/for/git&lt;/code&gt; in the previous command.&lt;/p&gt;
&lt;p&gt;This user will use the git-shell shell. This limits remote connection to that user to git commands (like the rssh shell can limit remote connection to a user to scp or rsync commands).&lt;/p&gt;
&lt;p&gt;We have to configure our system to allow the use of this shell :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s1"&gt;&amp;#39;/usr/bin/git-shell&amp;#39;&lt;/span&gt; &amp;gt;&amp;gt; /etc/shells
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s1"&gt;&amp;#39;/usr/bin/git-shell&amp;#39;&lt;/span&gt; &amp;gt;&amp;gt; /etc/shells
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;From this point, you should have to following output if you try to SSH to your server with that user :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;ssh git@git.captainark.net
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;ssh git@git.captainark.net
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have &lt;span class="nb"&gt;read&lt;/span&gt; and execute access.
Connection to git@git.captainark.net closed.
@ -272,33 +272,33 @@ Connection to git@git.captainark.net closed.
&lt;p&gt;We now need to create the .ssh/authorized_keys file for the git user with the correct permissions :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;sudo -H -u git mkdir /home/git/.ssh &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;700&lt;/span&gt; /home/git/.ssh
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;sudo -H -u git mkdir /home/git/.ssh &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;700&lt;/span&gt; /home/git/.ssh
sudo -H -u git touch /home/git/.ssh/authorized_keys &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;600&lt;/span&gt; /home/git/.ssh/authorized_keys
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;You can now copy/paste the content of the two &lt;code&gt;$HOME/.ssh/id_rsa.pub&lt;/code&gt; files we've created earlier using the &lt;code&gt;ssh-keygen&lt;/code&gt; command in &lt;code&gt;/home/git/.ssh/authorized_keys&lt;/code&gt;.&lt;/p&gt;
&lt;p&gt;The last thing we have to do is to create our first git repo. In this example, my project will be called 'captainarkdotnet' as it will be hosting this blog :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;sudo -H -u git mkdir /home/git/captainarkdotnet.git
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;sudo -H -u git mkdir /home/git/captainarkdotnet.git
&lt;span class="nb"&gt;cd&lt;/span&gt; /home/git/captainarkdotnet.git
sudo -H -u git git init --bare
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;The last command should give you the following output :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;Initialized empty Git repository in /home/git/captainarkdotnet.git/.git/
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;Initialized empty Git repository in /home/git/captainarkdotnet.git/.git/
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;We're done with the server configuration. Let's now actually push stuff to our repo !&lt;/p&gt;
&lt;h3&gt;Initial push&lt;/h3&gt;
&lt;p&gt;The files for my blog are store in the ~/Documents/projects/captainarkdotnet on my computer. Before doing anything else, we first have to make sure that we currently are in that folder :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="nb"&gt;cd&lt;/span&gt; ~/Documents/projects/captainarkdotnet
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="nb"&gt;cd&lt;/span&gt; ~/Documents/projects/captainarkdotnet
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Let's now push the content of that folder to our repo :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;git init
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;git init
git add .
git commit -m &lt;span class="s1"&gt;&amp;#39;initial commit&amp;#39;&lt;/span&gt;
git remote add origin git@git.captainark.net:captainarkdotnet.git
@ -308,7 +308,7 @@ git push origin master
&lt;p&gt;Please note that you'll need to edit &lt;strong&gt;git.captainark.net&lt;/strong&gt; to the FQDN or IP of your git server, and &lt;strong&gt;captainarkdotnet.git&lt;/strong&gt; to the name of the git project on your server.&lt;/p&gt;
&lt;p&gt;If everything went well, the last command should give you the following output :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;Counting objects: 69, &lt;span class="k"&gt;done&lt;/span&gt;.
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;Counting objects: 69, &lt;span class="k"&gt;done&lt;/span&gt;.
Delta compression using up to &lt;span class="m"&gt;4&lt;/span&gt; threads.
Compressing objects: 100% &lt;span class="o"&gt;(&lt;/span&gt;64/64&lt;span class="o"&gt;)&lt;/span&gt;, &lt;span class="k"&gt;done&lt;/span&gt;.
Writing objects: 100% &lt;span class="o"&gt;(&lt;/span&gt;69/69&lt;span class="o"&gt;)&lt;/span&gt;, 1.01 MiB &lt;span class="p"&gt;|&lt;/span&gt; &lt;span class="m"&gt;0&lt;/span&gt; bytes/s, &lt;span class="k"&gt;done&lt;/span&gt;.
@ -321,13 +321,13 @@ To git@git.captainark.net:captainarkdotnet.git
&lt;p&gt;That's it, we've now pushed our first commit to our server !&lt;/p&gt;
&lt;h2&gt;First pull&lt;/h2&gt;
&lt;p&gt;Alright, time to pull the files we've just pushed on our webserver. I personally store my web content in &lt;code&gt;/var/www&lt;/code&gt; ; if you don't, you'll have to adjust the path accordingly :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="nb"&gt;cd&lt;/span&gt; /var/www
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="nb"&gt;cd&lt;/span&gt; /var/www
sudo -H -u www-data git clone git@git.captainark.net:captainarkdotnet.git
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;SSH will ask you to type 'yes' since it's the first time the www-data user connects to the server. If everything goes well, you should have the following output :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;Cloning into &lt;span class="s1"&gt;&amp;#39;captainarkdotnet&amp;#39;&lt;/span&gt;...
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;Cloning into &lt;span class="s1"&gt;&amp;#39;captainarkdotnet&amp;#39;&lt;/span&gt;...
remote: Counting objects: 70, &lt;span class="k"&gt;done&lt;/span&gt;.
remote: Compressing objects: 100% &lt;span class="o"&gt;(&lt;/span&gt;65/65&lt;span class="o"&gt;)&lt;/span&gt;, &lt;span class="k"&gt;done&lt;/span&gt;.
remote: Total &lt;span class="m"&gt;70&lt;/span&gt; &lt;span class="o"&gt;(&lt;/span&gt;delta 16&lt;span class="o"&gt;)&lt;/span&gt;, reused &lt;span class="m"&gt;0&lt;/span&gt; &lt;span class="o"&gt;(&lt;/span&gt;delta 0&lt;span class="o"&gt;)&lt;/span&gt;
@ -354,7 +354,7 @@ Checking connectivity... &lt;span class="k"&gt;done&lt;/span&gt;.
&lt;h2&gt;The script&lt;/h2&gt;
&lt;p&gt;All of the following should be done as the root user.&lt;/p&gt;
&lt;p&gt;First, create a /etc/default/flexget file with the following content :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="c1"&gt;# Configuration file for /etc/init.d/flexget&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="c1"&gt;# Configuration file for /etc/init.d/flexget&lt;/span&gt;
&lt;span class="c1"&gt;# User to run flexget as.&lt;/span&gt;
&lt;span class="c1"&gt;# Daemon will not start if left empty.&lt;/span&gt;
@ -377,12 +377,12 @@ Checking connectivity... &lt;span class="k"&gt;done&lt;/span&gt;.
&lt;p&gt;Please note that the FGUSER variable needs to be defined for the daemon to start. It can be set to your current user, or you can run flexget as its own user.&lt;/p&gt;
&lt;p&gt;You can create a flexget user with the following command :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;useradd -m -d /var/lib/flexget -r -s /bin/false flexget
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;useradd -m -d /var/lib/flexget -r -s /bin/false flexget
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Then, create the /etc/init.d/flexget file :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="ch"&gt;#!/bin/bash&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="ch"&gt;#!/bin/bash&lt;/span&gt;
&lt;span class="c1"&gt;### BEGIN INIT INFO&lt;/span&gt;
&lt;span class="c1"&gt;# Provides: flexget&lt;/span&gt;
@ -402,10 +402,10 @@ Checking connectivity... &lt;span class="k"&gt;done&lt;/span&gt;.
&lt;span class="nv"&gt;NAME&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;flexget&amp;quot;&lt;/span&gt;
&lt;span class="nv"&gt;DAEMON&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;/usr/local/bin/flexget&amp;quot;&lt;/span&gt;
&lt;span class="nv"&gt;SETTINGS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;/etc/default/&lt;/span&gt;$&lt;span class="s2"&gt;NAME&amp;quot;&lt;/span&gt;
&lt;span class="nv"&gt;SETTINGS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;/etc/default/&lt;/span&gt;&lt;span class="nv"&gt;$NAME&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;
&lt;span class="nv"&gt;DESC&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;Flexget&amp;quot;&lt;/span&gt;
&lt;span class="nv"&gt;PIDFILE&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;/var/run/&lt;/span&gt;$&lt;span class="s2"&gt;NAME.pid&amp;quot;&lt;/span&gt;
&lt;span class="nv"&gt;PIDFILE&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;/var/run/&lt;/span&gt;&lt;span class="nv"&gt;$NAME&lt;/span&gt;&lt;span class="s2"&gt;.pid&amp;quot;&lt;/span&gt;
&lt;span class="nb"&gt;set&lt;/span&gt; -e
@ -414,36 +414,36 @@ Checking connectivity... &lt;span class="k"&gt;done&lt;/span&gt;.
&lt;span class="nb"&gt;unset&lt;/span&gt; FGUSER CONFIG LOG LEVEL
&lt;span class="c1"&gt;# Exit if flexget not installed&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; ! -x &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DAE&lt;/span&gt;&lt;span class="s2"&gt;MON&amp;quot;&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DE&lt;/span&gt;&lt;span class="s2"&gt;SC: Could not find flexget executable. Exiting.&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; ! -x &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DAEMON&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DESC&lt;/span&gt;&lt;span class="s2"&gt;: Could not find flexget executable. Exiting.&amp;quot;&lt;/span&gt;
&lt;span class="nb"&gt;exit&lt;/span&gt; 2
&lt;span class="k"&gt;fi&lt;/span&gt;
&lt;span class="c1"&gt;# Read configuration variables&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -r /etc/default/$NAME &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
. /etc/default/$NAME
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -r /etc/default/&lt;span class="nv"&gt;$NAME&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
. /etc/default/&lt;span class="nv"&gt;$NAME&lt;/span&gt;
&lt;span class="k"&gt;else&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DE&lt;/span&gt;&lt;span class="s2"&gt;SC: /etc/default/&lt;/span&gt;$&lt;span class="s2"&gt;NAME not found. Exiting.&amp;quot;&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DESC&lt;/span&gt;&lt;span class="s2"&gt;: /etc/default/&lt;/span&gt;&lt;span class="nv"&gt;$NAME&lt;/span&gt;&lt;span class="s2"&gt; not found. Exiting.&amp;quot;&lt;/span&gt;
&lt;span class="nb"&gt;exit&lt;/span&gt; 2
&lt;span class="k"&gt;fi&lt;/span&gt;
&lt;span class="c1"&gt;# Exit if FGUSER has not been set in /etc/default/flexget&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -z &lt;span class="nv"&gt;$F&lt;/span&gt;GUSER &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DE&lt;/span&gt;&lt;span class="s2"&gt;SC: FGUSER not set in /etc/default/&lt;/span&gt;$&lt;span class="s2"&gt;NAME. Exiting.&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -z &lt;span class="nv"&gt;$FGUSER&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DESC&lt;/span&gt;&lt;span class="s2"&gt;: FGUSER not set in /etc/default/&lt;/span&gt;&lt;span class="nv"&gt;$NAME&lt;/span&gt;&lt;span class="s2"&gt;. Exiting.&amp;quot;&lt;/span&gt;
&lt;span class="nb"&gt;exit&lt;/span&gt; 2
&lt;span class="k"&gt;fi&lt;/span&gt;
&lt;span class="c1"&gt;# Function to verify if flexget is already running&lt;/span&gt;
run_check&lt;span class="o"&gt;()&lt;/span&gt; &lt;span class="o"&gt;{&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -e $PIDFILE &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
status_of_proc -p $PIDFILE &lt;span class="nv"&gt;$DAE&lt;/span&gt;MON $NAME &amp;gt; /dev/null &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; &lt;span class="nv"&gt;RETVAL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="m"&gt;0&lt;/span&gt; &lt;span class="o"&gt;||&lt;/span&gt; &lt;span class="nv"&gt;RETVAL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$?&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -e &lt;span class="nv"&gt;$PIDFILE&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
status_of_proc -p &lt;span class="nv"&gt;$PIDFILE&lt;/span&gt; &lt;span class="nv"&gt;$DAEMON&lt;/span&gt; &lt;span class="nv"&gt;$NAME&lt;/span&gt; &amp;gt; /dev/null &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; &lt;span class="nv"&gt;RETVAL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="m"&gt;0&lt;/span&gt; &lt;span class="o"&gt;||&lt;/span&gt; &lt;span class="nv"&gt;RETVAL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$?&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;else&lt;/span&gt;
&lt;span class="nv"&gt;RETVAL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;2&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;fi&lt;/span&gt;
&lt;span class="o"&gt;}&lt;/span&gt;
end_log&lt;span class="o"&gt;()&lt;/span&gt; &lt;span class="o"&gt;{&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; $RETVAL -eq &lt;span class="m"&gt;0&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; &lt;span class="nv"&gt;$RETVAL&lt;/span&gt; -eq &lt;span class="m"&gt;0&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
log_end_msg 0
&lt;span class="k"&gt;return&lt;/span&gt; 0
&lt;span class="k"&gt;else&lt;/span&gt;
@ -454,39 +454,39 @@ end_log&lt;span class="o"&gt;()&lt;/span&gt; &lt;span class="o"&gt;{&lt;/span&gt
&lt;span class="c1"&gt;# Function to define config file, log file and log level&lt;/span&gt;
conf_check&lt;span class="o"&gt;()&lt;/span&gt; &lt;span class="o"&gt;{&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -z &lt;span class="nv"&gt;$C&lt;/span&gt;ONFIG &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
&lt;span class="nv"&gt;OPTIONS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;$&lt;span class="s2"&gt;OPTIONS&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -z &lt;span class="nv"&gt;$CONFIG&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
&lt;span class="nv"&gt;OPTIONS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$OPTIONS&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;else&lt;/span&gt;
&lt;span class="nv"&gt;OPTIONS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;-c &lt;/span&gt;&lt;span class="nv"&gt;$C&lt;/span&gt;&lt;span class="s2"&gt;ONFIG&amp;quot;&lt;/span&gt;
