Category: Centos

Posted on

How to connect to a remote MySQL database using Linux terminal

MySQL is an open-source relational database management system (RDBMS).

connect remote mysqlIn this article we will connect to remote MySQL database in the simple way. After you setup a user with proper access rights run the below commands.

$ mysql -u yourUser -p -h

Lets explanation the above command:

-u tells mysql what is your username

-p tells mysql you have a password and will prompt you to enter it after you press enter

-h tells mysql the hostname or IP address of your MySQL server

You can learn more form MySQL database documentation

Posted on

How To Install SquirrelMail on CentOS 7

SquirrelMail on CentOS 7

Squirrelmail is one of the most popular Web-based email clients written in PHP. It has built-in pure PHP support for IMAP and SMTP, and it is designed to render all pages in pure HTML 4.0 with no JavaScript required, for maximum compatibility across browsers.

Prerequisites

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation SquirrelMail email clients on a CentOS 7 server.
Install SquirrelMail on CentOS 7

Step 1. First, let’s start by ensuring your system is up-to-date.

yum clean all
yum install epel-release
yum -y update

Step 2. Installing SquirrelMail on CentOS 7.

Install SquirrelMail using the yum default package manager:

yum install squirrelmail

Step 3. Configure SquirrelMail.

Once the webmail client is installed, you can configure it according to your needs by running the configuration script:

cd /usr/share/squirrelmail/config/
./conf.pl

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers
C Turn color off
S Save data
Q Quit

Command >>

There are different settings in the configuration file, but the main things that should be checked and configured are:

Set your default domain name (2. Server settings > 1. Domain)
Addresses of IMAP and SMTP servers.
Type of IMAP server.

Step 4. Accessing SquirrelMail.

SquirrelMail will be available on HTTP port 80 by default. Open your favorite browser and navigate to http://yourdomain.com/squirrelmail or http://server-ip/squirrelmail and complete the required the steps to finish the installation.

Congratulations! You have successfully installed SquirrelMail. Thanks for using this tutorial for installing SquirrelMail email clients in CentOS 7 systems. For additional help or useful information, we recommend you to check the official SquirrelMail web site.

Posted on

How To Install Mantis Bug Tracker on CentOS 7

Mantis Bug Tracker on CentOS 7

Mantis is a free and popular open source bug tracking system. It is written in PHP and supports all types of database server. It provides a professional dashboard to manage bugs assigned to the user. It supports powerful access control which provides per project base user access. It is very flexible, you can customize the issue fields, notifications, and workflow.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Mantis Bug Tracker on a CentOS 7 server.
Install Mantis Bug Tracker on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Install LAMP server.

A CentOS 7 LAMP stack server is required. If you do not have LAMP installed, you can follow our guide here. Also install required PHP modules:

yum -y install php-gd php-imap php-xml php-xmlrpc php-mbstring php-mcrypt php-mssql php-snmp curl curl-devel

Step 3. Installing Mantis Bug Tracker.

First thing to do is to go to Mantis Bug Tracker’s download page and download the latest stable version of Mantis, At the moment of writing this article it is version 2.5.0:

wget https://ncu.dl.sourceforge.net/project/mantisbt/mantis-stable/2.5.0/mantisbt-2.5.0.zip

Unpack the Nextcloud archive to the document root directory on your server:

tar -xpf mantisbt-2.5.0.tar.gz
mv mantisbt-2.4.1 /var/www/html/mantis

We will need to change some folders permissions:

chown apache:apache -R /var/www/html/mantis/

Step 4. Configuring MariaDB for Mantis Bug Tracker.

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. You should read and below each steps carefully which will set root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB.

mysql_secure_installation

Configure it like this:

- Set root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y

Next we will need to log in to the MariaDB console and create a database for the Mantis Bug Tracker. Run the following command:

mysql -u root -p

This will prompt you for a password, so enter your MariaDB root password and hit Enter. Once you are logged in to your database server you need to create a database for Mantis Bug Tracker installation:

MariaDB [(none)]> CREATE DATABASE mantisdb;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON mantisdb.* TO 'mantis'@'localhost' IDENTIFIED BY 'mantispassword';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q

Step 5. Configuring Apache web server for Mantis Bug Tracker.

