Results tagged “linux” from muse

这篇文章旨在提供一些编译X窗口系统的指导步骤。细节步骤会因为大家的系统环境不一致而有所不同，而且编译步骤和环境的不同也会造成各种问题。

为什么要编译X窗口系统？你的显卡驱动要求更新版本的X窗口系统，但是 yum 没有更新的版本，所以只能自己编译。

X窗口系统的编译指南 提供了两种编译方法，一种是使用 build.sh 脚本，另一种是使用 jhbuild。这篇文章使用的是 jhbuild，X的官网上也给了 jhbuild 的 编译指南 ，但是比较粗略，这篇文章会详细介绍 jhbuild 的使用，编译X系统时可能遇到的问题，安装和使用X系统时可能遇到的问题。

首先你要安装编译工具和依赖库。这里列出的依赖库可能不完全，请依照实际需要安装更多的软件包。

yum install @gnome-devel @development-tools gnome-common glib2-devel gnome-doc-utils docbook-style-xsl waf
yum install zlib-devel freetype-devel libxslt-devel libxml2-devel expat-devel gperf libgcrypt-devel

安装 python 2.7, pip, 然后用 pip 安装 mako, lxml, six。编译 mesa 时会用到 mako。编译 fontconfig 时会用 lxml 和 six。

yum install centos-release-SCL
scl enable python27 bash
cd /opt/rh/python27/root/usr/bin/ # 进入python2.7安装路径
./easy_install-2.7 pip
./pip2.7 install requests
pip install mako lxml six

准备工作完成后，下载 jhbuildh 开始配置工作。

注意：jhbuild 不能以 root 身份运行，所以你要创建一个新的普通用户并给予 sudoer 权限。

执行 scl enable python27 bash 开启一个新的 shell，在这个 shell 里面，python 是 python 2.7。

以下操作都是以普通用户去执行。

cd # 进入普通用户的 home 目录
git clone git://git.gnome.org/jhbuild
cd jhbuild
./autogen.sh
make
make install

jhbuild 会安装到 ~/.local/bin 目录下，编辑 ~/.bashrc 把这个路径添加到 $PATH 环境变量，用 export PATH=$PATH:$HOME/.local/bin 。然后执行 . ~/.bashrc 去重新加载 .bashrc。

现在你可以找到 jhbuild 这个命令了，用 which jhbuild 去确认一下。

下载使用 jhbuild 去编译 X 的配置文件：

cd # 进入你的 home 目录
mkdir -p xorg/util
git clone git://anongit.freedesktop.org/git/xorg/util/modular/ xorg/util/modular

拷贝 jhbuildrc 文件到你的 home 目录下进行编辑：

cd # 进入你的 home 目录
cp xorg/util/modular/jhbuildrc ./jhbuildrc
nano jhbuildrc

jhbuildrc 是 jhbuild 的配置文件，这个文件实际上是一个 python 脚本，其中你可以配置需要编译哪些 module，编译时的环境变量，编译时配置用的参数，编译和安装路径前缀，等等。

你可以使用 X 提供的默认 jhbuildrc，它会编译整个 X 窗口系统，大概有255个 module。编译路径前缀和安装路径将是你的 home 目录下的 xorg-build。

每个 module 的定义在 xorg/util/modular/xorg.modules 文件里，这个文件实际上是一个XML文档，里面定义了如何去获取源代码，git 仓库的链接在哪里，module 依赖关系。你可以通过修改这个文件去定义某个 module 的版本，比如，你想用11.1.2版本的 mesa，那么你要先查一下 git 仓库里的标签，看哪个 tag 对应的是11.1.2，比如"mesa-11.1.2"对应11.1.2版，那么你在名为 branch 的XML元素里加上 tag="mesa-11.1.2" 即可。（用 git tag -l 去列出 git 标签。）

友情提示：CentOS 6.x 使用的是 HAL，所以你在配置 xserver 时，要用 --enable-config-hal --disable-config-udev ，并且要给编译出来的 Xorg 可执行文件添加 SUID，即 chmod +s Xorg 。