&lt;span class="nv"&gt;OPTIONS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;-c &lt;/span&gt;&lt;span class="nv"&gt;$CONFIG&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;fi&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -z $LOG &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
&lt;span class="nv"&gt;OPTIONS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;$&lt;span class="s2"&gt;OPTIONS&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -z &lt;span class="nv"&gt;$LOG&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
&lt;span class="nv"&gt;OPTIONS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$OPTIONS&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;else&lt;/span&gt;
&lt;span class="nv"&gt;OPTIONS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;$&lt;span class="s2"&gt;OPTIONS -l &lt;/span&gt;$&lt;span class="s2"&gt;LOG/flexget.log&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; ! -d $LOG &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
mkdir -p -m &lt;span class="m"&gt;750&lt;/span&gt; $LOG
chown &lt;span class="nv"&gt;$F&lt;/span&gt;GUSER $LOG
&lt;span class="nv"&gt;OPTIONS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$OPTIONS&lt;/span&gt;&lt;span class="s2"&gt; -l &lt;/span&gt;&lt;span class="nv"&gt;$LOG&lt;/span&gt;&lt;span class="s2"&gt;/flexget.log&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; ! -d &lt;span class="nv"&gt;$LOG&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
mkdir -p -m &lt;span class="m"&gt;750&lt;/span&gt; &lt;span class="nv"&gt;$LOG&lt;/span&gt;
chown &lt;span class="nv"&gt;$FGUSER&lt;/span&gt; &lt;span class="nv"&gt;$LOG&lt;/span&gt;
&lt;span class="k"&gt;fi&lt;/span&gt;
&lt;span class="k"&gt;fi&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -z $LEVEL &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
&lt;span class="nv"&gt;OPTIONS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;$&lt;span class="s2"&gt;OPTIONS&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; -z &lt;span class="nv"&gt;$LEVEL&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
&lt;span class="nv"&gt;OPTIONS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$OPTIONS&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;else&lt;/span&gt;
&lt;span class="nv"&gt;OPTIONS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;$&lt;span class="s2"&gt;OPTIONS -L &lt;/span&gt;$&lt;span class="s2"&gt;LEVEL&amp;quot;&lt;/span&gt;
&lt;span class="nv"&gt;OPTIONS&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$OPTIONS&lt;/span&gt;&lt;span class="s2"&gt; -L &lt;/span&gt;&lt;span class="nv"&gt;$LEVEL&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;fi&lt;/span&gt;
&lt;span class="o"&gt;}&lt;/span&gt;
start_flexget&lt;span class="o"&gt;()&lt;/span&gt; &lt;span class="o"&gt;{&lt;/span&gt;
run_check
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; $&lt;span class="nv"&gt;RETVAL&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="m"&gt;0&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DE&lt;/span&gt;&lt;span class="s2"&gt;SC: Already running with PID &lt;/span&gt;&lt;span class="k"&gt;$(&lt;/span&gt;cat $PIDFILE&lt;span class="k"&gt;)&lt;/span&gt;&lt;span class="s2"&gt;. Aborting.&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; &lt;span class="nv"&gt;$RETVAL&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="m"&gt;0&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DESC&lt;/span&gt;&lt;span class="s2"&gt;: Already running with PID &lt;/span&gt;&lt;span class="k"&gt;$(&lt;/span&gt;cat &lt;span class="nv"&gt;$PIDFILE&lt;/span&gt;&lt;span class="k"&gt;)&lt;/span&gt;&lt;span class="s2"&gt;. Aborting.&amp;quot;&lt;/span&gt;
&lt;span class="nb"&gt;exit&lt;/span&gt; 2
&lt;span class="k"&gt;else&lt;/span&gt;
conf_check
log_daemon_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DE&lt;/span&gt;&lt;span class="s2"&gt;SC: Starting the daemon.&amp;quot;&lt;/span&gt;
start-stop-daemon --start --background --quiet --pidfile $PIDFILE --make-pidfile &lt;span class="se"&gt;\&lt;/span&gt;
--chuid &lt;span class="nv"&gt;$F&lt;/span&gt;GUSER --user &lt;span class="nv"&gt;$F&lt;/span&gt;GUSER --exec &lt;span class="nv"&gt;$DAE&lt;/span&gt;MON -- $OPTIONS daemon start
log_daemon_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DESC&lt;/span&gt;&lt;span class="s2"&gt;: Starting the daemon.&amp;quot;&lt;/span&gt;
start-stop-daemon --start --background --quiet --pidfile &lt;span class="nv"&gt;$PIDFILE&lt;/span&gt; --make-pidfile &lt;span class="se"&gt;\&lt;/span&gt;
--chuid &lt;span class="nv"&gt;$FGUSER&lt;/span&gt; --user &lt;span class="nv"&gt;$FGUSER&lt;/span&gt; --exec &lt;span class="nv"&gt;$DAEMON&lt;/span&gt; -- &lt;span class="nv"&gt;$OPTIONS&lt;/span&gt; daemon start
&lt;span class="nv"&gt;RETVAL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nv"&gt;$?&lt;/span&gt;
end_log
&lt;span class="k"&gt;fi&lt;/span&gt;
@ -494,26 +494,26 @@ start_flexget&lt;span class="o"&gt;()&lt;/span&gt; &lt;span class="o"&gt;{&lt;/s
stop_flexget&lt;span class="o"&gt;()&lt;/span&gt; &lt;span class="o"&gt;{&lt;/span&gt;
run_check
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; $&lt;span class="nv"&gt;RETVAL&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="m"&gt;0&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
log_daemon_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DE&lt;/span&gt;&lt;span class="s2"&gt;SC: Stopping the daemon.&amp;quot;&lt;/span&gt;
start-stop-daemon --stop --quiet --chuid &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$F&lt;/span&gt;&lt;span class="s2"&gt;GUSER&amp;quot;&lt;/span&gt; --pidfile &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;$&lt;span class="s2"&gt;PIDFILE&amp;quot;&lt;/span&gt; --retry 30
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; &lt;span class="nv"&gt;$RETVAL&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="m"&gt;0&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
log_daemon_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DESC&lt;/span&gt;&lt;span class="s2"&gt;: Stopping the daemon.&amp;quot;&lt;/span&gt;
start-stop-daemon --stop --quiet --chuid &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$FGUSER&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt; --pidfile &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$PIDFILE&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt; --retry 30
&lt;span class="nv"&gt;RETVAL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nv"&gt;$?&lt;/span&gt;
&lt;span class="o"&gt;[&lt;/span&gt; -e &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;$&lt;span class="s2"&gt;PIDFILE&amp;quot;&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt; &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; rm -f &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;$&lt;span class="s2"&gt;PIDFILE&amp;quot;&lt;/span&gt;
&lt;span class="o"&gt;[&lt;/span&gt; -e &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$PIDFILE&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt; &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; rm -f &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$PIDFILE&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;
end_log
&lt;span class="k"&gt;else&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DE&lt;/span&gt;&lt;span class="s2"&gt;SC: Not currently running. Aborting.&amp;quot;&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DESC&lt;/span&gt;&lt;span class="s2"&gt;: Not currently running. Aborting.&amp;quot;&lt;/span&gt;
&lt;span class="nb"&gt;exit&lt;/span&gt; 2
&lt;span class="k"&gt;fi&lt;/span&gt;
&lt;span class="o"&gt;}&lt;/span&gt;
status_flexget&lt;span class="o"&gt;()&lt;/span&gt; &lt;span class="o"&gt;{&lt;/span&gt;
run_check
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; $&lt;span class="nv"&gt;RETVAL&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="m"&gt;0&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DE&lt;/span&gt;&lt;span class="s2"&gt;SC: Currently running with PID &lt;/span&gt;&lt;span class="k"&gt;$(&lt;/span&gt;cat $PIDFILE&lt;span class="k"&gt;)&lt;/span&gt;&lt;span class="s2"&gt;.&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; &lt;span class="nv"&gt;$RETVAL&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="m"&gt;0&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DESC&lt;/span&gt;&lt;span class="s2"&gt;: Currently running with PID &lt;/span&gt;&lt;span class="k"&gt;$(&lt;/span&gt;cat &lt;span class="nv"&gt;$PIDFILE&lt;/span&gt;&lt;span class="k"&gt;)&lt;/span&gt;&lt;span class="s2"&gt;.&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;else&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DE&lt;/span&gt;&lt;span class="s2"&gt;SC: Not currently running.&amp;quot;&lt;/span&gt;
log_action_msg &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$DESC&lt;/span&gt;&lt;span class="s2"&gt;: Not currently running.&amp;quot;&lt;/span&gt;
&lt;span class="k"&gt;fi&lt;/span&gt;
&lt;span class="nb"&gt;exit&lt;/span&gt; $RETVAL
&lt;span class="nb"&gt;exit&lt;/span&gt; &lt;span class="nv"&gt;$RETVAL&lt;/span&gt;
&lt;span class="o"&gt;}&lt;/span&gt;
&lt;span class="k"&gt;case&lt;/span&gt; &lt;span class="s2"&gt;&amp;quot;&lt;/span&gt;&lt;span class="nv"&gt;$1&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&lt;/span&gt; in
@ -539,38 +539,38 @@ status_flexget&lt;span class="o"&gt;()&lt;/span&gt; &lt;span class="o"&gt;{&lt;/
&lt;p&gt;Then, give execution rights to the script :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;chmod +x /etc/init.d/flexget
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;chmod +x /etc/init.d/flexget
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;And then, generate the necessary symlinks for the service to start on boot :&lt;/p&gt;
&lt;p&gt;&lt;em&gt;Debian Jessie&lt;/em&gt;&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;systemctl &lt;span class="nb"&gt;enable&lt;/span&gt; flexget
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;systemctl &lt;span class="nb"&gt;enable&lt;/span&gt; flexget
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;&lt;em&gt;Debian Wheezy&lt;/em&gt;&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;insserv flexget
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;insserv flexget
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;To start, stop or check if the daemon is running :&lt;/p&gt;
&lt;p&gt;&lt;em&gt;Debian Jessie&lt;/em&gt;&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;systemctl start flexget
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;systemctl start flexget
systemctl stop flexget
systemctl status flexget
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;&lt;em&gt;Debian Wheezy / Jessie&lt;/em&gt;&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;service flexget start
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;service flexget start
service flexget stop
service flexget status
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;&lt;em&gt;Debian Wheezy&lt;/em&gt;&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;/etc/init.d/flexget start
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;/etc/init.d/flexget start
/etc/init.d/flexget stop
/etc/init.d/flexget status
&lt;/pre&gt;&lt;/div&gt;
@ -599,7 +599,7 @@ service flexget status
&lt;h2&gt;Initial configuration&lt;/h2&gt;
&lt;h3&gt;Installing the required packages&lt;/h3&gt;
&lt;p&gt;First thing first, we need to install the packages we'll need for this configuration :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;apt update
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;apt update
apt install mysql-server mysql-client postfix postfix-mysql &lt;span class="se"&gt;\&lt;/span&gt;
postfix-policyd-spf-python dovecot-core dovecot-imapd dovecot-lmtpd &lt;span class="se"&gt;\&lt;/span&gt;
@ -614,7 +614,7 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
&lt;p&gt;The PTR records on your server's IPv4 and/or IPv6 should match your server's FQDN (a &lt;code&gt;dig -x&lt;/code&gt; on your server's IP should match a &lt;code&gt;hostname -f&lt;/code&gt; on your server).&lt;/p&gt;
&lt;p&gt;You'll have to open the following TCP ports on your server for this configuration to work : 25, 465, 587 and 993.&lt;/p&gt;
&lt;p&gt;If you don't want to have to remember the root user MySQL password, you can create a .my.cnf file in your current user home directory containing the following lines :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="o"&gt;[&lt;/span&gt;client&lt;span class="o"&gt;]&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="o"&gt;[&lt;/span&gt;client&lt;span class="o"&gt;]&lt;/span&gt;
&lt;span class="nv"&gt;host&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; localhost
&lt;span class="nv"&gt;user&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; root
&lt;span class="nv"&gt;password&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; myverysecurepassword
@ -623,18 +623,18 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
&lt;p&gt;Once it has been created, change the permissions on the file to make sure no other user can read it :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;chmod &lt;span class="m"&gt;600&lt;/span&gt; ~/.my.cnf
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;chmod &lt;span class="m"&gt;600&lt;/span&gt; ~/.my.cnf
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;I also like to change the default MySQL shell to see what database I'm using at any given time. Since I use bash, I achieve this the following way :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s1"&gt;&amp;#39;export MYSQL_PS1=&amp;quot;[\u@\h] (\d)&amp;gt; &amp;quot;&amp;#39;&lt;/span&gt; &amp;gt; ~/.bash_aliases
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s1"&gt;&amp;#39;export MYSQL_PS1=&amp;quot;[\u@\h] (\d)&amp;gt; &amp;quot;&amp;#39;&lt;/span&gt; &amp;gt; ~/.bash_aliases
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;You'll have to logout from the current shell for the modification to be taken into account (if you're using SSH, log out and back into your server).&lt;/p&gt;
&lt;p&gt;You should now be able to log into MySQL without specifying a password, and it should look like this :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;:~$ mysql mysql
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;:~$ mysql mysql
&lt;span class="o"&gt;[&lt;/span&gt;...&lt;span class="o"&gt;]&lt;/span&gt;
&lt;span class="o"&gt;[&lt;/span&gt;root@localhost&lt;span class="o"&gt;]&lt;/span&gt; &lt;span class="o"&gt;(&lt;/span&gt;mysql&lt;span class="o"&gt;)&lt;/span&gt;&amp;gt;
&lt;/pre&gt;&lt;/div&gt;
@ -644,23 +644,23 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
&lt;h3&gt;Initial configuration&lt;/h3&gt;