We will create Apache virtual host for your Nextcloud website. First create ‘/etc/httpd/conf.d/vhosts.conf’ file with using a text editor of your choice:

nano /etc/httpd/conf.d/vhosts.conf
IncludeOptional vhosts.d/*.conf

Next, create the virtual host:

mkdir /etc/httpd/vhosts.d/
nano /etc/httpd/vhosts.d/yourdomain.com.conf

Add the following lines:

ServerAdmin [email protected]
DocumentRoot "/var/www/html/mantis/"
ServerName yourdomain.com
ServerAlias www.yourdomain.com
ErrorLog "/var/log/httpd/yourdomain.com-error_log"
CustomLog "/var/log/httpd/yourdomain.com-access_log" combined

<Directory "/var/www/html/mantis/">
DirectoryIndex index.html index.php
Options FollowSymLinks
AllowOverride All
Require all granted

Save and close the file. Restart the apache service for the changes to take effects:

systemctl restart httpd.service
systemctl enable httpd.service

Step 6. Accessing Mantis Bug Tracker.

Mantis Bug Tracker will be available on HTTP port 80 by default. Open your favorite browser and navigate to http://yourdomain.com/mantis/admin/install.php or http://server-ip/mantis/admin/install.php and complete the required the steps to finish the installation. If you are using a firewall, please open port 80 to enable access to the control panel.

Congratulation’s! You have successfully installed Mantis. Thanks for using this tutorial for installing Mantis free open source bug tracking system on your CentOS 7 system. For additional help or useful information, we recommend you to check the official Mantis Bug Tracker web site.

Posted on

How To Install Let’s Encrypt SSL With Nginx on CentOS 7

Let’s Encrypt SSL With Nginx on CentOS 7

LetsEncrypt is a free open certificate authority (CA) that provides free certificates for websites and other services. The service, which is backed by the Electronic Frontier Foundation, Mozilla, Cisco Systems, and Akamai. Unfortunately, LetsEncrypt.org certificates currently have a 3 month lifetime. This means you’ll need to renew your certificate quarterly for now.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Let’s Encrypt SSL with Nginx on a CentOS 7 server.
Install Let’s Encrypt SSL With Nginx on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update
Step 2. Installing Let’s Encrypt SSL on CentOS 7.

In CentOS 7, you can find Certbot on the EPEL repository; if you enable it, just install what you need:
yum install epel-release
yum install certbot

You will also need to have nginx installed and running. Of course, if you are adding certificates onto a previously configured web host this would already be installed:

yum install nginx
systemctl start nginx

The first step to install let’s encrypt ssl on CentOS Linux is to add a simple configuration inside your nginx virtual host configuration. Add this line to your vhost configuration:

location ~ /.well-known {
allow all;
}

Save and exit to apply changes:

nginx -t
systemctl restart nginx

Obtaining a certificate with Certbot:

Run the command as you see below, replace “wpcademy.com” with your real domain name and /var/www/wpcademy.com with your real webroot path:

certbot certonly -a webroot --webroot-path=/var/www/wpcademy.com -d wpcademy.com -d www.wpcademy.com

Result:

[[email protected]:~]certbot certonly -a webroot --webroot-path=/var/www/wpcademy.com -d wpcademy.com -d www.wpcademy.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wpcademy.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/idroot.us/fullchain.pem. Your cert
will expire on 2017-07-16. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[[email protected]:~]

Step 3. Configure Let’s Encrypt TLS/SSL on Nginx Web Server.

First, edit the Virtual Host file you specified during configuration through Certbot and add this three directives:

listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/idroot.us/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/idroot.us/privkey.pem;

The full nginx vhost configuration may look like this:

server {
listen 80;
server_name wpcademy.com www.wpcademy.com;
rewrite ^(.*) https://wpcademy.com$1 permanent;
}

server {
access_log off;
log_not_found off;
error_log logs/idroot.us-error_log warn;

server_name wpcademy.com;
root /var/www/wpcademy.com;
index index.php index.html index.htm;

listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/wpcademy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wpcademy.com/privkey.pem;

## Stuff required by certbot
location ~ /.well-known {
allow all;
}

## SSL
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;

ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 10s;

access_log /var/www/wpcademy.com/logs/access.log;
error_log /var/www/wpcademy.com/logs/error.log;

# php-script handler
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000; fastcgi_read_timeout 150;
root /var/www/wpcademy.com/public_html;
fastcgi_param SCRIPT_FILENAME /var/www/idroot.us$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}

Step 5. Set Up Let’s Encrypt SSL Auto Renewal.