配置完后 jhbuildrc 文件后，开始编译：

jhbuild -f jhbuildrc

第一次编译时，jhbuild 需要下载 git 仓库，如果你的网络速度不太理想，可能会需要很久。

下面列出来常用的 jhbuild 命令，方便在改变了配置后重新编译。

重新编译所有 module，禁止网络即不更新git信息：

jhbuild -f jhbuildrc build --no-network --force

重新编译一个 module 即 xserver，编译前运行 make clean：

jhbuild -f jhbuildrc buildone xserver --force --clean

在编译时，你可能会遇到各种问题而无法编译下去，jhbuild 会自动问你如何处理编译错误。

Today I wasted several hours configuring a Ubuntu machine for development. The major problem I had involves getting a wifi USB adapter to work properly. It uses Realtek 8192cu chipset, and apparently the driver that comes with the kernel is really outdated. If you don't upgrade the driver, it'll appear to work (you get connected but you'd get disconnected later) and then stops and no matter how you configure the routes it just won't work. You must blacklist the old drivers and install this one.

First, check if you are using the old drivers with lsmod | grep ^rt. If you are, use modprobe -r xxx to unload them. Unplug the wifi adapter now.

Then add these 3 lines to /etc/modprobe.d/blacklist.conf:

blacklist rtl8192cu
blacklist rtl8192c_common
blacklist rtlwifi

Now unfortunately you still need internet connection to proceed, just use cable.

Install rtl8192cu-tjp-dkms_1.6_all.deb. Note that may take a few minutes.

Finally, add 8192cu on a new line to /etc/modules. Reboot (reboot -h now) and your wifi should be working.

Install:

sudo apt-get install erlang yaws

Edit /etc/yaws/conf.d/localhost.conf and /etc/yaws/conf.d/localhost-ssl.conf to configure the site(s).

In /etc/yaws/yaws.conf, you can specify the directory for additional beam files, by default it is:

ebin_dir = /usr/lib/yaws/custom/ebin

To start a module when yaws starts, use runmod, for example:

runmod = start_mongodb

Note that the module should have an exported function start/0.

I was following this tutorial but had some trouble compiling, especially when I wanted to link with FFmpeg libraries, so I decided to share the makefile and save others some time in the future. My platform is Mac OS X 10.8 (Mountain Lion).

It's worth pointing out that I compiled FFmpeg and SDL from source, and installed a bunch of dependent libraries using macports.

CXX = g++
CXXFLAGS = -Wall -Wextra -pedantic -Os -I. -fPIC \
           -Wno-long-long -DNDEBUG
LDFLAGS = -framework OpenGL -framework GLUT
SH=bash

# don't forget to update the directory
FFMPEG_LIB_DIR = /mylibs/ffmpeg
FFMPEG_LIBS = -L$(FFMPEG_LIB_DIR)/libavcodec -lavcodec
FFMPEG_LIBS += -L$(FFMPEG_LIB_DIR)/libavformat -lavformat
FFMPEG_LIBS += -L$(FFMPEG_LIB_DIR)/libavutil -lavutil
FFMPEG_LIBS += -L$(FFMPEG_LIB_DIR)/libswresample -lswresample
FFMPEG_LIBS += -L$(FFMPEG_LIB_DIR)/libswscale -lswscale
FFMPEG_INCLUDES = -I$(FFMPEG_LIB_DIR)/libavcodec
FFMPEG_INCLUDES += -I$(FFMPEG_LIB_DIR)/libavformat
FFMPEG_INCLUDES += -I$(FFMPEG_LIB_DIR)/libavutil
FFMPEG_INCLUDES += -I$(FFMPEG_LIB_DIR)/libswresample
FFMPEG_INCLUDES += -I$(FFMPEG_LIB_DIR)/libswscale

# ffmpeg needs zlib
ZLIB_LIBS = $(shell pkg-config --libs zlib)

SDL_LIBS = $(shell sdl2-config --libs)
SDL_INCLUDES = $(shell sdl2-config --cflags)

CXXFLAGS += $(SDL_INCLUDES)
CXXFLAGS += $(FFMPEG_INCLUDES)
LDFLAGS += $(SDL_LIBS)
LDFLAGS += $(ZLIB_LIBS)
LDFLAGS += $(FFMPEG_LIBS)

SRCS = $(wildcard *.cpp)
OBJS = $(SRCS:.cpp=.o)
EXE = program

all: $(SRCS) $(EXE)

%.o: %.cpp
    $(CXX) -c -o $*.o $(CXXFLAGS) $*.cpp

$(EXE): $(OBJS)
    $(CXX) -o $@ $(OBJS) $(LDFLAGS)

clean:
    rm $(OBJS) $(EXE)

And here are the headers to include:

#include <OpenGL/OpenGL.h>
#include <OpenGL/gl3.h>

This is an installation guide for installing Tesseract OCR on Ubuntu 12.04 LTS.