&lt;p&gt;We now need to configure the MySQL database Postfix and Dovecot will be using. In this tutorial, we'll be calling it "mail", but you can name it whatever you want.&lt;/p&gt;
&lt;p&gt;First, in a mysql shell, let's create the MySQL database :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="k"&gt;CREATE&lt;/span&gt; &lt;span class="k"&gt;DATABASE&lt;/span&gt; &lt;span class="n"&gt;mail&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="k"&gt;CREATE&lt;/span&gt; &lt;span class="k"&gt;DATABASE&lt;/span&gt; &lt;span class="n"&gt;mail&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Now, we are going to create the user that Postfix and Dovecot will be using to access the database. We will only be granting this user select permission :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="k"&gt;GRANT&lt;/span&gt; &lt;span class="k"&gt;SELECT&lt;/span&gt; &lt;span class="k"&gt;ON&lt;/span&gt; &lt;span class="n"&gt;mail&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="o"&gt;*&lt;/span&gt; &lt;span class="k"&gt;TO&lt;/span&gt; &lt;span class="s1"&gt;&amp;#39;mail&amp;#39;&lt;/span&gt;&lt;span class="o"&gt;@&lt;/span&gt;&lt;span class="s1"&gt;&amp;#39;localhost&amp;#39;&lt;/span&gt; &lt;span class="n"&gt;IDENTIFIED&lt;/span&gt; &lt;span class="k"&gt;BY&lt;/span&gt; &lt;span class="s1"&gt;&amp;#39;mailpassword&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="k"&gt;GRANT&lt;/span&gt; &lt;span class="k"&gt;SELECT&lt;/span&gt; &lt;span class="k"&gt;ON&lt;/span&gt; &lt;span class="n"&gt;mail&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="o"&gt;*&lt;/span&gt; &lt;span class="k"&gt;TO&lt;/span&gt; &lt;span class="s1"&gt;&amp;#39;mail&amp;#39;&lt;/span&gt;&lt;span class="o"&gt;@&lt;/span&gt;&lt;span class="s1"&gt;&amp;#39;localhost&amp;#39;&lt;/span&gt; &lt;span class="n"&gt;IDENTIFIED&lt;/span&gt; &lt;span class="k"&gt;BY&lt;/span&gt; &lt;span class="s1"&gt;&amp;#39;mailpassword&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="n"&gt;FLUSH&lt;/span&gt; &lt;span class="k"&gt;PRIVILEGES&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;We are now going to create the necessary tables for our needs. Let's first use the mail database :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="n"&gt;USE&lt;/span&gt; &lt;span class="n"&gt;mail&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="n"&gt;USE&lt;/span&gt; &lt;span class="n"&gt;mail&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;The first table we are going to create will contain the domains we will be using with our mail server :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="k"&gt;CREATE&lt;/span&gt; &lt;span class="k"&gt;TABLE&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;virtual_domains&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="k"&gt;CREATE&lt;/span&gt; &lt;span class="k"&gt;TABLE&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;virtual_domains&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;
&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;id&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="nb"&gt;INT&lt;/span&gt; &lt;span class="k"&gt;NOT&lt;/span&gt; &lt;span class="k"&gt;NULL&lt;/span&gt; &lt;span class="n"&gt;AUTO_INCREMENT&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;name&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="nb"&gt;VARCHAR&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;50&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;NOT&lt;/span&gt; &lt;span class="k"&gt;NULL&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;span class="k"&gt;PRIMARY&lt;/span&gt; &lt;span class="k"&gt;KEY&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;id&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
@ -669,7 +669,7 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
&lt;p&gt;Then, we are going to create the table that will contain our users and their password :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="k"&gt;CREATE&lt;/span&gt; &lt;span class="k"&gt;TABLE&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;virtual_users&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="k"&gt;CREATE&lt;/span&gt; &lt;span class="k"&gt;TABLE&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;virtual_users&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;
&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;id&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="nb"&gt;INT&lt;/span&gt; &lt;span class="k"&gt;NOT&lt;/span&gt; &lt;span class="k"&gt;NULL&lt;/span&gt; &lt;span class="n"&gt;AUTO_INCREMENT&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;domain_id&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="nb"&gt;INT&lt;/span&gt; &lt;span class="k"&gt;NOT&lt;/span&gt; &lt;span class="k"&gt;NULL&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;password&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="nb"&gt;VARCHAR&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;106&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;NOT&lt;/span&gt; &lt;span class="k"&gt;NULL&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
@ -682,7 +682,7 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
&lt;p&gt;Finally, the last table we are going to create will contain our mail aliases :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="k"&gt;CREATE&lt;/span&gt; &lt;span class="k"&gt;TABLE&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;virtual_aliases&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="k"&gt;CREATE&lt;/span&gt; &lt;span class="k"&gt;TABLE&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;virtual_aliases&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;
&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;id&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="nb"&gt;INT&lt;/span&gt; &lt;span class="k"&gt;NOT&lt;/span&gt; &lt;span class="k"&gt;NULL&lt;/span&gt; &lt;span class="n"&gt;AUTO_INCREMENT&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;domain_id&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="nb"&gt;INT&lt;/span&gt; &lt;span class="k"&gt;NOT&lt;/span&gt; &lt;span class="k"&gt;NULL&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="k"&gt;source&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="nb"&gt;varchar&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;100&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;NOT&lt;/span&gt; &lt;span class="k"&gt;NULL&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
@ -696,19 +696,19 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
&lt;h3&gt;Domains, users and aliases management&lt;/h3&gt;
&lt;p&gt;We are now going to add data to the tables we have created.&lt;/p&gt;
&lt;p&gt;First, let's add a domain to the virtual_domains table :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="k"&gt;INSERT&lt;/span&gt; &lt;span class="k"&gt;INTO&lt;/span&gt; &lt;span class="n"&gt;virtual_domains&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;name&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;VALUES&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;&amp;#39;captainark.net&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="k"&gt;INSERT&lt;/span&gt; &lt;span class="k"&gt;INTO&lt;/span&gt; &lt;span class="n"&gt;virtual_domains&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;name&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;VALUES&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;&amp;#39;captainark.net&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;We can now create users associated with this domain in the virtual_users table :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="k"&gt;INSERT&lt;/span&gt; &lt;span class="k"&gt;INTO&lt;/span&gt; &lt;span class="n"&gt;virtual_users&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;domain_id&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;password&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;email&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;VALUES&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="k"&gt;INSERT&lt;/span&gt; &lt;span class="k"&gt;INTO&lt;/span&gt; &lt;span class="n"&gt;virtual_users&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;domain_id&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;password&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt; &lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;email&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;VALUES&lt;/span&gt;
&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;&amp;#39;1&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;ENCRYPT&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;&amp;#39;notanactualpassword&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;CONCAT&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;&amp;#39;$6$&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="k"&gt;SUBSTRING&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;SHA&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;RAND&lt;/span&gt;&lt;span class="p"&gt;()),&lt;/span&gt; &lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="mi"&gt;16&lt;/span&gt;&lt;span class="p"&gt;))),&lt;/span&gt;
&lt;span class="s1"&gt;&amp;#39;example@captainark.net&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;This is not mandatory, but we can also create our first mail alias :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="k"&gt;INSERT&lt;/span&gt; &lt;span class="k"&gt;INTO&lt;/span&gt; &lt;span class="n"&gt;virtual_aliases&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;domain_id&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="k"&gt;source&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;destination&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;VALUES&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="k"&gt;INSERT&lt;/span&gt; &lt;span class="k"&gt;INTO&lt;/span&gt; &lt;span class="n"&gt;virtual_aliases&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;domain_id&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="k"&gt;source&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="n"&gt;destination&lt;/span&gt;&lt;span class="o"&gt;`&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;VALUES&lt;/span&gt;
&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;&amp;#39;1&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s1"&gt;&amp;#39;alias@captainark.net&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s1"&gt;&amp;#39;example@captainark.net&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;/pre&gt;&lt;/div&gt;
@ -719,21 +719,21 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
&lt;p&gt;Next, we are going to configure &lt;a href="http://www.postfix.org/"&gt;Postfix&lt;/a&gt;.&lt;/p&gt;
&lt;h3&gt;Configuration backup&lt;/h3&gt;
&lt;p&gt;First, let's backup the original configuration files :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;cp /etc/postfix/main.cf /etc/postfix/main.cf.orig
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;cp /etc/postfix/main.cf /etc/postfix/main.cf.orig
cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
&lt;/pre&gt;&lt;/div&gt;
&lt;h3&gt;User and group creation&lt;/h3&gt;
&lt;p&gt;We are now going to create a user and group called vmail that will be used by both Postfix and Dovecot :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;groupadd -g &lt;span class="m"&gt;5000&lt;/span&gt; vmail
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;groupadd -g &lt;span class="m"&gt;5000&lt;/span&gt; vmail
useradd -g vmail -u &lt;span class="m"&gt;5000&lt;/span&gt; vmail -d /var/mail -m -s /bin/false
&lt;/pre&gt;&lt;/div&gt;
&lt;h3&gt;SSL certificates&lt;/h3&gt;
&lt;p&gt;Next, we are going to create the folder where we will store the SSL certificates :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mkdir /etc/postfix/ssl
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mkdir /etc/postfix/ssl
chown root: /etc/postfix/ssl &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;600&lt;/span&gt; /etc/postfix/ssl
&lt;/pre&gt;&lt;/div&gt;
@ -741,32 +741,32 @@ chown root: /etc/postfix/ssl &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&g
&lt;p&gt;Purists will probably want to store their certificates in /etc/ssl/private. If you choose to do so, you'll have to adapt the path of those files for the remainder of this tutorial.&lt;/p&gt;
&lt;p&gt;If you've decided to create a certificate with StartSSL, you'll end up with two files, a .crt and a .key. I'll name those files server.crt and server-with-passphrase.key. Put both these files in the folder we've just created.&lt;/p&gt;
&lt;p&gt;Now, let's remove the passphrase from the key :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="nb"&gt;cd&lt;/span&gt; /etc/postfix/ssl
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="nb"&gt;cd&lt;/span&gt; /etc/postfix/ssl
openssl rsa -in server-with-passphrase.key -out server.key
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;You'll be prompted for the passphrase you chose during the certificate generation.&lt;/p&gt;
&lt;p&gt;Next, we have to download the appropriate intermediate certificate :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;wget -O /etc/postfix/ssl/sub.class1.server.ca.pem &lt;span class="se"&gt;\&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;wget -O /etc/postfix/ssl/sub.class1.server.ca.pem &lt;span class="se"&gt;\&lt;/span&gt;
http://www.startssl.com/certs/sub.class1.server.ca.pem
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;We now have to make sure that the permissions on those files are correct :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;chown root: /etc/postfix/ssl/* &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;600&lt;/span&gt; /etc/postfix/ssl/*
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;chown root: /etc/postfix/ssl/* &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;600&lt;/span&gt; /etc/postfix/ssl/*
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;The last thing we have to do here is to generate Diffie-Hellman keys for Perfect Forward Secrecy (PFS) :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;openssl gendh -out /etc/postfix/dh_512.pem -2 512
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;openssl gendh -out /etc/postfix/dh_512.pem -2 512
openssl gendh -out /etc/postfix/dh_1024.pem -2 1024
&lt;/pre&gt;&lt;/div&gt;
&lt;h3&gt;Postifx configuration&lt;/h3&gt;
&lt;p&gt;First, let's edit the /etc/postfix/main.cf file. It should end up looking something like that :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;smtpd_banner = &lt;span class="nv"&gt;$myhostname&lt;/span&gt; ESMTP &lt;span class="nv"&gt;$mail_name&lt;/span&gt; (Debian/GNU)
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;smtpd_banner = &lt;span class="nv"&gt;$myhostname&lt;/span&gt; ESMTP &lt;span class="nv"&gt;$mail_name&lt;/span&gt; (Debian/GNU)
