Setting SSL (letsencrypt) nginx Citadel

  1. Tukar port HTTPS Citadel ke 2001 dengan arahan

    dpkg-reconfigure citadel-webcit

  2. Pasang SSL truecrypt dengan merujuk kepada artikel https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
  3. Edit /etc/nginx/sites-enabled/citadel seperti berikut:
    server {
    
            server_name domain.com citadel.domain.com;
            listen 443 ssl http2;
            listen [::]:443 ssl http2;
            include snippets/ssl-domain.com.conf;
            include snippets/ssl-params.conf;
    
            error_log /var/log/nginx/citadel-error.log;
            access_log /var/log/nginx/citadel-access.log;
    
            root /usr/share/citadel-webcit;
    # optional:
    #      listen 192.168.1.1:443
    # instead depending on your setup...
            # Main location
            location /webcit/ {
                proxy_pass         https://127.0.0.1:2001/;
                proxy_redirect     off;
    
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    
                client_max_body_size       10m;
                client_body_buffer_size    128k;
    
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
    
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
            }
            location /listsub/ {
                proxy_pass         https://127.0.0.1:2001;
                proxy_redirect     off;
    
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    
                client_max_body_size       10m;
                client_body_buffer_size    128k;
    
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
    
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
            }
            location /groupdav/ {
                proxy_pass         https://127.0.0.1:2001/;
                proxy_redirect     off;
    
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    
                client_max_body_size       10m;
                client_body_buffer_size    128k;
    
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
    
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
            }
            location /freebusy/ {
                proxy_pass         https://127.0.0.1:2001/;
                proxy_redirect     off;
    
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    
                client_max_body_size       10m;
                client_body_buffer_size    128k;
    
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
    
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
            }
    }

Sumber:
http://www.citadel.org/doku.php/faq:installation:apacheproxy
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Padam semua spam dari pengguna spesifik Zimbra

Simpan sebagai postfix-delete.pl

Cara guna
perl postfix-delete.pl user@domain.com

Kod:

#!/usr/bin/perl

$REGEXP = shift || die "no email-adress given (regexp-style, e.g. bl.*\@yahoo.com)!";

@data = qx</opt/zimbra/postfix/sbin/postqueue -p>;
for (@data) {
  if (/^(\w+)(\*|\!)?\s/) {
     $queue_id = $1;
  }
  if($queue_id) {
    if (/$REGEXP/i) {
      $Q{$queue_id} = 1;
      $queue_id = "";
    }
  }
}

#open(POSTSUPER,"|cat") || die "couldn't open postsuper" ;
open(POSTSUPER,"|/opt/zimbra/postfix/sbin/postsuper -d -") || die "couldn't open postsuper" ;

foreach (keys %Q) {
  print POSTSUPER "$_\n";
};
close(POSTSUPER);

Sumber:

http://www.cyberciti.biz/tips/howto-postfix-flush-mail-queue.html

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Menyelaraskan folder akaun emel zimbra

Untuk menyelaraskan folder akaun emel zimbra dari satu ZCS ke ZCS yang lain untuk tujuan migrasi:

Dapatkan senarai akaun yang hendak diselaraskan

su - zimbra
zmaccts | grep "@domain" | cut -d " " -f 1 > /tmp/accounts.txt

Contoh kod skrip imapsync

#!/bin/bash
while IFS= read file
do
imapsync –noauthmd5 –syncinternaldates –buffersize 65535000 –subscribe \
–host1 202.x.x.x –user1 $file –authuser1 admin@domain –password1 password1 –nofastio1 –authmech1 plain \
–host2 10.x.x.x –ssl2 –user2 $file –authuser2 admin@domain –password2 password2 –nofastio2 –authmech2 plain 2> zimbrasyncerror.txt
done < "accounts.txt"[/code] pada baris ke-6, kita menggunakan option --ssl2 kerana server destinasi hanya terdapat port 993 (IMAP4 ssl)

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Migrasi akaun Domino ke Zimbra

Perkara yang diperlukan untuk migrasi Domino 8.5 ke Zimbra Collaboration 8.5 dengan mengambil kira perkara berikut

  1. Tiada port yang dihalang antara Domino dan Zimbra
  2. Domino menggunakan external LDAP server

Berikut keperluannya:

  • Katalaluan pengguna dengan level admin
  • Fail ID pengguna admin tersebut
  • Aplikasi ZCSDominoMigrationWizard
  • dll SDK C++ Notes (lcppn30i.dll) diletakkan ke dalam %windir%\System32 dan folder fail ZCSDominoMigrationWizard
  • Notes client siap dipasang
  • notes.ini dengan tetapan (ubah ikut kesesuaian) seperti berikut di dalam folder C:\ProgramData\Lotus\Notes\Data\
[Notes]
KitType=1
SharedDataDirectory=C:\ProgramData\Lotus\Notes\Data\Shared
InstallType=6
InstallMode=1
NotesProgram=c:\Program Files (x86)\IBM\Lotus\Notes\
FaultRecovery_Build=Release 8.5.3
Timezone=-8
DST=0
DSTLAW=4,1,1,10,-1,1
Directory=C:\Program Files (x86)\IBM\Lotus\Notes
USING_LOCAL_SHARED_MEM=1
LOCAL_SHARED_MEM_SESSION_ID=2
FileDlgDirectory=C:\Users\MyDomain\Documents
CONSOLE_ZCSDOMINOMIGRATIONWIZARD-8=80 300 7 150 150 827 492 
KeyFileName=C:\Users\MyDomain\Desktop\Administrator.id
KeyFileName_Owner=CN=Administrator/O=MYDOMAIN
MailType=1
$$HasLANPort=1
Log=log.nsf, 1, 0, 7, 40000
PhoneLog=2
CONSOLE_Administrator/MyDomain=80 300 7 100 100 777 442 
LOCAL_SHARED_MEM_SESSION_ID=2
SU_IN_PROGRESS=0
SU_NEXT_UPDATE=09/12/2014 12:24:45 PM
SU_FILE_CLEANUP=C:\Users\Administrator\AppData\Roaming\smkits
SUT_NEXT_UPDATE=09/12/2014 12:24:45 PM
FontIncrease=0
StandardWorkspace=1
DST=1
MailType=0
$$HasLANPort=1
$IEVersionMajor=6
$IEVersionMinor=1
WWWDSP_SYNC_BROWSERCACHE=1
WWWDSP_PREFETCH_OBJECT=1
EnableJavaApplets=1
EnablePlugins=1
Preferences=134257
PrefAPIVer=197
AltNameLanguage=en
ContentLanguage=en-US
WeekStart=1
ViewWeekStart=2
NavWeekStart=1
XLATE_CSID=52
SPELL_LANG=1033
SPELL_PREFERENCES=0
Region=en-US
DatePickerDirection=0
EnableBiDiNotes=0
GlobalTextDir=1
ScriptRTFVisualCaretMovement=0
Passthru_LogLevel=4
Console_LogLevel=2
VIEWIMP1=Lotus 1-2-3,0,_IWKSV,,.123,.WK1,.WK3,.WK4,.WKS,.WR1,.WRK,,4,
VIEWIMP2=Structured Text,0,_ISTR,,.CGN,.LTR,.STR,._UNKNOWN,,,1,
VIEWIMP3=Tabular Text,0,_ITAB,,.PRN,.RPT,.TAB,.TXT,.TSV,,1,
VIEWIMP4=vCard,0,_IVCRD,,.VCF,,1,
VIEWIMP5=Calendar File (.ics),0,_IICAL,,.ICS,.VCS,,1,
VIEWIMP6=Comma Separated Value,0,_ICSV,,.CSV,,1,
VIEWEXP1=Comma Separated Value,0,_XCSV,,.CSV,,1,
VIEWEXP2=Lotus 1-2-3,0,_XWKS,,.123,.WK1,.WK3,.WK4,.WKS,.WR1,.WRK,,4,
VIEWEXP3=Structured Text,0,_XSTR,,.CGN,.LTR,.STR,._UNKNOWN,,1,
VIEWEXP4=Tabular Text,1,_XTAB,,.CGN,.LTR,.RPT,.TAB,.TXT,,1,
VIEWEXP5=vCard,0,_XVCRD3,,.VCF,,1,
VIEWEXP6=Calendar File (.ics),0,_XICAL,,.ICS,,1,
EDITIMP1=ASCII Text,0,_ITEXT,,.C,.H,.PRN,.RIP,.TXT,,1,
EDITIMP2=Binary with Text,0,_ISTRNGS,,.*,,1,
EDITIMP3=BMP Image,0,_IBMP,,.BMP,,18,
EDITIMP4=CGM Image,0,_IFL,,.CGM,.GMF,,8,
EDITIMP5=GIF Image,0,_IGIF,,.GIF,,18,
EDITIMP6=HTML File,0,_IHTML,,.HTM,.HTML,,1,
EDITIMP7=JPEG Image,0,_IJPEG,,.JPG,.JPEG,,18,
EDITIMP8=Lotus 1-2-3,0,_IW4W,_IWKSE,.123,.WK1,.WK3,.WK4,.WKS,.WR1,.WRK,,4,
EDITIMP9=Lotus PIC,0,_IPIC,,.PIC,,8,
EDITIMP10=Lotus Word Pro,0,_IW4W,,.LWP,,2,
EDITIMP11=Microsoft Excel,0,_IW4W,,.XLS,,4,
EDITIMP12=Microsoft RTF,0,_IRTF,_IW4W,.RTF,,2,
EDITIMP13=Microsoft Word,0,_IW4W,,.DOC,,2,
EDITIMP14=Network Portable Graphics,0,_IW4W,,.PNG,,18,
EDITIMP15=PCX Image,0,_IPCX,,.PCX,,18,
EDITIMP16=TIFF 5.0 Image,0,_ITIFF,,.TIF,,18,
EDITIMP17=WordPerfect,0,_IW4W,,.WPD,.WPT,,2,
EDITIMP18=Unsupported File as Text,0,_ITEXT,,.*,._UNKNOWN,,1,
EDITIMP19=Symphony Document (.ODT),0,_IW4W,,.ODT,,2,
EDITIMP20=Symphony Spreadsheet (.ODS),0,_IW4W,,.ODS,,2,
EDITIMP21=Symphony Presentation (.ODP),0,_IW4W,,.ODP,,2,
EDITIMP22=Microsoft Word 2007,0,_IW4W,,.DOCX,,2,
EDITIMP23=Microsoft Excel 2007,0,_IW4W,,.XLSX,,2,