We will add a cronjob to run the renewal command every week, run this command:

export VISUAL=nano; crontab -e

Paste the following lines:

01 1 * * 0 /usr/bin/certbot renew >> /var/log/ssl-renew.log
06 1 * * 0 /usr/bin/systemctl nginx reload

Save and Exit from the crontab table.

This will create a new cronjob that will be executed every Sunday at 01 AM, and then it will reload Nginx web server to apply the changes. The output will be logged into /var/log/ssl-renew.log file for further analysis if needed.

Congratulation’s! You have successfully installed Let’s Encrypt. Thanks for using this tutorial for installing Let’s Encrypt SSL on CentOS 7 system. For additional help or useful information, we recommend you to check the official Let’s Encrypt web site.

Posted on

How To Install Cerb on CentOS 7

Cerb on CentOS 7

Cerb is an open-source application for web-based collaboration and automation. Cerb can also be used for sending a high volume of emails. Cerb is written in PHP and uses MySQL/MariaDB to store its data

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Cerb on a CentOS 7 server.
Install Cerb on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y install epel-release
yum -y update

Step 2. Install LAMP server.

A CentOS 7 LAMP stack server is required. If you do not have a LAMP installed, you can follow our guide here. Also install required PHP modules:

yum install install php70w-cli php70w-pear php70w-gd php70w-xml php70w-curl php70w-gmp php70w-pdo php70w-mysql php70w-zip php70w-mbstring php70w-mcrypt

Once the installation is finished, you will need to modify the php.ini configuration file:

nano /etc/php.ini

Change the following line:

memory_limit = 128M # 128M or Higher according to the memory available
upload_max_filesize = 2M # 32M or Higher
post_max_size = 8M # 32M or Higher
;upload_tmp_dir = # Uncomment and change it to upload_tmp_dir = /tmp

Step 3. Configuring MariaDB for Cerb.

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. you should read and below each steps carefully which will set root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB:

mysql_secure_installation

Configure it like this:

- Set root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y

Next we will need to log in to the MariaDB console and create a database for the Cerb. Run the following command:

mysql -u root -p

This will prompt you for a password, so enter your MariaDB root password and hit Enter. Once you are logged in to your database server you need to create a database for Cerb installation:

CREATE DATABASE cerb_data;
CREATE USER 'cerb_user'@'localhost' IDENTIFIED BY 'StrongPassword';
GRANT ALL PRIVILEGES ON cerb_data.* TO 'cerb_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Step 4. Installing Cerb.

Once Database is configured, you will need to install Cerb. You can download the latest version of Cerb from GitHub repository with the following command:

yum -y install git
cd /var/www/html
git clone git://github.com/wgm/cerb.git cerb

Next, you’ll have to change proper ownership and provide file permissions, you can do so using following command:

cd /var/www/html/cerb
chown -R apache:apache .
chmod -R u+w framework.config.php storage

Step 5. Configure Firewall for Cerb.

You may also need to allow HTTP traffic on port 80 through the system firewall:

firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --reload

Step 6. Accessing Cerb.

Cerb will be available on HTTP port 80 by default. Open your favorite browser and navigate to http://yourdomain.com/cerb or http://server-ip/cerb and complete the required the steps to finish the installation.

Congratulation’s! You have successfully installed Cerb. Thanks for using this tutorial for installing Cerb on CentOS 7 system. For additional help or useful information, we recommend you to check the official Cerb web site.