biff = no
broken_sasl_auth_clients = yes
@ -855,7 +855,7 @@ virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
&lt;p&gt;The variable "myhostname" has to be defined to you server's FQDN. The file /etc/mailname should contain your server's FQDN as well.&lt;/p&gt;
&lt;p&gt;Next, we need to edit the /etc/postfix/master.cf file. You need to uncomment the following lines :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;submission inet n - - - - smtpd
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o tls_preempt_cipherlist=yes
@ -871,7 +871,7 @@ smtps inet n - - - - smtpd
&lt;p&gt;You also have to add the following lines at the end of the file :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;dovecot unix - n n - - pipe
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f &lt;span class="cp"&gt;${&lt;/span&gt;&lt;span class="n"&gt;sender&lt;/span&gt;&lt;span class="cp"&gt;}&lt;/span&gt; -d &lt;span class="cp"&gt;${&lt;/span&gt;&lt;span class="n"&gt;recipient&lt;/span&gt;&lt;span class="cp"&gt;}&lt;/span&gt;
&lt;/pre&gt;&lt;/div&gt;
@ -879,7 +879,7 @@ smtps inet n - - - - smtpd
&lt;h3&gt;MySQL access for Postfix&lt;/h3&gt;
&lt;p&gt;We now need to allow Postfix to connect to the MySQL database we have created earlier. To that end, we must create three files.&lt;/p&gt;
&lt;p&gt;/etc/postfix/mysql-virtual-mailbox-domains.cf should contain the following lines :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;user = mail
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;user = mail
password = mailpassword
hosts = 127.0.0.1
dbname = mail
@ -888,7 +888,7 @@ query = SELECT 1 FROM virtual_domains WHERE name=&amp;#39;%s&amp;#39;
&lt;p&gt;/etc/postfix/mysql-virtual-mailbox-maps.cf should contain the following lines :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;user = mail
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;user = mail
password = mailpassword
hosts = 127.0.0.1
dbname = mail
@ -897,7 +897,7 @@ query = SELECT 1 FROM virtual_users WHERE email=&amp;#39;%s&amp;#39;
&lt;p&gt;/etc/postfix/mysql-virtual-alias-maps.cf should contain the following lines :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;user = mail
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;user = mail
password = mailpassword
hosts = 127.0.0.1
dbname = mail
@ -906,12 +906,12 @@ query = SELECT destination FROM virtual_aliases WHERE source=&amp;#39;%s&amp;#39
&lt;p&gt;Since these files contain a password, let's make sure they are not world-readable :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;chown root: /etc/postfix/mysql* &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;600&lt;/span&gt; /etc/postfix/mysql*
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;chown root: /etc/postfix/mysql* &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;600&lt;/span&gt; /etc/postfix/mysql*
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;You can use the command postmap to confirm that everything is working properly :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;postmap -q captainark.net mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;postmap -q captainark.net mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
postmap -q example@captainark.net mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
@ -920,7 +920,7 @@ postmap -q alias@captainark.net mysql:/etc/postfix/mysql-virtual-alias-maps.cf
&lt;p&gt;Let's restart postfix for our modifications to be taken into account :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;systemctl restart postfix
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;systemctl restart postfix
&lt;/pre&gt;&lt;/div&gt;
@ -929,12 +929,12 @@ postmap -q alias@captainark.net mysql:/etc/postfix/mysql-virtual-alias-maps.cf
&lt;h3&gt;Dovecot global configuration&lt;/h3&gt;
&lt;p&gt;By default, on Debian, &lt;a href="http://www.dovecot.org/"&gt;Dovecot&lt;/a&gt; uses multiple configuration files in /etc/dovecot/conf.d. I found it annoying to maintain, and I ended up only using the /etc/doveconf.conf file.&lt;/p&gt;
&lt;p&gt;As always, let's start by backing up the original configuration file :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Next, we are going to create a new /etc/dovecot/dovecot.conf file. It should contain the following lines :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="sx"&gt;!include_try /usr/share/dovecot/protocols.d/*.protocol&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="sx"&gt;!include_try /usr/share/dovecot/protocols.d/*.protocol&lt;/span&gt;
&lt;span class="n"&gt;protocols&lt;/span&gt; &lt;span class="p"&gt;=&lt;/span&gt; &lt;span class="n"&gt;imap&lt;/span&gt; &lt;span class="n"&gt;lmtp&lt;/span&gt; &lt;span class="n"&gt;sieve&lt;/span&gt;
&lt;span class="n"&gt;mail_location&lt;/span&gt; &lt;span class="p"&gt;=&lt;/span&gt; &lt;span class="n"&gt;maildir&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;var&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;mail&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="c"&gt;%d/%n&lt;/span&gt;
@ -1071,7 +1071,7 @@ postmap -q alias@captainark.net mysql:/etc/postfix/mysql-virtual-alias-maps.cf
&lt;p&gt;Dovecot will use the same SSL certificate as Postfix.&lt;/p&gt;
&lt;p&gt;Using this configuration, your virtual users' emails will be stored in /var/mail/$domain/$user/ and will be owned by the vmail user.&lt;/p&gt;
&lt;p&gt;For this to work, we have to create the domain folder :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mkdir -p /var/mail/captainark.net
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mkdir -p /var/mail/captainark.net
chown vmail: /var/mail/captainark.net &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;770&lt;/span&gt; /var/mail/captainark.net
&lt;/pre&gt;&lt;/div&gt;
@ -1079,7 +1079,7 @@ chown vmail: /var/mail/captainark.net &lt;span class="o"&gt;&amp;amp;&amp;amp;&l
&lt;p&gt;Dovecot will create the virtual users' folders automatically.&lt;/p&gt;
&lt;h3&gt;Dovecot access to the MySQL database&lt;/h3&gt;
&lt;p&gt;We now need to allow Dovecot to connect to the mail database we have populated earlier. To do so, we are going to create a /etc/dovecot/sql.conf file with the following content :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;driver = mysql
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;driver = mysql
connect = host=localhost dbname=mail user=mail password=mailpassword
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE email=&amp;#39;%u&amp;#39;;
@ -1087,14 +1087,14 @@ password_query = SELECT email as user, password FROM virtual_users WHERE email=&
&lt;p&gt;You'll have to change the password to the one you have defined earlier. Since this file contains a password, let's make sure it's not world-readable :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;chown root: /etc/dovecot/sql.conf &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;600&lt;/span&gt; /etc/dovecot/sql.conf
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;chown root: /etc/dovecot/sql.conf &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;600&lt;/span&gt; /etc/dovecot/sql.conf
&lt;/pre&gt;&lt;/div&gt;
&lt;h3&gt;Configuring Sieve&lt;/h3&gt;
&lt;p&gt;The last thing we need to configure here is sieve. The idea is to have all messages flagged as spam automatically moved to the mailbox Junk folder.&lt;/p&gt;
&lt;p&gt;To do so, let's first create the required folders :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mkdir -p /var/mail/sieve/before
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mkdir -p /var/mail/sieve/before
mkdir /var/mail/sieve/after
mkdir /var/mail/sieve/users
chown -R vmail: /var/mail/sieve &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod -R &lt;span class="m"&gt;770&lt;/span&gt; /var/mail/sieve
@ -1104,7 +1104,7 @@ chown -R vmail: /var/mail/sieve &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/spa
&lt;p&gt;If you want to have sieve rules for a specific user, simply create $user@$domain.sieve file in the users folder (example@captainark.net in my case).&lt;/p&gt;
&lt;p&gt;All .sieve files in the before folder will be used for all your virtual users, before their individual configuration ; the .sieve files in the after folder will be used, well, you guessed it, after.&lt;/p&gt;
&lt;p&gt;Let's create a filter.sieve file in the /var/mail/sieve/before folder with the following content :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;require [&amp;quot;envelope&amp;quot;, &amp;quot;fileinto&amp;quot;, &amp;quot;imap4flags&amp;quot;, &amp;quot;regex&amp;quot;];
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;require [&amp;quot;envelope&amp;quot;, &amp;quot;fileinto&amp;quot;, &amp;quot;imap4flags&amp;quot;, &amp;quot;regex&amp;quot;];
if not header :regex &amp;quot;message-id&amp;quot; &amp;quot;.*@.*\.&amp;quot; {
fileinto &amp;quot;Junk&amp;quot;;
@ -1117,14 +1117,14 @@ if header :contains &amp;quot;X-Spam-Level&amp;quot; &amp;quot;*****&amp;quot; {
&lt;p&gt;Last thing we have to do is to change the permissions on the newly created file :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;chown vmail: /var/mail/sieve/before/filter.sieve &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;chown vmail: /var/mail/sieve/before/filter.sieve &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
chmod &lt;span class="m"&gt;660&lt;/span&gt; /var/mail/sieve/before/filter.sieve
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;That's all ; now, all email we receive that is flagged as spam by SpamAssassin will be moved to the Junk folder.&lt;/p&gt;
&lt;p&gt;Let's restart dovecot :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;systemctl restart dovecot
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;systemctl restart dovecot
&lt;/pre&gt;&lt;/div&gt;
@ -1146,24 +1146,24 @@ chmod &lt;span class="m"&gt;660&lt;/span&gt; /var/mail/sieve/before/filter.sieve
&lt;/ul&gt;
&lt;h3&gt;The actual configuration&lt;/h3&gt;
&lt;p&gt;SpamAssassin's configuration is pretty straightforward. First, let's edit the /etc/default/spamassassin file :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;ENABLED=1
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;ENABLED=1
[...]
CRON=1
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Before the cron runs for the first time, we have to manually update SpamAssassin's ruleset :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;sa-learn
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;sa-learn
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Next, as usual, let's back up the original configuration file :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mv /etc/spamassassin/local.cf /etc/spamassassin/local.cf.orig
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mv /etc/spamassassin/local.cf /etc/spamassassin/local.cf.orig
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Let's create a new /etc/spamassassin/local.cf file with the following content :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;rewrite_header Subject [SPAM]
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;rewrite_header Subject [SPAM]
report_safe 0
required_score 5.0
use_bayes 1
@ -1174,25 +1174,25 @@ whitelist_from *@captainark.net
&lt;p&gt;Next, to have Postfix send incoming emails through SpamAssassin, we have to edit the /etc/postfix/master.cf file. At the very beginning, we have to add a line under the smtp definition :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;smtp inet n - - - - smtpd
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;smtp inet n - - - - smtpd
-o content_filter=spamassassin
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;At the very end of the same file, we have to add the following lines :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;spamassassin unix - n n - - pipe
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;spamassassin unix - n n - - pipe
user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f &lt;span class="cp"&gt;${&lt;/span&gt;&lt;span class="n"&gt;sender&lt;/span&gt;&lt;span class="cp"&gt;}&lt;/span&gt; &lt;span class="cp"&gt;${&lt;/span&gt;&lt;span class="n"&gt;recipient&lt;/span&gt;&lt;span class="cp"&gt;}&lt;/span&gt;
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Let's restart SpamAssassin and Postfix :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;systemctl restart postfix
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;systemctl restart postfix
systemctl restart spamassassin
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;That's all for SpamAssassin ! To check if it is working, send yourself an email from another provider. You should see the following headers in it :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
myserver.captainark.net
X-Spam-Level:
&lt;/pre&gt;&lt;/div&gt;
@ -1201,7 +1201,7 @@ X-Spam-Level:
&lt;h2&gt;Configuring SPF&lt;/h2&gt;
&lt;h3&gt;Allowing your server to send emails for your domain&lt;/h3&gt;
&lt;p&gt;&lt;a href="http://www.openspf.org/"&gt;SPF&lt;/a&gt; (Sender Policy Framework) is a mechanism that confirms that your server's IP is allowed to send emails for your domain. Technically, it is a TXT DNS record which looks something like this :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;captainark.net IN TXT &amp;quot;v=spf1 mx ~all&amp;quot;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;captainark.net IN TXT &amp;quot;v=spf1 mx ~all&amp;quot;
&lt;/pre&gt;&lt;/div&gt;
@ -1211,19 +1211,19 @@ X-Spam-Level:
&lt;h3&gt;Checking SPF record for inbound mail&lt;/h3&gt;
&lt;p&gt;Now that we have set up our own SPF record, let's configure Postfix to check that other mail servers communicating with us have done the same.&lt;/p&gt;
&lt;p&gt;First, let's add the two following lines at the end of /etc/postfix-policyd-spf-python/policyd-spf.conf :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;Header_Type = AR
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;Header_Type = AR
Authserv_Id = &amp;quot;&amp;lt;server&amp;#39;s FQDN&amp;gt;&amp;quot;
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Then, let's edit the /etc/postfix/master.cf file and add the following lines at the end :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;policy-spf unix - n n - - spawn
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;policy-spf unix - n n - - spawn
user=nobody argv=/usr/bin/policyd-spf
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Let's now edit the /etc/postfix/main.cf. In the "smtpd_recipient_restrictions" section, add the "check_policy_service" line as seen below :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;smtpd_recipient_restrictions =
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;smtpd_recipient_restrictions =
[...]