First install the required libraries and tools for compiling.

sudo apt-get install libpng-dev libjpeg-dev libtiff-dev zlib1g-dev
sudo apt-get install gcc g++
sudo apt-get install autoconf automake libtool checkinstall

Install Leptonica from source. The latest version as of writing is 1.69.

wget http://www.leptonica.org/source/leptonica-1.69.tar.gz
tar -zxvf leptonica-1.69.tar.gz
cd leptonica-1.69
./configure
make
sudo checkinstall
sudo ldconfig

Then install Tesseract OCR from source.

wget https://tesseract-ocr.googlecode.com/files/tesseract-ocr-3.02.02.tar.gz
tar -zxvf tesseract-ocr-3.02.02.tar.gz
cd tesseract-ocr
./autogen.sh
./configure
make (this may take a while)
sudo make install
sudo ldconfig

Finally, install the languages you want. Simply place the trained data under /usr/local/share/tessdata. You can do this through wget or FTP upload.

Below are some miscellaneous notes.

If you wish to call Tesseract from PHP, try this:

shell_exec("/usr/local/bin/tesseract input.png output -l eng");

On a side note, in the rare case you are running MAMP and the above code fails, you should edit the environment variables in /Applications/MAMP/Library/bin/envvars. Comment out the following lines as such:

#DYLD_LIBRARY_PATH="/Applications/MAMP/Library/lib:$DYLD_LIBRARY_PATH"
#export DYLD_LIBRARY_PATH

This tutorial will help you setup a private OpenVPN server. By private I mean the server is intended for only one or two clients.

Before proceeding further, I assume you have some basic knowledge about computer networking and the *nix systems.

Examine the network diagram below to make sure this tutorial is suitable for you. The laptop's traffic will be routed through the server, thus it will appear as if laptop is the server. When VPN is working, your laptop's external IP should be your server's IP (google "what is my ip").

+----------+      +---------------------+               +------------------+
| INTERNET |======|{eth0  Server {tun0} |===(GATEWAY)===|   Laptop (LAN)   |
|          |      |  tun0: 10.8.0.1/24  |               |  192.168.0.0/24  |
+----------+      +---------------------+               +------------------+

Essentially it's just level 3 routing performed by OpenVPN and Ubuntu's iptables. You could also do bridging which works on level 2, but bridging is not covered in this tutorial.

To begin, install openvpn and generate the certificates and keys (server and client) by following the instructions here: OpenVPN, don't worry about any configurations yet.

Pick a memorable name for the client certificate. Suppose the client is called "fred", then KEY_CN should be "fred", and certificate file should be fred.crt and key file should be fred.key. This client name will be used for IP address assignment in OpenVPN. (See the paragraph after server config file for more.)

Start configuring openvpn from the example server.conf file. It is recommended that you take a bit of time to read through the comments and understand the settings. Sample TCP configuration file is given below.

Note that it doesn't matter whether OpenVPN is listening on TCP or UDP, all packets will be redirected. If you want to tunnel traffic over UDP, just change proto tcp to proto udp. And if you want to have the OpenVPN server listen on both UDP and TCP, you will need to create two different configuration files.

## OpenVPN server, TCP

port 1194
proto tcp
dev tun

ca ca.crt
cert server.crt
key server.key  # This file should be kept secret

dh dh1024.pem

server 10.8.0.0 255.255.255.0

# Assign IP to client by name
ifconfig-pool-persist ipp.txt
client-config-dir ccd

# Push the correct gateway to client
# Note: need iptables for NAT
push "redirect-gateway def1 bypass-dhcp"

keepalive 10 120

tls-auth ta.key 0 # This file is secret

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
cipher AES-128-CBC   # AES

# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

max-clients 3

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
;user nobody
;group nogroup

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log

# Set the appropriate level of log
# file verbosity.
verb 3

There are additional files needed to assign IP address to client by name. First the IP needs to be reserved, so create ipp.txt in /etc/openvpn and paste this line in:

fred,10.8.0.4

This line will reserve 10.8.0.4 for fred. Now create directory ccd, and create file fred in ccd and paste this line in:

ifconfig-push 10.8.0.4 10.8.0.1

This line will tell the client to use 10.8.0.4 as its IP address and 10.8.0.1 as the gateway. That's all we need to make sure fred always gets assigned 10.8.0.4. The reason why you might want this is to allow WLAN connections to get to fred, which can be done easily via iptables.