EDITEXP1=ASCII Text,2,_XTEXT,,.C,.H,.PRN,.RIP,.TXT,._UNKNOWN,,1,
EDITEXP2=CGM Image,2,_XCGM,,.CGM,.GMF,,8,
EDITEXP3=Microsoft RTF,2,_XRTF,,.DOC,.RTF,,4,
EDITEXP4=TIFF 5.0 Image,2,_XTIFF,,.TIF,,18,
EDITEXP5=vCard,0,_XVCRD3,,.VCF,,1,
DDETimeout=10
NAMEDSTYLE0=030042617369630000000000000000000000000000000000000000000000000000000000000001010100000A0000000000000100A0050A0000006400A0050A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009404000000000000
NAMEDSTYLE0_FACE=Default Sans Serif
NAMEDSTYLE1=030042756C6C657400000000000000000000000000000000000000000000000000000000000001010100000A000000000000000008070A000000640008070A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049404000000000000
NAMEDSTYLE1_FACE=Default Sans Serif
NAMEDSTYLE2=0300486561646C696E6500000000000000000000000000000000000000000000000000000000010101010B0C0000000000000100A0050A0000006400A0050A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009404000000000000
NAMEDSTYLE2_FACE=Default Sans Serif
DefaultMailTemplate=mail85.ntf
TCPIP=TCP, 0, 15, 0
LAN0=NETBIOS, 0, 15, 0
Ports=TCPIP
DisabledPorts=LAN0
PhoneLog=2
SPELL_IMPORTED_UD=1
MailServer=10.0.10.9
NOTES_USER_POLICIES_SETUP_LEVEL=1
PoliciesLocalViewModTime=C1257D9B:0045C534
TemplateSetup=850300
VIEW_ICONPOPUP=1
Setup=850300
Location=Online,9EE,CN=Administrator/O=MYDOMAIN
IsUserUpgrade=0
LastProvisioningVersion=1363281176929
ECLSetup=3
MailUpgradeCheckTime=39BEE8
$headlineClientId=80B0757F:396CB990-88257A13:005D64F1
DontCheckDefaultMail=1
$USE_WCT_IM=1
$USE_ST_IM=0
SYMPHONY_INSTALLED=0
IDVAULT_COUNT1=0
IDVAULT_STAMP1=11/26/2014 03:02:04 AM
LastHistoryPruneTime=11/25/2014 01:49:58 PM
NewMailSeqNum=8
NewMailSeqNum88257957:003A606A=8
RoamingServerHasPolicy=0
ExitNotesPrompt=0
DESKWINDOWSIZE=41 42 1230 874
WINDOWSIZEWIN=25 19 1230 893
MAXIMIZED=0
WindowSizeBrowse=550 134 499 287
URLAddress1=Notes:///0000000000000E00/MailFS?OpenFrameset
WindowSizeChooseServers=474 134 331 309
WindowSizeOtherServer=471 134 337 212
WindowSizeChooseLocation=663 134 274 157
NAMES=names.nsf
Win32InfoboxPos=32 110
DisableMultiUserSwitchIDPrompt=1
BCASE_SITEMAP_DISPLAY=13
ReplDefFullDocs=1
ReplDefPartDocsLimit=0
ReplDefPartDocsLimitAmt=40
ReplDefPartAtchLimit=0
ReplDefPartAtchLimitAmt=40
ReplDefFullText=0
ReplDefEncrypt=1
ReplDefEncryptType=2
ReplDefReplImmed=1
LOCAL_DB_ENCRYPT_ENABLE=1
LOCAL_DB_ENCRYPT_DEFAULT=2
$headlineDisableHeadlines=0
PromptForLocation=0
EmptyTrash=0
AltCalendar=0
AdditionalTZMainCal=0
AdditionalTZSideCal=0
FooterWeekNo=0
FirstDayInYear=1
MinDaysInFirstWeek=1
MIMEPromptMultilingual=1
MIMEMultilingualMode=1
QuotePrefix=>
QuoteLineLength=70
EnableJavaScript=1
EnableJavaScriptErrorDialogs=1
EnableLiveConnect=1
BackgroundPrinting=1
ShowAccelerators=1
DisableImageDithering=1
MailSetup=850300
MailUpgradeFolder=850300
URLAddress2=notes:///ClientBookmark?OpenDatabases
SelectNamesDialogSize=320,959,134,497,
NameAddressingDlgLastViewName=0,List by name
WindowSizeReplSettings=355 134 569 405
WindowSizeReplHistory=348 134 583 232
SelectNameDialogSize=380,900,134,497,
TYPEDROPDOWNATTR=InternetAddress
TCPIP_TcpConnectTimeout=0,5
PURGE_DUPLICATE_CONTACTS=5
$DialogMode=0
SelectAddressesDialogSize=475,1125,134,470,
LAST_RECENT_CONTACT_CHECK=C1257C62:00469222
$DPABVersion=1.4
$EnableAlarms=0
CalendarTimeSlotStart=420
CalendarTimeSlotEnd=1140
CalendarTimeSlotDuration=60
$DontCheckDeleteConversation=0
NEXTDPABSYNC=01/23/2014 01:50:49 PM
StrIXDocSepCode=12
FindPeopleDlgSize=509,1091,134,495,
$CSBroadcast=0
NeedDPABcache=1
SU_DELAY_DAYS=0
WindowSizeCategorize=648 134 304 258