reject_unauth_destination,
check_policy_service unix:private/policy-spf,
@ -1232,13 +1232,13 @@ Authserv_Id = &amp;quot;&amp;lt;server&amp;#39;s FQDN&amp;gt;&amp;quot;
&lt;p&gt;We now have to restart postfix :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;systemctl restart postfix
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;systemctl restart postfix
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Our server is now checking other mail server's SPF records.&lt;/p&gt;
&lt;p&gt;To make sure that it is working, send yourself an email from another provider. You should see the following header in it :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="nt"&gt;Authentication-Results&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="nt"&gt;myserver&lt;/span&gt;&lt;span class="nc"&gt;.captainark.net&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt; &lt;span class="nt"&gt;spf&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;pass&lt;/span&gt; &lt;span class="o"&gt;(&lt;/span&gt;&lt;span class="nt"&gt;sender&lt;/span&gt; &lt;span class="nt"&gt;SPF&lt;/span&gt; &lt;span class="nt"&gt;authorized&lt;/span&gt;&lt;span class="o"&gt;)&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="nt"&gt;Authentication-Results&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="nt"&gt;myserver&lt;/span&gt;&lt;span class="nc"&gt;.captainark.net&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt; &lt;span class="nt"&gt;spf&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;pass&lt;/span&gt; &lt;span class="o"&gt;(&lt;/span&gt;&lt;span class="nt"&gt;sender&lt;/span&gt; &lt;span class="nt"&gt;SPF&lt;/span&gt; &lt;span class="nt"&gt;authorized&lt;/span&gt;&lt;span class="o"&gt;)&lt;/span&gt;
&lt;span class="cp"&gt;[&lt;/span&gt;&lt;span class="nx"&gt;...&lt;/span&gt;&lt;span class="cp"&gt;]&lt;/span&gt; &lt;span class="nt"&gt;receiver&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;example&lt;/span&gt;&lt;span class="k"&gt;@captainark&lt;/span&gt;&lt;span class="nc"&gt;.net&lt;/span&gt;&lt;span class="o"&gt;)&lt;/span&gt;
&lt;/pre&gt;&lt;/div&gt;
@ -1249,13 +1249,13 @@ Authserv_Id = &amp;quot;&amp;lt;server&amp;#39;s FQDN&amp;gt;&amp;quot;
&lt;p&gt;With this configuration, OpenDKIM will also check the key for inbound emails.&lt;/p&gt;
&lt;h3&gt;Software side&lt;/h3&gt;
&lt;p&gt;First, let's backup the original configuration file and create a folder for the configuration files :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mv /etc/opendkim.conf /etc/opendkim.conf.orig
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mv /etc/opendkim.conf /etc/opendkim.conf.orig
mkdir /etc/opendkim.d
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;We now have to create a /etc/opendkim.conf file with the following content :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;AutoRestart Yes
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
@ -1283,12 +1283,12 @@ Socket local:/var/spool/postfix/opendkim/opendkim.sock
&lt;p&gt;Let's then create the necessary folders :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mkdir -p /etc/opendkim.d/keys/captainark.net/
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mkdir -p /etc/opendkim.d/keys/captainark.net/
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Now, we are going to create the /etc/opendkim.d/TrustedHosts file with the following content :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;localhost
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;localhost
127.0.0.1
::1
captainark.net
@ -1297,26 +1297,26 @@ captainark.net
&lt;p&gt;This file contains the hosts and domains for which OpenDKIM should sign emails.&lt;/p&gt;
&lt;p&gt;Next, let's create the /etc/opendkim.d/KeyTable :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mail._domainkey.captainark.net captainark.net:mail:/etc/opendkim.d/keys/captainark.net/mail.private
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mail._domainkey.captainark.net captainark.net:mail:/etc/opendkim.d/keys/captainark.net/mail.private
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;This file tells OpenDKIM which key it should use for each selector.&lt;/p&gt;
&lt;p&gt;Finally, let's create the /etc/opendkim.d/SigningTable file :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;*@captainark.net mail._domainkey.captainark.net
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;*@captainark.net mail._domainkey.captainark.net
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;This file tells OpenDKIM which selector it should use for each domain.&lt;/p&gt;
&lt;p&gt;We now have to generate the private/public key pair for our domain :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="nb"&gt;cd&lt;/span&gt; /etc/opendkim.d/keys/captainark.net/
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="nb"&gt;cd&lt;/span&gt; /etc/opendkim.d/keys/captainark.net/
opendkim-genkey -s mail -d captainark.net
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;This creates two files ; mail.private contains our private key, mail.txt contains our public key.&lt;/p&gt;
&lt;p&gt;Let's change the permissions on those files :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;chown -R opendkim: /etc/opendkim.d/keys
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;chown -R opendkim: /etc/opendkim.d/keys
chmod -R &lt;span class="m"&gt;700&lt;/span&gt; /etc/opendkim.d/keys
chmod &lt;span class="m"&gt;600&lt;/span&gt; /etc/opendkim.d/captainark.net/*
&lt;/pre&gt;&lt;/div&gt;
@ -1325,36 +1325,36 @@ chmod &lt;span class="m"&gt;600&lt;/span&gt; /etc/opendkim.d/captainark.net/*
&lt;h3&gt;Postfix integration&lt;/h3&gt;
&lt;p&gt;The last thing we have to do is to configure Postfix to communicate with OpenDKIM.&lt;/p&gt;
&lt;p&gt;First, let's create the necessary folders :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mkdir /var/spool/postfix/opendkim
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mkdir /var/spool/postfix/opendkim
chown opendkim: /var/spool/postfix/opendkim
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;We also have to add the postfix user to the opendkim group :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;useradd -G opendkim postfix
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;useradd -G opendkim postfix
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Now, let's edit the /etc/postfix/master.cf file, like so :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;smtpd_milters = unix:/opendkim/opendkim.sock
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;smtpd_milters = unix:/opendkim/opendkim.sock
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;We now have to restart OpenDKIM and Postfix :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;systemctl restart opendkim
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;systemctl restart opendkim
systemctl restart postfix
&lt;/pre&gt;&lt;/div&gt;
&lt;h3&gt;DNS side&lt;/h3&gt;
&lt;p&gt;For DKIM to work, you have to configure a DNS TXT record in your zone. This record was automatically generated by OpenDKIM in the mail.txt file mentioned earlier :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mail._domainkey IN TXT &amp;quot;v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkJq0CW3tl2XHZ1CN5XdbqRDU7KfXOJ70nlwI09bHmDU63/Yz3J5rl863S0t2ncVHfIudZANj0OaiJe5HRR7WCsjuNIhQFfPFGIWLNClpxqdQVQURI38sAGeyn7Ed/Cor1AiWABzFWzel0kvXILw8K/NTzxaAPeSa9ttwQEgSmowIDAQAB&amp;quot; ; ----- DKIM key mail for captainark.net
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mail._domainkey IN TXT &amp;quot;v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkJq0CW3tl2XHZ1CN5XdbqRDU7KfXOJ70nlwI09bHmDU63/Yz3J5rl863S0t2ncVHfIudZANj0OaiJe5HRR7WCsjuNIhQFfPFGIWLNClpxqdQVQURI38sAGeyn7Ed/Cor1AiWABzFWzel0kvXILw8K/NTzxaAPeSa9ttwQEgSmowIDAQAB&amp;quot; ; ----- DKIM key mail for captainark.net
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;All you have to do is to copy and paste this record in your DNS zone file.&lt;/p&gt;
&lt;p&gt;To make sure that OpenDKIM is working, you can send an empty email to &lt;a href="mailto:check-auth@verifier.port25.com"&gt;check-auth@verifier.port25.com&lt;/a&gt;. You should receive a response with the following content :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;==========================================================
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;==========================================================
Summary of Results
==========================================================
SPF check: pass
@ -1370,12 +1370,12 @@ SpamAssassin check: ham
&lt;p&gt;It lets the owner of a domain name indicate that his email is protected by SPF and/or DKIM and what other providers should do with emails that do not pass those checks.&lt;/p&gt;
&lt;h3&gt;Software side&lt;/h3&gt;
&lt;p&gt;Once again, let's backup the original configuration file :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mv /etc/opendmarc.conf /etc/opendmarc.conf.orig
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mv /etc/opendmarc.conf /etc/opendmarc.conf.orig
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;We now have to create a /etc/opendmarc.conf file with the following content :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;AutoRestart Yes
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;AutoRestart Yes
AutoRestartRate 10/1h
UMask 0002
Syslog true
@ -1395,36 +1395,36 @@ Socket local:/var/spool/postfix/opendmarc/opendmarc.sock
&lt;h3&gt;Postfix integration&lt;/h3&gt;
&lt;p&gt;The last thing we have to do is to configure Postfix to communicate with OpenDMARC.&lt;/p&gt;
&lt;p&gt;First, let's create the necessary folders :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mkdir /var/spool/postfix/opendmarc
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mkdir /var/spool/postfix/opendmarc
chown opendmarc: /var/spool/postfix/opendmarc
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;We also have to add the postfix user to the opendmarc group :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;useradd -G opendmarc postfix
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;useradd -G opendmarc postfix
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Now, let's edit the /etc/postfix/master.cf file, like so :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;smtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;smtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;We now have to restart OpenDMARC and Postfix :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;systemctl restart opendmarc
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;systemctl restart opendmarc
systemctl restart postfix
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;You should now see the following headers in your incoming emails :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="nt"&gt;Authentication-Results&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="nt"&gt;myserver&lt;/span&gt;&lt;span class="nc"&gt;.captainark.net&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt; &lt;span class="nt"&gt;dmarc&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;pass&lt;/span&gt; &lt;span class="nt"&gt;header&lt;/span&gt;&lt;span class="nc"&gt;.from&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;gmail&lt;/span&gt;&lt;span class="nc"&gt;.com&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="nt"&gt;Authentication-Results&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="nt"&gt;myserver&lt;/span&gt;&lt;span class="nc"&gt;.captainark.net&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt; &lt;span class="nt"&gt;dmarc&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;pass&lt;/span&gt; &lt;span class="nt"&gt;header&lt;/span&gt;&lt;span class="nc"&gt;.from&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;gmail&lt;/span&gt;&lt;span class="nc"&gt;.com&lt;/span&gt;
&lt;/pre&gt;&lt;/div&gt;
&lt;h3&gt;DNS side&lt;/h3&gt;
&lt;p&gt;DMARC, like SPF and DKIM, is based on DNS TXT records.&lt;/p&gt;
&lt;p&gt;Here is how I configured it for the captainark.net domain :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span class="nt"&gt;_dmarc&lt;/span&gt; &lt;span class="nt"&gt;IN&lt;/span&gt; &lt;span class="nt"&gt;TXT&lt;/span&gt; &lt;span class="s2"&gt;&amp;quot;v=DMARC1; p=none; rua=mailto:postmaster@captainark.net; ruf=mailto:postmaster@captainark.net&amp;quot;&lt;/span&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="nt"&gt;_dmarc&lt;/span&gt; &lt;span class="nt"&gt;IN&lt;/span&gt; &lt;span class="nt"&gt;TXT&lt;/span&gt; &lt;span class="s2"&gt;&amp;quot;v=DMARC1; p=none; rua=mailto:postmaster@captainark.net; ruf=mailto:postmaster@captainark.net&amp;quot;&lt;/span&gt;
&lt;/pre&gt;&lt;/div&gt;
@ -1433,12 +1433,12 @@ systemctl restart postfix
&lt;h2&gt;Configuring Monit&lt;/h2&gt;
&lt;p&gt;&lt;a href="http://mmonit.com/monit/"&gt;Monit&lt;/a&gt; is a daemon that makes sure that other daemons are running. If they crash, it restarts them automatically. Is is not directly related to a mail server per say, but it's pretty easy to set up.&lt;/p&gt;
&lt;p&gt;First, as always, let's backup the original configuration file :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;mv /etc/monit/monitrc /etc/monit/monitrc.orig
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;mv /etc/monit/monitrc /etc/monit/monitrc.orig
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;We now have to create a new /etc/monit/monitrc file with the following content :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;set daemon 30
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;set daemon 30
set logfile syslog facility log_daemon
set httpd port 2812 and
@ -1456,7 +1456,7 @@ include /etc/monit/conf.d/*
&lt;p&gt;Then, we are going to create a /etc/monit/conf.d/mail file with the following content :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;check process postfix
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;check process postfix
with pidfile &amp;quot;/var/spool/postfix/pid/master.pid&amp;quot;
start program = &amp;quot;/bin/systemctl start postfix&amp;quot;
stop program = &amp;quot;/bin/systemctl stop postfix&amp;quot;
@ -1498,17 +1498,17 @@ check process opendmarc
&lt;p&gt;Let's make sure that permissions on the file are correct :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;chown root: /etc/monit/conf.d/mail &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;600&lt;/span&gt; /etc/monit/conf.d/mail
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;chown root: /etc/monit/conf.d/mail &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; chmod &lt;span class="m"&gt;600&lt;/span&gt; /etc/monit/conf.d/mail