Now that the OpenVPN server is configured, try to start it. If it fails, it's usually because the tun device doesn't exist. Look at the log to find out what exactly went wrong. For certain hosts you have to enable it in the control panel or ask for it to be enabled. If OpenVPN successfully starts, you should see at least one tunnel interface (tun0) when you run ifconfig.

For the client, I'm using Tunnelblick on Mac OS X 10.8.3 (as of writing) and my config file is as follows:

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
dev tun
proto tcp
remote 1.2.3.4 1194

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

ca ca.crt
# don't forget to rename these files
cert fred.crt
key fred.key

# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1
cipher AES-128-CBC

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 3

# Get the correct gateway from server
pull

If the client can connect to server, then we've almost got everything to work. At this point, you should try pinging the server from client and pinging the client from server, at least one of the pings should work. Also check that client is assigned the correct IP.

Now it is time to get the packets routed properly with iptables NAT rules.

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

If your VPS uses OpenVZ you'll have venet0, then use these rules:

iptables -A FORWARD -i venet0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i tun0 -o venet0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to 1.2.3.4
iptables -t nat -A POSTROUTING -j SNAT --to-source 1.2.3.4

Double check the rules are correctly added.

$ iptables -t nat -nvL

I mentioned before that you could allow external WLAN connections to get to clients within the VPN, this is done by opening a port and forward incoming traffic of that port to the client. Use this rule (assuming the client's IP is always 10.8.0.4):

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 1234 -j DNAT --to-destination 10.8.0.4

If you have any confusions, this wiki page is pretty helpful: OpenVPN - ArchWiki. Also don't forget to enable IP forwarding, which is covered in that link too.

Now restart the server and have the client reconnect. Tunnelblick should automatically tell you your IP has been changed, that means your VPN is working. Double check that in the routing tables:

$ netstat -rn

Pay attention to the gateway, your server's IP should show up as the gateway, that confirms your external IP has been changed. Also, in case you have any DNS troubles, I always use Google's DNS servers: 8.8.8.8 and 8.8.4.4.

For additional security/stealth you should consider stunnel, follow the instructions here: Install and Setup OpenVPN Stealth with Stunnel on Ubuntu 12 +. It's very easy to setup, but note that it works with TCP only.

Lastly, don't forget to save the iptables rules with iptables-save. Or look at the script solution on this page: IptablesHowTo.

Last updated on 2013-08-19.

For more info on Dovecot: http://wiki.dovecot.org/LDA

Add the following at the bottom of master.cf

# spamassassin then dovecot LDA
dovecot    unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:mail argv=/usr/bin/spamc -u randomuser -e /usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

Basically, postfix pipe the mail into spamc, and since you don't want to run it as root you use another user (-u). -e redirects the output from spamc for dovecot to deliver. And postfix tells dovecot who the sender is, and who the recipient is.

Add the following to main.cf

mailbox_command = /path/to/dovecot/deliver
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

Now just restart postfix and you are done. Depending on how you setup the virtual domain database, it works for multiple domains.

This document is based on the following documents:

• http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL

This document describes the process of setting up a mail server on Fedora 10. The mail server uses dovecot for authentication and postfix for mail delivery. Postfix Admin is used to manage virtual domains and virtual users. Roundcube Mail is used for user to access their email accounts online. Of course everything depends on apache server and mysql.

Software packages used (dependencies not listed here): httpd, mysql, mysql-server, php, php-mysql, postfix, dovecot

Notable dependencies: php-imap, dovecot-mysql

Roundcube Mail have a lot dependencies, such as php-xml, php-xmlrpc and etc.

Configure Apache Server

# nano /etc/httpd/conf/httpd.conf

In order to reduce the memory usage and make our server more efficient, change the following:

Timeout 20
KeepAlive On
MaxKeepAliveRequests 200
KeepAliveTimeout 4
<IfModule prefork.c>
StartServers	   1
MinSpareServers    1
MaxSpareServers    5
ServerLimit	  50
MaxClients  	  50
MaxRequestsPerChild  2000
</IfModule>

We don't want indexing at all:

<Directory />
    Options -Indexes
    AllowOverride None
</Directory>

Now we are ready to start the server:

# service httpd start

Configure MySQL

After installing mysql, we must change the root password first:

# mysqladmin -u root password  'yourpassword'

Now we manage mysql databases using root login:

# mysqladmin -u root -p

If we are running tight on memory we should use small config file for mysql. And we would want to skip innodb and bdb too.