Posted on

How To Install Mail Server With PostfixAdmin on CentOS 7

Mail Server With PostfixAdmin on CentOS 7

Postfixadmin is a web frontend to the mysql or mariaDB database used by Postfix. With Postfixadmin we can easily manage from a web browser our Postfix service, adding and removing mail users and domains, mail aliases, disk quotas, etc.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Seafile Secure Cloud Storage on a CentOS 7 server.
Install Mail Server With PostfixAdmin on CentOS 7

Step 1. First, let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Install LAMP server.

A CentOS 7 LAMP stack server is required. If you do not have a LAMP installed, you can follow our guide here. Also install required PHP modules:

yum install php70w-cli php70w-gd php70w-xml php70w-curl php70w-mysql php70w-zip php70w-mbstring php70w-mcrypt

Step 3. Configuring MariaDB for PostfixAdmin.

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. You should read and below each step carefully which will set the root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB:

mysql_secure_installation

Configure it like this:

- Set root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y

Next we will need to log in to the MariaDB console and create a database for the PostfixAdmin. Run the following command:

mysql -u root -p

This will prompt you for a password, so enter your MariaDB root password and hit Enter. Once you are logged in to your database server you need to create a database for PostfixAdmin installation:

CMariaDB [(none)]> CREATE DATABASE postfixadmin;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'strong_password';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q

Step 4. Installing PostfixAdmin.

The first thing to do is to go to PostfixAdmin’s download page and download the latest stable version of PostfixAdmin:

wget -q -O - "https://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-3.0.2/postfixadmin-3.0.2.tar.gz" | tar -xzf - -C /var/www/html

Open the mail configuration file:

nano /var/www/html/postfixadmin-3.0.2/config.inc.php

Edit the following values:

$CONF['configured'] = true;
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'strong_password';
$CONF['database_name'] = 'postfixadmin';
$CONF['domain_path'] = 'NO';
$CONF['domain_in_mailbox'] = 'YES';

Now you need to assign the ownership of the files and folders to Apache’s user and group. To do so, the command is:

chown -R apache: /var/www/html/postfixadmin-3.0.2

To populate the database go to https://Your_IP_Address/postfixadmin-3.0.2/setup.php and you should see something like below:

Testing database connection - OK - mysqli://postfixadmin:xxxxx@localhost/postfixadmin
Everything seems fine... attempting to create/update database structure

Create a new admin user:

bash /var/www/html/postfixadmin-3.0.2/scripts/postfixadmin-cli admin add admin@your_domain_wpcademy.com --password strong_password22 --password2 strong_password22 --superadmin 1 --active 1
<.pre>

Step 5. Installing and configure Postfix.

Install postfix with the following command:
yum -y install postfix

Once the installation is completed, we need to create configuration files:

mkdir -p /etc/postfix/sql/

nano /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

nano /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'

nano /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

nano /etc/postfix/sql/mysql_virtual_alias_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
#expansion_limit = 100

nano /etc/postfix/sql/mysql_virtual_domains_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
#query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
#expansion_limit = 100

nano /etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

nano /etc/postfix/sql/mysql_virtual_mailbox_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
#expansion_limit = 100

Next, edit the main.cf file:

postconf -e "myhostname = $(hostname -f)"

postconf -e "virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf"
postconf -e "virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"
postconf -e "virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf"
postconf -e "smtpd_tls_cert_file = /etc/pki/tls/certs/localhost.crt"
postconf -e "smtpd_tls_key_file = /etc/pki/tls/private/localhost.key"
postconf -e "smtpd_use_tls = yes"
postconf -e "smtpd_tls_auth_only = yes"
postconf -e "smtpd_sasl_type = dovecot"
postconf -e "smtpd_sasl_path = private/auth"
postconf -e "smtpd_sasl_auth_enable = yes"
postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination"
postconf -e "mydestination = localhost"
postconf -e "mynetworks = 127.0.0.0/8"
postconf -e "inet_protocols = ipv4"
postconf -e "inet_interfaces = all"
postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"

Open the master.cf file, find submission inet n and smtps inet n sections and edit as follows:

nano /etc/postfix/master.cf

Edit the following values:

submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING

Finally, enable the postfix service:

systemctl enable postfix
systemctl restart postfix

Step 6. Installing and Configure Dovecot.