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Then, we have to reload the monit daemon :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;monit reload
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;monit reload
&lt;/pre&gt;&lt;/div&gt;
&lt;p&gt;Now, the &lt;code&gt;monit summary&lt;/code&gt; command should have the following output :&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;The Monit daemon 5.4 uptime: 3d 0h 41m
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;The Monit daemon 5.4 uptime: 3d 0h 41m
Process &amp;#39;postfix&amp;#39; Running
Process &amp;#39;dovecot&amp;#39; Running

View File

@ -130,7 +130,7 @@
<h2>Initial configuration</h2>
<h3>Installing the required packages</h3>
<p>First thing first, we need to install the packages we'll need for this configuration :</p>
<div class="highlight"><pre>apt update
<div class="highlight"><pre><span></span>apt update
apt install mysql-server mysql-client postfix postfix-mysql <span class="se">\</span>
postfix-policyd-spf-python dovecot-core dovecot-imapd dovecot-lmtpd <span class="se">\</span>
@ -145,7 +145,7 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
<p>The PTR records on your server's IPv4 and/or IPv6 should match your server's FQDN (a <code>dig -x</code> on your server's IP should match a <code>hostname -f</code> on your server).</p>
<p>You'll have to open the following TCP ports on your server for this configuration to work : 25, 465, 587 and 993.</p>
<p>If you don't want to have to remember the root user MySQL password, you can create a .my.cnf file in your current user home directory containing the following lines :</p>
<div class="highlight"><pre><span class="o">[</span>client<span class="o">]</span>
<div class="highlight"><pre><span></span><span class="o">[</span>client<span class="o">]</span>
<span class="nv">host</span> <span class="o">=</span> localhost
<span class="nv">user</span> <span class="o">=</span> root
<span class="nv">password</span> <span class="o">=</span> myverysecurepassword
@ -154,18 +154,18 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
<p>Once it has been created, change the permissions on the file to make sure no other user can read it :</p>
<div class="highlight"><pre>chmod <span class="m">600</span> ~/.my.cnf
<div class="highlight"><pre><span></span>chmod <span class="m">600</span> ~/.my.cnf
</pre></div>
<p>I also like to change the default MySQL shell to see what database I'm using at any given time. Since I use bash, I achieve this the following way :</p>
<div class="highlight"><pre><span class="nb">echo</span> <span class="s1">&#39;export MYSQL_PS1=&quot;[\u@\h] (\d)&gt; &quot;&#39;</span> &gt; ~/.bash_aliases
<div class="highlight"><pre><span></span><span class="nb">echo</span> <span class="s1">&#39;export MYSQL_PS1=&quot;[\u@\h] (\d)&gt; &quot;&#39;</span> &gt; ~/.bash_aliases
</pre></div>
<p>You'll have to logout from the current shell for the modification to be taken into account (if you're using SSH, log out and back into your server).</p>
<p>You should now be able to log into MySQL without specifying a password, and it should look like this :</p>
<div class="highlight"><pre>:~$ mysql mysql
<div class="highlight"><pre><span></span>:~$ mysql mysql
<span class="o">[</span>...<span class="o">]</span>
<span class="o">[</span>root@localhost<span class="o">]</span> <span class="o">(</span>mysql<span class="o">)</span>&gt;
</pre></div>
@ -175,23 +175,23 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
<h3>Initial configuration</h3>
<p>We now need to configure the MySQL database Postfix and Dovecot will be using. In this tutorial, we'll be calling it "mail", but you can name it whatever you want.</p>
<p>First, in a mysql shell, let's create the MySQL database :</p>
<div class="highlight"><pre><span class="k">CREATE</span> <span class="k">DATABASE</span> <span class="n">mail</span><span class="p">;</span>
<div class="highlight"><pre><span></span><span class="k">CREATE</span> <span class="k">DATABASE</span> <span class="n">mail</span><span class="p">;</span>
</pre></div>
<p>Now, we are going to create the user that Postfix and Dovecot will be using to access the database. We will only be granting this user select permission :</p>
<div class="highlight"><pre><span class="k">GRANT</span> <span class="k">SELECT</span> <span class="k">ON</span> <span class="n">mail</span><span class="p">.</span><span class="o">*</span> <span class="k">TO</span> <span class="s1">&#39;mail&#39;</span><span class="o">@</span><span class="s1">&#39;localhost&#39;</span> <span class="n">IDENTIFIED</span> <span class="k">BY</span> <span class="s1">&#39;mailpassword&#39;</span><span class="p">;</span>
<div class="highlight"><pre><span></span><span class="k">GRANT</span> <span class="k">SELECT</span> <span class="k">ON</span> <span class="n">mail</span><span class="p">.</span><span class="o">*</span> <span class="k">TO</span> <span class="s1">&#39;mail&#39;</span><span class="o">@</span><span class="s1">&#39;localhost&#39;</span> <span class="n">IDENTIFIED</span> <span class="k">BY</span> <span class="s1">&#39;mailpassword&#39;</span><span class="p">;</span>
<span class="n">FLUSH</span> <span class="k">PRIVILEGES</span><span class="p">;</span>
</pre></div>
<p>We are now going to create the necessary tables for our needs. Let's first use the mail database :</p>
<div class="highlight"><pre><span class="n">USE</span> <span class="n">mail</span><span class="p">;</span>
<div class="highlight"><pre><span></span><span class="n">USE</span> <span class="n">mail</span><span class="p">;</span>
</pre></div>
<p>The first table we are going to create will contain the domains we will be using with our mail server :</p>
<div class="highlight"><pre><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="o">`</span><span class="n">virtual_domains</span><span class="o">`</span> <span class="p">(</span>
<div class="highlight"><pre><span></span><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="o">`</span><span class="n">virtual_domains</span><span class="o">`</span> <span class="p">(</span>
<span class="o">`</span><span class="n">id</span><span class="o">`</span> <span class="nb">INT</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="n">AUTO_INCREMENT</span><span class="p">,</span>
<span class="o">`</span><span class="n">name</span><span class="o">`</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">50</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
<span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="o">`</span><span class="n">id</span><span class="o">`</span><span class="p">)</span>
@ -200,7 +200,7 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
<p>Then, we are going to create the table that will contain our users and their password :</p>
<div class="highlight"><pre><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="o">`</span><span class="n">virtual_users</span><span class="o">`</span> <span class="p">(</span>
<div class="highlight"><pre><span></span><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="o">`</span><span class="n">virtual_users</span><span class="o">`</span> <span class="p">(</span>
<span class="o">`</span><span class="n">id</span><span class="o">`</span> <span class="nb">INT</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="n">AUTO_INCREMENT</span><span class="p">,</span>
<span class="o">`</span><span class="n">domain_id</span><span class="o">`</span> <span class="nb">INT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
<span class="o">`</span><span class="n">password</span><span class="o">`</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">106</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
@ -213,7 +213,7 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
<p>Finally, the last table we are going to create will contain our mail aliases :</p>
<div class="highlight"><pre><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="o">`</span><span class="n">virtual_aliases</span><span class="o">`</span> <span class="p">(</span>
<div class="highlight"><pre><span></span><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="o">`</span><span class="n">virtual_aliases</span><span class="o">`</span> <span class="p">(</span>
<span class="o">`</span><span class="n">id</span><span class="o">`</span> <span class="nb">INT</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="n">AUTO_INCREMENT</span><span class="p">,</span>
<span class="o">`</span><span class="n">domain_id</span><span class="o">`</span> <span class="nb">INT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
<span class="o">`</span><span class="k">source</span><span class="o">`</span> <span class="nb">varchar</span><span class="p">(</span><span class="mi">100</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
@ -227,19 +227,19 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
<h3>Domains, users and aliases management</h3>
<p>We are now going to add data to the tables we have created.</p>
<p>First, let's add a domain to the virtual_domains table :</p>
<div class="highlight"><pre><span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">virtual_domains</span> <span class="p">(</span><span class="o">`</span><span class="n">name</span><span class="o">`</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">&#39;captainark.net&#39;</span><span class="p">);</span>
<div class="highlight"><pre><span></span><span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">virtual_domains</span> <span class="p">(</span><span class="o">`</span><span class="n">name</span><span class="o">`</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">&#39;captainark.net&#39;</span><span class="p">);</span>
</pre></div>
<p>We can now create users associated with this domain in the virtual_users table :</p>
<div class="highlight"><pre><span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">virtual_users</span> <span class="p">(</span><span class="o">`</span><span class="n">domain_id</span><span class="o">`</span><span class="p">,</span> <span class="o">`</span><span class="n">password</span><span class="o">`</span> <span class="p">,</span> <span class="o">`</span><span class="n">email</span><span class="o">`</span><span class="p">)</span> <span class="k">VALUES</span>
<div class="highlight"><pre><span></span><span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">virtual_users</span> <span class="p">(</span><span class="o">`</span><span class="n">domain_id</span><span class="o">`</span><span class="p">,</span> <span class="o">`</span><span class="n">password</span><span class="o">`</span> <span class="p">,</span> <span class="o">`</span><span class="n">email</span><span class="o">`</span><span class="p">)</span> <span class="k">VALUES</span>
<span class="p">(</span><span class="s1">&#39;1&#39;</span><span class="p">,</span> <span class="n">ENCRYPT</span><span class="p">(</span><span class="s1">&#39;notanactualpassword&#39;</span><span class="p">,</span> <span class="n">CONCAT</span><span class="p">(</span><span class="s1">&#39;$6$&#39;</span><span class="p">,</span> <span class="k">SUBSTRING</span><span class="p">(</span><span class="n">SHA</span><span class="p">(</span><span class="n">RAND</span><span class="p">()),</span> <span class="o">-</span><span class="mi">16</span><span class="p">))),</span>
<span class="s1">&#39;example@captainark.net&#39;</span><span class="p">);</span>
</pre></div>
<p>This is not mandatory, but we can also create our first mail alias :</p>
<div class="highlight"><pre><span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">virtual_aliases</span> <span class="p">(</span><span class="o">`</span><span class="n">domain_id</span><span class="o">`</span><span class="p">,</span> <span class="o">`</span><span class="k">source</span><span class="o">`</span><span class="p">,</span> <span class="o">`</span><span class="n">destination</span><span class="o">`</span><span class="p">)</span> <span class="k">VALUES</span>
<div class="highlight"><pre><span></span><span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">virtual_aliases</span> <span class="p">(</span><span class="o">`</span><span class="n">domain_id</span><span class="o">`</span><span class="p">,</span> <span class="o">`</span><span class="k">source</span><span class="o">`</span><span class="p">,</span> <span class="o">`</span><span class="n">destination</span><span class="o">`</span><span class="p">)</span> <span class="k">VALUES</span>
<span class="p">(</span><span class="s1">&#39;1&#39;</span><span class="p">,</span> <span class="s1">&#39;alias@captainark.net&#39;</span><span class="p">,</span> <span class="s1">&#39;example@captainark.net&#39;</span><span class="p">);</span>
</pre></div>
@ -250,21 +250,21 @@ opendkim opendkim-tools monit opendmarc spamassassin spamc
<p>Next, we are going to configure <a href="http://www.postfix.org/">Postfix</a>.</p>
<h3>Configuration backup</h3>
<p>First, let's backup the original configuration files :</p>
<div class="highlight"><pre>cp /etc/postfix/main.cf /etc/postfix/main.cf.orig
<div class="highlight"><pre><span></span>cp /etc/postfix/main.cf /etc/postfix/main.cf.orig
cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
</pre></div>
<h3>User and group creation</h3>
<p>We are now going to create a user and group called vmail that will be used by both Postfix and Dovecot :</p>
<div class="highlight"><pre>groupadd -g <span class="m">5000</span> vmail
<div class="highlight"><pre><span></span>groupadd -g <span class="m">5000</span> vmail
useradd -g vmail -u <span class="m">5000</span> vmail -d /var/mail -m -s /bin/false
</pre></div>
<h3>SSL certificates</h3>
<p>Next, we are going to create the folder where we will store the SSL certificates :</p>
<div class="highlight"><pre>mkdir /etc/postfix/ssl
<div class="highlight"><pre><span></span>mkdir /etc/postfix/ssl
chown root: /etc/postfix/ssl <span class="o">&amp;&amp;</span> chmod <span class="m">600</span> /etc/postfix/ssl
</pre></div>
@ -272,32 +272,32 @@ chown root: /etc/postfix/ssl <span class="o">&amp;&amp;</span> chmod <span class
<p>Purists will probably want to store their certificates in /etc/ssl/private. If you choose to do so, you'll have to adapt the path of those files for the remainder of this tutorial.</p>
<p>If you've decided to create a certificate with StartSSL, you'll end up with two files, a .crt and a .key. I'll name those files server.crt and server-with-passphrase.key. Put both these files in the folder we've just created.</p>
<p>Now, let's remove the passphrase from the key :</p>
<div class="highlight"><pre><span class="nb">cd</span> /etc/postfix/ssl
<div class="highlight"><pre><span></span><span class="nb">cd</span> /etc/postfix/ssl