# cp /usr/share/mysql/my-small.cnf /etc/my.cnf

Now we are ready to start mysql server:

# service mysqld start

Configure Postfix Admin

The reason why we setup postfix admin first is because postfix gets the list of virutal users from mysql database, which can be easily edited by postfix admin. Remember that postfix admin uses innoDB (edit /etc/my.cnf accordingly)

Move into the directory you want to put postfix admin at.

# cd /var/www/html/

Get the latest release from SVN:

# svn co https://postfixadmin.svn.sourceforge.net/svnroot/postfixadmin/trunk postfixadmin 

Create a new user for postfix admin and grant access to mysql:

mysql> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON postfix.* to 'postfix'@'localhost';

Edit config.inc.php.

# nano config.inc.php

Edit the following:

$CONF['configured'] = true;
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'password';
$CONF['database_name'] = 'postfix';
$CONF['database_prefix'] = '';

And other things you may want to replace with your own.

Now we're ready to setup postfix admin. Go to http://localhost/postfixadmin/setup.php

Follow the instructions on that page. Fairly straight forward.

Configure Directories And Users

At this point we should think about where and how we are going to store mails and manage user accounts. Obviously in this case we will be using mysql, but there are other options too. Now let's create a user that will be used for all virtual users to login and store their mails.

# mkdir -p /home/vmail
# useradd -r -u 5000 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual mailbox" vmail
# chown vmail.mail /home/vmail

Configure Dovecot

Now edit dovecot config file at /etc/dovecot.conf. I prefer nano.

SSL setup:

protocols = imap pop3 imaps pop3s
listen = *
ssl_listen = 
ssl_disable = no
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem

Set the local user dovecot will use.

mail_location = maildir:/home/vmail/%u
first_valid_uid = 5000
last_valid_uid = 5000
first_valid_gid = 12
last_valid_gid = 12

Settings for protocols.

protocol imap {
  mail_plugins = quota imap_quota trash expire
  imap_client_workarounds = outlook-idle delay-newmail
}
protocol pop3 {  
  pop3_uidl_format = %08Xu%08Xv
  mail_plugins = quota expire
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}

Authentication settings so that dovecot and postfix can work together:

auth_executable = /usr/libexec/dovecot/dovecot-auth
auth_worker_max_count = 30
auth default {
  mechanisms = plain login
  passdb sql {
    args = /etc/dovecot/sql.conf
  }
  userdb sql {
    args = /etc/dovecot/sql.conf
  }
  user = nobody
  count = 1
  socket listen {
    master {
      path = /var/run/dovecot/auth-master
       mode = 0600
       user = vmail
    }
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = mail
    }
  }
}

Settings for plugins:

plugin {
  quota = maildir:User quota
  quota_rule = *:storage=1048576
  quota_rule2 = Trash:storage=102400
  trash = /etc/dovecot/trash.conf
}

Now create the files used in dovecot.conf. First create sql.conf, it's used to read username and password information from the postfix admin database. Basically the file just contains 2 SQL query for dovecot to execute.

Remember to change the database, username and password according to your setup.

driver = mysql
connect = host=localhost dbname=postfix user=dovecot password=password
default_pass_scheme = md5-crypt

user_query = SELECT '/home/vmail/%u' as home, 'maildir:/home/vmail/%u' as mail, 5000 AS uid, 12 AS gid, concat('*:storage=', quota, 'M') AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'

password_query = SELECT username as user, password, '/home/vmail/%u' as userdb_home, 'maildir:/home/vmail/%u' as userdb_mail, 5000 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'

Create trash.conf.

