Messages

1

Installation and Upgrades / Re: Get mail filter to scan zip files in e-mails?

« on: April 24, 2010, 07:41:39 pm »

The problem is that the zip file itself will be detected, but by default ebox configures amavis to uncompress and scan the contents, but not the original zip. Unfortunately, clamav does not detect the virus in the contained exe file. The solution is to enable scanning of the zip files in /usr/share/ebox/stubs/mailfilter/amavisd.conf.mas at line 701.

$keep_decoded_original_re = new_RE(
# qr'^MAIL$',   # retain full original message for virus checking (can be slow)
  qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
  qr'^Zip archive data',
);

The only change was the removal of a # before the "Zip archive..." line. I suppose this will undoubtedly slow down scanning.

Perhaps then, we should configure amavis not to extract archives and allow clamav to do it?

2

Installation and Upgrades / Get mail filter to scan zip files in e-mails?

« on: April 24, 2010, 05:46:11 pm »

I'm getting a lot of virus e-mails containing a small zip file. Is there a way to get mail filter to scan these? I ran clamscan against the files on the server locally and they result in a "FOUND."

Also, if I recall correctly, isn't there a setting in amavis to only scan attachments smaller than a certain size?

3

Installation and Upgrades / Re: 1.4-1: Cannot create a virtual user that matches admin account

« on: April 12, 2010, 07:56:11 pm »

Definitely a bug in newer ebox packages. I installed 1.4-0 in a VM with no network access and I can create both accounts.

4

Installation and Upgrades / Re: 1.4-1: Cannot create a virtual user that matches admin account

« on: April 12, 2010, 06:39:48 pm »

Note: I cannot reproduce the "working" case in 1.4. Now, everytime I try it, I get the same error. But I know that it worked, because I still have my older 1.4 VM and I can see both accounts are created. Perhaps the problem is that the ebox-installer does an update during install?

5

Installation and Upgrades / 1.4-1: Cannot create a virtual user that matches admin account

« on: April 12, 2010, 08:38:46 am »

I could do this in 1.4. During the installer, I created an admin account. After installation & configuration, I cannot create the same account in the Users & Groups section. I keep getting the error: Username already exists on the system.

6

Installation and Upgrades / Re: Documentation for .mas stub files?

« on: February 28, 2010, 07:43:25 am »

Got it to work using the following code in /usr/share/ebox/stubs/mail/main.cf.mas just before the "</%init>" tag.

Code: [Select]

my $userMainCF;
if (open(FH, "/etc/postfix/user-main.cf")) {
    $userMainCF = join('', <FH>);
    close FH;
}
</%init>
and then at the end of the file:

Code: [Select]

<% $userMainCF %>


7

Installation and Upgrades / Documentation for .mas stub files?

« on: February 27, 2010, 08:05:38 pm »

Is there any documentation for the stub file formats? I'd like to make changes to my setup and I'd like to make my changes fit within ebox's design as much as possible.
Answer: apparently the format is http://www.masonbook.com/.

Short term question:Is there a way that I could read a file into a variable and have that variable appended at the end of the stub? Like the following:

<%init>
...
my $user_include_file;
{
  local $/=undef;
  open FILE,  "/etc/postfix/custom/user-main.cf" or die "Couldn't open file: $!";
  binmode FILE;
  $user_include_file = <FILE>;
  close FILE;
}

except I don't want the die part.
</%init>
...

<%$user_include_file%>

8

Installation and Upgrades / Re: Apache2 and Virtual Hosts?

« on: February 20, 2010, 05:26:30 pm »

Could you be more clear about the default host problem? As best I can tell, ebox does not configure it, it is installed once and left there. If you want to modify it, you can do it manually by editing sites-available/default.

[warn] NameVirtualHost *:0 has no VirtualHosts

It's only a warning and it exists because of how ebox writes the files. They should really only have the NameVirtualHost line once in apache2.conf and leave it out of the virtual host files. However, it doesn't do any harm that I can tell.

9

Installation and Upgrades / Re: How to add ServerAlias *.domain.com for Virtual Domain

« on: February 18, 2010, 09:50:46 pm »

Shouldn't you put your site specific changes in a file in the following directory like it's telling you to? Then, it will not be overwritten by ebox.

Code: [Select]

        # Under this directory you can manually configure every thing
        # you may need of that stuff
        Include sites-available/user-ebox-www.dragonsden.info/*


10

Installation and Upgrades / Migrating an ebox configuration from one machine to another

« on: February 05, 2010, 09:43:36 am »

I'm setting up ebox 1.4 in a VM for testing before I make install on a production machine. Is there a way to save time on the production machine by somehow copying over config files from the VM? For example, if I install ebox on the new machine exactly the same, couldn't I just copy over the ebox config files just before enabling all of the modules?

11

Installation and Upgrades / Re: Creating a secure, https, 443, virtual host with the webserver

« on: February 04, 2010, 05:52:35 am »

I don't quite understand what's going on here though.

ebox doesn't give you any way of creating secure virtual hosts. This was an example of how I created one. I wanted my webmail to be secure. The instructions detail how I did that with ebox 1.3.15.

I have tried your recommended settings, but I cannot get it to work for me. I am getting this error when starting Apache..