openssl rsa -in server-with-passphrase.key -out server.key
</pre></div>
<p>You'll be prompted for the passphrase you chose during the certificate generation.</p>
<p>Next, we have to download the appropriate intermediate certificate :</p>
<div class="highlight"><pre>wget -O /etc/postfix/ssl/sub.class1.server.ca.pem <span class="se">\</span>
<div class="highlight"><pre><span></span>wget -O /etc/postfix/ssl/sub.class1.server.ca.pem <span class="se">\</span>
http://www.startssl.com/certs/sub.class1.server.ca.pem
</pre></div>
<p>We now have to make sure that the permissions on those files are correct :</p>
<div class="highlight"><pre>chown root: /etc/postfix/ssl/* <span class="o">&amp;&amp;</span> chmod <span class="m">600</span> /etc/postfix/ssl/*
<div class="highlight"><pre><span></span>chown root: /etc/postfix/ssl/* <span class="o">&amp;&amp;</span> chmod <span class="m">600</span> /etc/postfix/ssl/*
</pre></div>
<p>The last thing we have to do here is to generate Diffie-Hellman keys for Perfect Forward Secrecy (PFS) :</p>
<div class="highlight"><pre>openssl gendh -out /etc/postfix/dh_512.pem -2 512
<div class="highlight"><pre><span></span>openssl gendh -out /etc/postfix/dh_512.pem -2 512
openssl gendh -out /etc/postfix/dh_1024.pem -2 1024
</pre></div>
<h3>Postifx configuration</h3>
<p>First, let's edit the /etc/postfix/main.cf file. It should end up looking something like that :</p>
<div class="highlight"><pre>smtpd_banner = <span class="nv">$myhostname</span> ESMTP <span class="nv">$mail_name</span> (Debian/GNU)
<div class="highlight"><pre><span></span>smtpd_banner = <span class="nv">$myhostname</span> ESMTP <span class="nv">$mail_name</span> (Debian/GNU)
biff = no
broken_sasl_auth_clients = yes
@ -386,7 +386,7 @@ virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
<p>The variable "myhostname" has to be defined to you server's FQDN. The file /etc/mailname should contain your server's FQDN as well.</p>
<p>Next, we need to edit the /etc/postfix/master.cf file. You need to uncomment the following lines :</p>
<div class="highlight"><pre>submission inet n - - - - smtpd
<div class="highlight"><pre><span></span>submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o tls_preempt_cipherlist=yes
@ -402,7 +402,7 @@ smtps inet n - - - - smtpd
<p>You also have to add the following lines at the end of the file :</p>
<div class="highlight"><pre>dovecot unix - n n - - pipe
<div class="highlight"><pre><span></span>dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f <span class="cp">${</span><span class="n">sender</span><span class="cp">}</span> -d <span class="cp">${</span><span class="n">recipient</span><span class="cp">}</span>
</pre></div>
@ -410,7 +410,7 @@ smtps inet n - - - - smtpd
<h3>MySQL access for Postfix</h3>
<p>We now need to allow Postfix to connect to the MySQL database we have created earlier. To that end, we must create three files.</p>
<p>/etc/postfix/mysql-virtual-mailbox-domains.cf should contain the following lines :</p>
<div class="highlight"><pre>user = mail
<div class="highlight"><pre><span></span>user = mail
password = mailpassword
hosts = 127.0.0.1
dbname = mail
@ -419,7 +419,7 @@ query = SELECT 1 FROM virtual_domains WHERE name=&#39;%s&#39;
<p>/etc/postfix/mysql-virtual-mailbox-maps.cf should contain the following lines :</p>
<div class="highlight"><pre>user = mail
<div class="highlight"><pre><span></span>user = mail
password = mailpassword
hosts = 127.0.0.1
dbname = mail
@ -428,7 +428,7 @@ query = SELECT 1 FROM virtual_users WHERE email=&#39;%s&#39;
<p>/etc/postfix/mysql-virtual-alias-maps.cf should contain the following lines :</p>
<div class="highlight"><pre>user = mail
<div class="highlight"><pre><span></span>user = mail
password = mailpassword
hosts = 127.0.0.1
dbname = mail
@ -437,12 +437,12 @@ query = SELECT destination FROM virtual_aliases WHERE source=&#39;%s&#39;
<p>Since these files contain a password, let's make sure they are not world-readable :</p>
<div class="highlight"><pre>chown root: /etc/postfix/mysql* <span class="o">&amp;&amp;</span> chmod <span class="m">600</span> /etc/postfix/mysql*
<div class="highlight"><pre><span></span>chown root: /etc/postfix/mysql* <span class="o">&amp;&amp;</span> chmod <span class="m">600</span> /etc/postfix/mysql*
</pre></div>
<p>You can use the command postmap to confirm that everything is working properly :</p>
<div class="highlight"><pre>postmap -q captainark.net mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
<div class="highlight"><pre><span></span>postmap -q captainark.net mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
postmap -q example@captainark.net mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
@ -451,7 +451,7 @@ postmap -q alias@captainark.net mysql:/etc/postfix/mysql-virtual-alias-maps.cf
<p>Let's restart postfix for our modifications to be taken into account :</p>
<div class="highlight"><pre>systemctl restart postfix
<div class="highlight"><pre><span></span>systemctl restart postfix
</pre></div>
@ -460,12 +460,12 @@ postmap -q alias@captainark.net mysql:/etc/postfix/mysql-virtual-alias-maps.cf
<h3>Dovecot global configuration</h3>
<p>By default, on Debian, <a href="http://www.dovecot.org/">Dovecot</a> uses multiple configuration files in /etc/dovecot/conf.d. I found it annoying to maintain, and I ended up only using the /etc/doveconf.conf file.</p>
<p>As always, let's start by backing up the original configuration file :</p>
<div class="highlight"><pre>mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
<div class="highlight"><pre><span></span>mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
</pre></div>
<p>Next, we are going to create a new /etc/dovecot/dovecot.conf file. It should contain the following lines :</p>
<div class="highlight"><pre><span class="sx">!include_try /usr/share/dovecot/protocols.d/*.protocol</span>
<div class="highlight"><pre><span></span><span class="sx">!include_try /usr/share/dovecot/protocols.d/*.protocol</span>
<span class="n">protocols</span> <span class="p">=</span> <span class="n">imap</span> <span class="n">lmtp</span> <span class="n">sieve</span>
<span class="n">mail_location</span> <span class="p">=</span> <span class="n">maildir</span><span class="p">:</span><span class="o">/</span><span class="n">var</span><span class="o">/</span><span class="n">mail</span><span class="o">/</span><span class="c">%d/%n</span>
@ -602,7 +602,7 @@ postmap -q alias@captainark.net mysql:/etc/postfix/mysql-virtual-alias-maps.cf
<p>Dovecot will use the same SSL certificate as Postfix.</p>
<p>Using this configuration, your virtual users' emails will be stored in /var/mail/$domain/$user/ and will be owned by the vmail user.</p>
<p>For this to work, we have to create the domain folder :</p>
<div class="highlight"><pre>mkdir -p /var/mail/captainark.net
<div class="highlight"><pre><span></span>mkdir -p /var/mail/captainark.net
chown vmail: /var/mail/captainark.net <span class="o">&amp;&amp;</span> chmod <span class="m">770</span> /var/mail/captainark.net
</pre></div>
@ -610,7 +610,7 @@ chown vmail: /var/mail/captainark.net <span class="o">&amp;&amp;</span> chmod <s
<p>Dovecot will create the virtual users' folders automatically.</p>
<h3>Dovecot access to the MySQL database</h3>
<p>We now need to allow Dovecot to connect to the mail database we have populated earlier. To do so, we are going to create a /etc/dovecot/sql.conf file with the following content :</p>
<div class="highlight"><pre>driver = mysql
<div class="highlight"><pre><span></span>driver = mysql
connect = host=localhost dbname=mail user=mail password=mailpassword
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE email=&#39;%u&#39;;
@ -618,14 +618,14 @@ password_query = SELECT email as user, password FROM virtual_users WHERE email=&
<p>You'll have to change the password to the one you have defined earlier. Since this file contains a password, let's make sure it's not world-readable :</p>
<div class="highlight"><pre>chown root: /etc/dovecot/sql.conf <span class="o">&amp;&amp;</span> chmod <span class="m">600</span> /etc/dovecot/sql.conf
<div class="highlight"><pre><span></span>chown root: /etc/dovecot/sql.conf <span class="o">&amp;&amp;</span> chmod <span class="m">600</span> /etc/dovecot/sql.conf
</pre></div>
<h3>Configuring Sieve</h3>
<p>The last thing we need to configure here is sieve. The idea is to have all messages flagged as spam automatically moved to the mailbox Junk folder.</p>
<p>To do so, let's first create the required folders :</p>
<div class="highlight"><pre>mkdir -p /var/mail/sieve/before
<div class="highlight"><pre><span></span>mkdir -p /var/mail/sieve/before
mkdir /var/mail/sieve/after
mkdir /var/mail/sieve/users
chown -R vmail: /var/mail/sieve <span class="o">&amp;&amp;</span> chmod -R <span class="m">770</span> /var/mail/sieve
@ -635,7 +635,7 @@ chown -R vmail: /var/mail/sieve <span class="o">&amp;&amp;</span> chmod -R <span
<p>If you want to have sieve rules for a specific user, simply create $user@$domain.sieve file in the users folder (example@captainark.net in my case).</p>
<p>All .sieve files in the before folder will be used for all your virtual users, before their individual configuration ; the .sieve files in the after folder will be used, well, you guessed it, after.</p>
<p>Let's create a filter.sieve file in the /var/mail/sieve/before folder with the following content :</p>
<div class="highlight"><pre>require [&quot;envelope&quot;, &quot;fileinto&quot;, &quot;imap4flags&quot;, &quot;regex&quot;];
<div class="highlight"><pre><span></span>require [&quot;envelope&quot;, &quot;fileinto&quot;, &quot;imap4flags&quot;, &quot;regex&quot;];
if not header :regex &quot;message-id&quot; &quot;.*@.*\.&quot; {
fileinto &quot;Junk&quot;;
@ -648,14 +648,14 @@ if header :contains &quot;X-Spam-Level&quot; &quot;*****&quot; {
<p>Last thing we have to do is to change the permissions on the newly created file :</p>
<div class="highlight"><pre>chown vmail: /var/mail/sieve/before/filter.sieve <span class="o">&amp;&amp;</span> <span class="se">\</span>
<div class="highlight"><pre><span></span>chown vmail: /var/mail/sieve/before/filter.sieve <span class="o">&amp;&amp;</span> <span class="se">\</span>
chmod <span class="m">660</span> /var/mail/sieve/before/filter.sieve
</pre></div>
<p>That's all ; now, all email we receive that is flagged as spam by SpamAssassin will be moved to the Junk folder.</p>
<p>Let's restart dovecot :</p>
<div class="highlight"><pre>systemctl restart dovecot
<div class="highlight"><pre><span></span>systemctl restart dovecot
</pre></div>
@ -677,24 +677,24 @@ chmod <span class="m">660</span> /var/mail/sieve/before/filter.sieve
</ul>
<h3>The actual configuration</h3>
<p>SpamAssassin's configuration is pretty straightforward. First, let's edit the /etc/default/spamassassin file :</p>
<div class="highlight"><pre>ENABLED=1
<div class="highlight"><pre><span></span>ENABLED=1
[...]
CRON=1
</pre></div>
<p>Before the cron runs for the first time, we have to manually update SpamAssassin's ruleset :</p>
<div class="highlight"><pre>sa-learn
<div class="highlight"><pre><span></span>sa-learn
</pre></div>
<p>Next, as usual, let's back up the original configuration file :</p>
<div class="highlight"><pre>mv /etc/spamassassin/local.cf /etc/spamassassin/local.cf.orig
<div class="highlight"><pre><span></span>mv /etc/spamassassin/local.cf /etc/spamassassin/local.cf.orig
</pre></div>
<p>Let's create a new /etc/spamassassin/local.cf file with the following content :</p>
<div class="highlight"><pre>rewrite_header Subject [SPAM]
<div class="highlight"><pre><span></span>rewrite_header Subject [SPAM]
report_safe 0
required_score 5.0
use_bayes 1
@ -705,25 +705,25 @@ whitelist_from *@captainark.net
<p>Next, to have Postfix send incoming emails through SpamAssassin, we have to edit the /etc/postfix/master.cf file. At the very beginning, we have to add a line under the smtp definition :</p>
<div class="highlight"><pre>smtp inet n - - - - smtpd
<div class="highlight"><pre><span></span>smtp inet n - - - - smtpd
-o content_filter=spamassassin
</pre></div>
<p>At the very end of the same file, we have to add the following lines :</p>
<div class="highlight"><pre>spamassassin unix - n n - - pipe
<div class="highlight"><pre><span></span>spamassassin unix - n n - - pipe
user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f <span class="cp">${</span><span class="n">sender</span><span class="cp">}</span> <span class="cp">${</span><span class="n">recipient</span><span class="cp">}</span>
</pre></div>
<p>Let's restart SpamAssassin and Postfix :</p>
<div class="highlight"><pre>systemctl restart postfix
<div class="highlight"><pre><span></span>systemctl restart postfix
systemctl restart spamassassin
</pre></div>
<p>That's all for SpamAssassin ! To check if it is working, send yourself an email from another provider. You should see the following headers in it :</p>
<div class="highlight"><pre>X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
<div class="highlight"><pre><span></span>X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
myserver.captainark.net
X-Spam-Level:
</pre></div>
@ -732,7 +732,7 @@ X-Spam-Level:
<h2>Configuring SPF</h2>
<h3>Allowing your server to send emails for your domain</h3>
<p><a href="http://www.openspf.org/">SPF</a> (Sender Policy Framework) is a mechanism that confirms that your server's IP is allowed to send emails for your domain. Technically, it is a TXT DNS record which looks something like this :</p>
<div class="highlight"><pre>captainark.net IN TXT &quot;v=spf1 mx ~all&quot;
<div class="highlight"><pre><span></span>captainark.net IN TXT &quot;v=spf1 mx ~all&quot;
</pre></div>
@ -742,19 +742,19 @@ X-Spam-Level:
<h3>Checking SPF record for inbound mail</h3>
<p>Now that we have set up our own SPF record, let's configure Postfix to check that other mail servers communicating with us have done the same.</p>
<p>First, let's add the two following lines at the end of /etc/postfix-policyd-spf-python/policyd-spf.conf :</p>
<div class="highlight"><pre>Header_Type = AR
<div class="highlight"><pre><span></span>Header_Type = AR
Authserv_Id = &quot;&lt;server&#39;s FQDN&gt;&quot;
</pre></div>
<p>Then, let's edit the /etc/postfix/master.cf file and add the following lines at the end :</p>
<div class="highlight"><pre>policy-spf unix - n n - - spawn
<div class="highlight"><pre><span></span>policy-spf unix - n n - - spawn
user=nobody argv=/usr/bin/policyd-spf
</pre></div>
<p>Let's now edit the /etc/postfix/main.cf. In the "smtpd_recipient_restrictions" section, add the "check_policy_service" line as seen below :</p>
<div class="highlight"><pre>smtpd_recipient_restrictions =
<div class="highlight"><pre><span></span>smtpd_recipient_restrictions =
[...]