Tips tambahan:

BaseDN adalah nama domain. Contoh jika domain adalah mydomain.com, maka BaseDN adalah O=MYDOMAIN

Untuk DN, jika nama pengguna admin adalah Administrator dan domain adalah mydomain.com, DN adalah CN=Administrator O=MYDOMAIN

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Zimbra LDAP: error code 49 – Invalid Credentials

ERROR: service.FAILURE (system failure: unable to lookup server by name: webmail.mydomain.com message: [LDAP: error code 49 – Invalid Credentials]) (cause: javax.naming.AuthenticationException [LDAP: error code 49 – Invalid Credentials])

Sebab ralat:
-ingin migrate ZCS ke server baru yang berlainan versi OS. Jika sama, cuma rsync
-restore backup ldap dari server asal selepas install ZCS pada server baru
-gagal mulakan servis zimbra dengan ralat seperti diatas

Penyelesaian:
-pastikan output zmhostname = webmail.mydomain.com
-pastikan webmail.mydomain.com adalah MX record untuk domain mydomain.com (periksa dengan “nslookup -t mx domain.com”)
-pastikan IP webmail.mydomain.com disenaraikan didalam /etc/hosts
-salin localconfig.xml dari server zimbra lama ke server baru & edit password berkaitan mysql supaya sama dengan setting kat server baru
-restart servis zimbra

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Nota pemasangan Zarafa Open Source pada Debian Squeeze 32-bit

Note: Integrasi exim4 masih lagi tidak berfungsi, sekadar menjalankan antaramuka buat masa ini
OS: Debian 6.0.6 32-bit
ZCP: 7.1.1-37812-debian-6.0-i386

Pasang pakej-pakej yang diperlukan (Apache, PHP & MySQL)
aptitude install mysql-server
aptitude install apache2-mpm-prefork libapache2-mod-php5

Ubah kebenaran untuk skrip pemasangan
chmod 755 install.sh

Laksanakan skrip pemasangan dari folder Zarafa opensource yang telah diekstrak
./install.sh

Kebanyakan soalan, cuma tekan kekunci Enter

Jika terdapat masalah dependency, guna arahan berikut
apt-get -f install

Ubah permission /var/lib/zarafa-webapp/tmp supaya boleh diakses oleh apache
chown www-data:www-data /var/lib/zarafa-webapp/tmp

Cipta pengguna pertama yang akan menjadi admin
zarafa-admin -c user1 -f 'user1' -p abc123 -e user1@mydomain.com

Mulakan semula apache
/etc/init.d/apache2 restart

Penggunaan RAM cuma 77MB (cuba bandingkannya dengan Zimbra!)

# free -m
             total       used       free     shared    buffers     cached
Mem:           502        467         34          0         53        337
-/+ buffers/cache:         77        425
Swap:          983          0        983
Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)