VirtualHost *:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

Even with my working setup, I get warnings about "NameVirtualHost *:0 has no VirtualHosts." However, it all works with the warnings. They only exist because ebox creates VirtualHost definitions without the :PORT. I kind of get why they don't. As it stands now, if you change the ebox port, it just changes /etc/apache2/ports.conf. If they added the :PORT to all the virtual hosts, they'd have to regenerate all of the virtual host files, too. Although, it's done by a computer so how long could it take? 50ms? a whole second?

Also, I did get that same error that you're reporting while testing. I'm trying to remember the cause. Maybe you could post your configuration? I think it had to do with a misunderstanding on my part of how to use NameVirtualHost and VirtualHost.

12

Installation and Upgrades / Re: Creating a secure, https, 443, virtual host with the webserver

« on: January 31, 2010, 02:25:02 am »

I was actually able to figure it out with the help of the Apache manual. I had to do the following:

• I did all of the listed actions in my first post.
• I created a file named "https-mail.mydomain.com" in sites-available.
• I symlinked that file in sites-enabled to enable it.
• I created a user-ebox-mail.mydomain.com/custom file.
• The custom file merely includes a Redirect line sending you to the https virtual host.
• The https-mail... file contents are below. I've annotated them a bit.
• Last, I had to add 443 to the firewall. I did this by adding 443 to the "HTTP Software" service under Services. Then, under "Firewall->Packet Filter->From internal to ebox," I added a rule (ACCEPT, Source: Any,  HTTP Software, Description: "https"

Note: my ebox is on an internal network behind a port-forwarding firewall/router. In order for this to work fully, you may have to also add the https/443 firewall rule to "Filtering rules from external networks to eBox."

After all of that, it works. I would still like to get it where https://IP gets automatically changed to https://mail.mydomain.com in the user's browser, though. However, that's really minor.

Code: [Select]

# This file is a combination of ebox-mail.mydomain.com with the SSL parts of /var/lib/ebox/conf/apache2.conf added in.

# These lines load SSL support and were lifted from the ebox conf file.
Include /etc/apache2/mods-available/ssl.load
Include /etc/apache2/mods-available/ssl.conf

# Turn on port 443
Listen 443

# Turn on virtual hosts for 443
NameVirtualHost *:443

# This was an attempt to try and make IP:443 change the name in
# the user's browser to mail.mydomain.com. It doesn't work. If anyone knows
# how to do this, please post a reply.
#<VirtualHost _default_:443>
# Redirect / https://mail.mydomain.com/
#</VirtualHost>

# This whole section is a copy of ebox-mail.mydomain.com except
# where noted with comments.
# Added :443 here.
<VirtualHost *:443>
        ServerAdmin webmaster@localhost

        ServerName mail.mydomain.com
        DocumentRoot /var/www/mail.mydomain.com

        # Not sure if this is necessary, it was in my old Apache config.
<Directory /var/www/mail.mydomain.com>
IndexIgnore *
</Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

        # All of the SSL lines are taken from the ebox apache2.conf
SSLEngine on
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM

SSLCertificateFile /var/lib/ebox/conf/ssl/ssl.pem

SSLCACertificatePath /var/lib/ebox/conf/ssl-ca/
</VirtualHost>


13

Installation and Upgrades / Re: Is it always okay to "apt-get update"?

« on: January 28, 2010, 09:27:28 pm »

I appreciate the tips on aptitude. However, what I was actually trying to ask was whether or not I have to worry about ebox breaking from an update of a package that ebox either uses or controls.
Thanks.

14

Installation and Upgrades / Creating a secure, https, 443, virtual host with the webserver

« on: January 28, 2010, 09:25:30 pm »

Would someone help me figure out how to create SSL virtual hosts with ebox? I'm trying to figure out the correct way to do it, as in, a way that works as much with ebox as possible.

Goals:

• Move webmail from http://ip/webmail to https://mail.mydomain.com.
• Replace my existing webserver setup with ebox. I'd like to have ebox at https://:444, several http://:80 virtual hosts, one https://mail.mydomain.com:443 virtual host, and also to redirect http://mail.mydomain.com:80 to the one at :443.

My actions so far:

• I created the mail.mydomain.com virtual host.
• I created a certificate for it that is assigned to the ebox admin interface, "apache".
• Moved ebox to :444.
• Deleted the /var/www/webmail symlink and replaced the /var/www/mail.mydomain.com directory with a symlink to /var/lib/roundcube.
• Using http, the webmail works fine at http://mail.mydomain.com

Now, I want to make that virtual host https and only https. I think I have to do this by adding a file to /etc/apache2/sites-available/user-ebox-mail.mydomain.com which I'll call "custom.conf". In custom.conf, I need to add the commands to turn on SSL and tell it where to find certificates. I also need to tell apache to "Listen 443" somewhere and to load the ssl module. I'm not really sure how and where to do these steps. Also, do I have to modify the "<VirtualHost *>" line(s)?

Thanks.

UPDATE: I forgot to mention that I'm doing all of this with ebox-1.3.15.

15

Installation and Upgrades / Is it always okay to "apt-get update"?

« on: January 27, 2010, 05:15:39 pm »

Hi, I'm new to ebox, but not to Linux or server administration. I'm playing with ebox-1.3.10.

Is it always okay to "apt-get update"? I just want to know if I have to worry about a non-ebox package update occurring that would be incompatible with ebox and perhaps preceding an ebox update that would deal with the change. Or is this just a non-issue because of the Debian philosophy of only fixing bugs with updates?

Thanks, Harvey