reject_unauth_destination,
check_policy_service unix:private/policy-spf,
@ -763,13 +763,13 @@ Authserv_Id = &quot;&lt;server&#39;s FQDN&gt;&quot;
<p>We now have to restart postfix :</p>
<div class="highlight"><pre>systemctl restart postfix
<div class="highlight"><pre><span></span>systemctl restart postfix
</pre></div>
<p>Our server is now checking other mail server's SPF records.</p>
<p>To make sure that it is working, send yourself an email from another provider. You should see the following header in it :</p>
<div class="highlight"><pre><span class="nt">Authentication-Results</span><span class="o">:</span> <span class="nt">myserver</span><span class="nc">.captainark.net</span><span class="o">;</span> <span class="nt">spf</span><span class="o">=</span><span class="nt">pass</span> <span class="o">(</span><span class="nt">sender</span> <span class="nt">SPF</span> <span class="nt">authorized</span><span class="o">)</span>
<div class="highlight"><pre><span></span><span class="nt">Authentication-Results</span><span class="o">:</span> <span class="nt">myserver</span><span class="nc">.captainark.net</span><span class="o">;</span> <span class="nt">spf</span><span class="o">=</span><span class="nt">pass</span> <span class="o">(</span><span class="nt">sender</span> <span class="nt">SPF</span> <span class="nt">authorized</span><span class="o">)</span>
<span class="cp">[</span><span class="nx">...</span><span class="cp">]</span> <span class="nt">receiver</span><span class="o">=</span><span class="nt">example</span><span class="k">@captainark</span><span class="nc">.net</span><span class="o">)</span>
</pre></div>
@ -780,13 +780,13 @@ Authserv_Id = &quot;&lt;server&#39;s FQDN&gt;&quot;
<p>With this configuration, OpenDKIM will also check the key for inbound emails.</p>
<h3>Software side</h3>
<p>First, let's backup the original configuration file and create a folder for the configuration files :</p>
<div class="highlight"><pre>mv /etc/opendkim.conf /etc/opendkim.conf.orig
<div class="highlight"><pre><span></span>mv /etc/opendkim.conf /etc/opendkim.conf.orig
mkdir /etc/opendkim.d
</pre></div>
<p>We now have to create a /etc/opendkim.conf file with the following content :</p>
<div class="highlight"><pre>AutoRestart Yes
<div class="highlight"><pre><span></span>AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
@ -814,12 +814,12 @@ Socket local:/var/spool/postfix/opendkim/opendkim.sock
<p>Let's then create the necessary folders :</p>
<div class="highlight"><pre>mkdir -p /etc/opendkim.d/keys/captainark.net/
<div class="highlight"><pre><span></span>mkdir -p /etc/opendkim.d/keys/captainark.net/
</pre></div>
<p>Now, we are going to create the /etc/opendkim.d/TrustedHosts file with the following content :</p>
<div class="highlight"><pre>localhost
<div class="highlight"><pre><span></span>localhost
127.0.0.1
::1
captainark.net
@ -828,26 +828,26 @@ captainark.net
<p>This file contains the hosts and domains for which OpenDKIM should sign emails.</p>
<p>Next, let's create the /etc/opendkim.d/KeyTable :</p>
<div class="highlight"><pre>mail._domainkey.captainark.net captainark.net:mail:/etc/opendkim.d/keys/captainark.net/mail.private
<div class="highlight"><pre><span></span>mail._domainkey.captainark.net captainark.net:mail:/etc/opendkim.d/keys/captainark.net/mail.private
</pre></div>
<p>This file tells OpenDKIM which key it should use for each selector.</p>
<p>Finally, let's create the /etc/opendkim.d/SigningTable file :</p>
<div class="highlight"><pre>*@captainark.net mail._domainkey.captainark.net
<div class="highlight"><pre><span></span>*@captainark.net mail._domainkey.captainark.net
</pre></div>
<p>This file tells OpenDKIM which selector it should use for each domain.</p>
<p>We now have to generate the private/public key pair for our domain :</p>
<div class="highlight"><pre><span class="nb">cd</span> /etc/opendkim.d/keys/captainark.net/
<div class="highlight"><pre><span></span><span class="nb">cd</span> /etc/opendkim.d/keys/captainark.net/
opendkim-genkey -s mail -d captainark.net
</pre></div>
<p>This creates two files ; mail.private contains our private key, mail.txt contains our public key.</p>
<p>Let's change the permissions on those files :</p>
<div class="highlight"><pre>chown -R opendkim: /etc/opendkim.d/keys
<div class="highlight"><pre><span></span>chown -R opendkim: /etc/opendkim.d/keys
chmod -R <span class="m">700</span> /etc/opendkim.d/keys
chmod <span class="m">600</span> /etc/opendkim.d/captainark.net/*
</pre></div>
@ -856,36 +856,36 @@ chmod <span class="m">600</span> /etc/opendkim.d/captainark.net/*
<h3>Postfix integration</h3>
<p>The last thing we have to do is to configure Postfix to communicate with OpenDKIM.</p>
<p>First, let's create the necessary folders :</p>
<div class="highlight"><pre>mkdir /var/spool/postfix/opendkim
<div class="highlight"><pre><span></span>mkdir /var/spool/postfix/opendkim
chown opendkim: /var/spool/postfix/opendkim
</pre></div>
<p>We also have to add the postfix user to the opendkim group :</p>
<div class="highlight"><pre>useradd -G opendkim postfix
<div class="highlight"><pre><span></span>useradd -G opendkim postfix
</pre></div>
<p>Now, let's edit the /etc/postfix/master.cf file, like so :</p>
<div class="highlight"><pre>smtpd_milters = unix:/opendkim/opendkim.sock
<div class="highlight"><pre><span></span>smtpd_milters = unix:/opendkim/opendkim.sock
</pre></div>
<p>We now have to restart OpenDKIM and Postfix :</p>
<div class="highlight"><pre>systemctl restart opendkim
<div class="highlight"><pre><span></span>systemctl restart opendkim
systemctl restart postfix
</pre></div>
<h3>DNS side</h3>
<p>For DKIM to work, you have to configure a DNS TXT record in your zone. This record was automatically generated by OpenDKIM in the mail.txt file mentioned earlier :</p>
<div class="highlight"><pre>mail._domainkey IN TXT &quot;v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkJq0CW3tl2XHZ1CN5XdbqRDU7KfXOJ70nlwI09bHmDU63/Yz3J5rl863S0t2ncVHfIudZANj0OaiJe5HRR7WCsjuNIhQFfPFGIWLNClpxqdQVQURI38sAGeyn7Ed/Cor1AiWABzFWzel0kvXILw8K/NTzxaAPeSa9ttwQEgSmowIDAQAB&quot; ; ----- DKIM key mail for captainark.net
<div class="highlight"><pre><span></span>mail._domainkey IN TXT &quot;v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkJq0CW3tl2XHZ1CN5XdbqRDU7KfXOJ70nlwI09bHmDU63/Yz3J5rl863S0t2ncVHfIudZANj0OaiJe5HRR7WCsjuNIhQFfPFGIWLNClpxqdQVQURI38sAGeyn7Ed/Cor1AiWABzFWzel0kvXILw8K/NTzxaAPeSa9ttwQEgSmowIDAQAB&quot; ; ----- DKIM key mail for captainark.net
</pre></div>
<p>All you have to do is to copy and paste this record in your DNS zone file.</p>
<p>To make sure that OpenDKIM is working, you can send an empty email to <a href="mailto:check-auth@verifier.port25.com">check-auth@verifier.port25.com</a>. You should receive a response with the following content :</p>
<div class="highlight"><pre>==========================================================
<div class="highlight"><pre><span></span>==========================================================
Summary of Results
==========================================================
SPF check: pass
@ -901,12 +901,12 @@ SpamAssassin check: ham
<p>It lets the owner of a domain name indicate that his email is protected by SPF and/or DKIM and what other providers should do with emails that do not pass those checks.</p>
<h3>Software side</h3>
<p>Once again, let's backup the original configuration file :</p>
<div class="highlight"><pre>mv /etc/opendmarc.conf /etc/opendmarc.conf.orig
<div class="highlight"><pre><span></span>mv /etc/opendmarc.conf /etc/opendmarc.conf.orig
</pre></div>
<p>We now have to create a /etc/opendmarc.conf file with the following content :</p>
<div class="highlight"><pre>AutoRestart Yes
<div class="highlight"><pre><span></span>AutoRestart Yes
AutoRestartRate 10/1h
UMask 0002
Syslog true
@ -926,36 +926,36 @@ Socket local:/var/spool/postfix/opendmarc/opendmarc.sock
<h3>Postfix integration</h3>
<p>The last thing we have to do is to configure Postfix to communicate with OpenDMARC.</p>
<p>First, let's create the necessary folders :</p>
<div class="highlight"><pre>mkdir /var/spool/postfix/opendmarc
<div class="highlight"><pre><span></span>mkdir /var/spool/postfix/opendmarc
chown opendmarc: /var/spool/postfix/opendmarc
</pre></div>
<p>We also have to add the postfix user to the opendmarc group :</p>
<div class="highlight"><pre>useradd -G opendmarc postfix
<div class="highlight"><pre><span></span>useradd -G opendmarc postfix
</pre></div>
<p>Now, let's edit the /etc/postfix/master.cf file, like so :</p>
<div class="highlight"><pre>smtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock
<div class="highlight"><pre><span></span>smtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock
</pre></div>
<p>We now have to restart OpenDMARC and Postfix :</p>
<div class="highlight"><pre>systemctl restart opendmarc
<div class="highlight"><pre><span></span>systemctl restart opendmarc
systemctl restart postfix
</pre></div>
<p>You should now see the following headers in your incoming emails :</p>
<div class="highlight"><pre><span class="nt">Authentication-Results</span><span class="o">:</span> <span class="nt">myserver</span><span class="nc">.captainark.net</span><span class="o">;</span> <span class="nt">dmarc</span><span class="o">=</span><span class="nt">pass</span> <span class="nt">header</span><span class="nc">.from</span><span class="o">=</span><span class="nt">gmail</span><span class="nc">.com</span>
<div class="highlight"><pre><span></span><span class="nt">Authentication-Results</span><span class="o">:</span> <span class="nt">myserver</span><span class="nc">.captainark.net</span><span class="o">;</span> <span class="nt">dmarc</span><span class="o">=</span><span class="nt">pass</span> <span class="nt">header</span><span class="nc">.from</span><span class="o">=</span><span class="nt">gmail</span><span class="nc">.com</span>
</pre></div>
<h3>DNS side</h3>
<p>DMARC, like SPF and DKIM, is based on DNS TXT records.</p>
<p>Here is how I configured it for the captainark.net domain :</p>
<div class="highlight"><pre><span class="nt">_dmarc</span> <span class="nt">IN</span> <span class="nt">TXT</span> <span class="s2">&quot;v=DMARC1; p=none; rua=mailto:postmaster@captainark.net; ruf=mailto:postmaster@captainark.net&quot;</span>
<div class="highlight"><pre><span></span><span class="nt">_dmarc</span> <span class="nt">IN</span> <span class="nt">TXT</span> <span class="s2">&quot;v=DMARC1; p=none; rua=mailto:postmaster@captainark.net; ruf=mailto:postmaster@captainark.net&quot;</span>
</pre></div>
@ -964,12 +964,12 @@ systemctl restart postfix
<h2>Configuring Monit</h2>
<p><a href="http://mmonit.com/monit/">Monit</a> is a daemon that makes sure that other daemons are running. If they crash, it restarts them automatically. Is is not directly related to a mail server per say, but it's pretty easy to set up.</p>
<p>First, as always, let's backup the original configuration file :</p>
<div class="highlight"><pre>mv /etc/monit/monitrc /etc/monit/monitrc.orig
<div class="highlight"><pre><span></span>mv /etc/monit/monitrc /etc/monit/monitrc.orig
</pre></div>
<p>We now have to create a new /etc/monit/monitrc file with the following content :</p>
<div class="highlight"><pre>set daemon 30
<div class="highlight"><pre><span></span>set daemon 30
set logfile syslog facility log_daemon
set httpd port 2812 and
@ -987,7 +987,7 @@ include /etc/monit/conf.d/*
<p>Then, we are going to create a /etc/monit/conf.d/mail file with the following content :</p>
<div class="highlight"><pre>check process postfix
<div class="highlight"><pre><span></span>check process postfix
with pidfile &quot;/var/spool/postfix/pid/master.pid&quot;
start program = &quot;/bin/systemctl start postfix&quot;
stop program = &quot;/bin/systemctl stop postfix&quot;
@ -1029,17 +1029,17 @@ check process opendmarc
<p>Let's make sure that permissions on the file are correct :</p>
<div class="highlight"><pre>chown root: /etc/monit/conf.d/mail <span class="o">&amp;&amp;</span> chmod <span class="m">600</span> /etc/monit/conf.d/mail
<div class="highlight"><pre><span></span>chown root: /etc/monit/conf.d/mail <span class="o">&amp;&amp;</span> chmod <span class="m">600</span> /etc/monit/conf.d/mail
</pre></div>
<p>Then, we have to reload the monit daemon :</p>
<div class="highlight"><pre>monit reload
<div class="highlight"><pre><span></span>monit reload
</pre></div>
<p>Now, the <code>monit summary</code> command should have the following output :</p>
<div class="highlight"><pre>The Monit daemon 5.4 uptime: 3d 0h 41m
<div class="highlight"><pre><span></span>The Monit daemon 5.4 uptime: 3d 0h 41m
Process &#39;postfix&#39; Running
Process &#39;dovecot&#39; Running

View File

@ -36,7 +36,6 @@ EXTRA_PATH_METADATA = {
'static/bg.png': {'path': 'bg.png'},
}
STATIC_PATHS = [
'.well-known',
'images',
'static/robots.txt',
'static/favicon.ico',

Binary file not shown.