Install dovecot using the command bellow:

yum install dovecot dovecot-mysql

Open the /etc/dovecot/conf.d/10-mail.conf file:

nano /etc/dovecot/conf.d/10-mail.conf

Change the following values:

mail_location = maildir:/var/vmail/%d/%n
mail_privileged_group = mail
mail_uid = vmail
mail_gid = mail
first_valid_uid = 150
last_valid_uid = 150

Open the /etc/dovecot/conf.d/10-auth.conf file:

nano /etc/dovecot/conf.d/10-auth.conf

Change the following values:

auth_mechanisms = plain login
#!include auth-system.conf.ext
!include auth-sql.conf.ext

Create a new dovecot-sql.conf.ext file:

nano /etc/dovecot/dovecot-sql.conf.ext

Edit the following values:

driver = mysql
connect = host=localhost dbname=postfixadmin user=postfixadmin password=strong_password
default_pass_scheme = MD5-CRYPT
password_query = SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
user_query = SELECT '/var/vmail/%d/%u' as home, 'maildir:/var/vmail/%d/%u' as mail, 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'

In the /etc/dovecot/conf.d/10-ssl.conf file enable SSL support:

ssl = yes

Open the /etc/dovecot/conf.d/15-lda.conf file and set the postmaster_address email address:

postmaster_address = postmaster@your_domain_name.com

Open the /etc/dovecot/conf.d/10-master.conf file, find the service lmtp section and change it to:

service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}

Find the service auth section and change it to:

service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
#group = vmail
}
user = dovecot
}

Change the service auth-worker section to the following:

service auth-worker {
user = vmail
}

Now you need to assign the ownership of the files and folders. To do so, the command is:

chown -R vmail:dovecot /etc/dovecot
chmod -R o-rwx /etc/dovecot

Finally, enable and restart the dovecot service:

systemctl enable dovecot
systemctl restart dovecot

Step 7. Installing and configure Spamassassin.

Install spamassassin using the command bellow:

yum -y install spamassassin

Create a spamassassin system user:

groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
chown spamd:spamd /var/log/spamassassin

Next, configure Postfix to use SpamAssassin:

nano /etc/postfix/master.cf

Change values:

smtp inet n - n - - smtpd

With:

smtp inet n - n - - smtpd -o content_filter=spamassassin

Add the following line at the end of the file:

systemctl enable spamassassin
systemctl restart spamassassin

Finally, restart the postfix service:

systemctl restart postfix

Step 8. Accessing PostfixAdmin.

If everything is set up correctly now you should be able to log in to your PostfixAdmin backend by going to http://Your_IP_Address/postfixadmin-3.0.2.2 and create your first virtual domain and mailbox.

Congratulation’s! You have successfully installed PostfixAdmin. Thanks for using this tutorial for installing Mail Server With PostfixAdmin on CentOS 7 system. For additional help or useful information, we recommend you to check the official PostfixAdmin web site.

Posted on

How To Disable Root SSH Access on CentOS 7

Disable Root SSH Access on CentOS 7

In this tutorial we will show you how to disable root SSH access on your CentOS 7. By default when you install CentOS 7 and SSH server, the root account automatically have remote access via SSH. This can be dangerous. If the root account password falls into the wrong hands, your server is at the mercy of the bad guys with the password. They can delete every file and folder on the server and take down the entire system with few commands. That’s why limiting the root account from directly accessing the server is recommended.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step disable root SSH access on a CentOS 7 server.

Note: Before you disable SSH logins for the root account, you must create a normal user account. (Otherwise, you will be unable to access your server when you disable the root account for SSH logins.)
Disable Root SSH Access on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Disable Root SSH Access.

To disable that, open SSH configuration file using the commands below:

nano /etc/ssh/sshd_config

Modify the line as follows:

PermitRootLogin no

Save the file and restart the SSH server by running the commands below:

systemctl restart sshd.service

To re-enable the root account, just put the # symbol for the PermitRootLogin directive in the file and save it. The restart SSH server.

Congratulation’s! You have successfully disable root SSH access. Thanks for using this tutorial for disable root SSH access on CentOS 7 system. For additional help or useful information, we recommend you to check the official SSH web site.