1 Spam
2 Trash

There are lots of tutorials on generating SSL certificates, so I'm not going to repeat the whole process here. You can run the command below and set postfix to use the same ones:

# openssl req -new -x509 -nodes -out /etc/pki/dovecot/certs/dovecot.pem -keyout /etc/pki/dovecot/private/dovecot.pem -days 3650

Creating your own CA (for postfix):

# openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Configure Postfix

Ok, here is my postfix setup:

broken_sasl_auth_clients = yes
home_mailbox = Maildir/
invalid_hostname_reject_code = 554
mail_owner = postfix
multi_recipient_bounce_reject_code = 554
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
myhostname = mail.example.com
mynetworks = 127.0.0.0/8
non_fqdn_reject_code = 554
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES
relay_domains_reject_code = 554
sendmail_path = /usr/sbin/sendmail.postfix
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access, permit
smtpd_recipient_restrictions = reject_invalid_hostname,            reject_unknown_recipient_domain, reject_unauth_pipelining, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client cbl.abuseat.org, reject_rbl_client rabl.nuclearelephant.com, reject_rbl_client bl.spamcop.net, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = 
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:12
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000

Now let's create the sql query files for postfix.

Create mysql_virtual_alias_maps.cf

user = postfix
password = password
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address

Create mysql_virtual_domains_maps.cf

user = postfix
password = password
hosts = localhost
dbname = postfix
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'

mysql_virtual_mailbox_maps.cf

user = postfix
password = password
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username

To enable smtpds for outgoing mail server, you need to edit /etc/postfix/master.cf. Just uncomment the following lines:

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Then add the following at the end of the file for dovecot to deliver mails into users' inboxes:

# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}

Configure RoundCube Mail

First, install all the dependencies that roundcube mail need.

To begin the setup, just browse to http://localhost/roundcubemail/ and follow the instructions there. However, there are certain things need to be edited manually after the 2 configuration files are generated. Since we're using Maildir style inbox, we want to let RoundCube Mail know that.

$rcmail_config['imap_root'] = 'INBOX';
$rcmail_config['imap_delimiter'] = '.';

And set this too so that RoundCube Mail creates all the necessary folders for us:

$rcmail_config['create_default_folders'] = TRUE;

Install Postfix Admin Patch for RoundCube Mail

Download the patch here

RCPFA patches roundcube mail so that it can modify the database that Postfix Admin uses. Extract rcpfa to the root directory of roundcube mail. Then move into the rcpfa directory.

# chmod +x INSTALL.TXT
# ./INSTALL.TXT

Then edit the config files of roundcube mail to change database login info.

That's it.

Because of all the computer network related stuff I have been doing I decided to install a Linux OS on my macbook pro 1,2.

Tried Ubuntu first but it didn't work out very well. Upon the first startup I was able to connect to wifi and install updates. However, after updating the system and rebooting, I lost network manager and the ability to connect to wifi. I've no idea what I did to deserve this, so ended with installing Ubuntu again. This time was even worse, I couldn't even login because the keyboard and trackpad didn't work.

Basically I just gave up getting Ubuntu to work on my MBP. Fedora, however, worked very well and I must admit I really like the blue color scheme. It's cool.

Installing Fedora was quite smooth and uneventful. Although I hesitated when I realized I had to move the free space (partitioned by Boot Camp) to another sequence, but that doesn't matter. After installation I had to tweak the system for trackpad, but that's all. Everything works and I'm truly happy with Fedora.

Now come to the OS part, I don't really care about the difference between yum and apt-get, although apt-get seems to get me more packages than yum could. What I did not get at the beginning is that libraries like libnet and libpcap have a development version and another version which does NOT contain header files. Well, doing yum groupinstall "development tools" is obviously not enough.

Managing fonts on Linux is a pain in the ass, even with FontMatrix. Typographers should stick to Mac OS at all circumstances, believe me.

I'm not quite sure why Fedora doesn't come with Tomboy preinstalled, but it's a really neat software and I currently use it as an equivalent of DEVONthink on Linux, besides all my note-taking apps on the web.

A note about the virtual console on Linux, I think it's brilliant. Mac OS should definitely implement something like this, because this multiple-desktop concept, aka Spaces, is downright stupid compared the multiple-console concept. Plus, isn't it cool to copy and paste using just mouse buttons (um, using a mouse)?

Update: Read up on this guide for a detailed, step-by-step, explanation on how to get Fedora 10 working on your MBP.

I downloaded F10-i686-Live.iso and burned it onto a CD. Used Boot Camp to create a partition for Fedora, because I'm lazy. The compensation is that you will see Windows instead of Fedora, and you have to press Alt every time upon booting to select Fedora. Do not alter the size of free space created by Boot Camp, I think there will be some undesirable consequences if you did.