Monday, August 23, 2010

Query Recipient Windows Active Directory directly



I/Intro
As Document http://conheotiensinh.blogspot.com/2010/08/config-iredmail-as-mail-gatewayanti.html.I intro to you how to query recipients use Perl and after discusses with Zhang Huangbin and I promise with him.So today I will intro to you How to query recipient(real-time) Windows Active Directory directly.


II/Config

Step 1:Create /etc/postfix/ldap_user.cf with info:

server_host = 192.168.22.233 ##with 192.168.22.233 As Active Directory
search_base = dc=test, dc=vn
version = 3
query_filter = (&(objectclass=person)(mail=%s))
result_attribute = samaccountname
bind = yes
bind_dn = test\admin # Account use query Recipient.
bind_pw = 123 #pass use query Recipient

Step 2: change config in /etc/postfix/main.cf

relay_recipient_maps = hash:/etc/postfix/relay_recipients
To
relay_recipient_maps = ldap:/etc/postfix/ldap_user.cf

Step 3:restart Postfix

/etc/init.d/postfix restart


Thanks Zhang Huangbin for suggest and Contribute

Please let me know if you have question




Posted by at No comments:

Friday, August 20, 2010

Config Mail Gateway LINUX less than 5 minutes (Anti-spam, Mail Anti-virus,Greylisting).

I/Intro

As previous document I intro to you Iredmail as mail server in linux with full-featured (/Postfix/Dovecot/Amavisd/ClamAV/SpamAssassin/RoundCube/iRedAdmin/
postfixadmin).But With this document I will intro iredmail as mail gateway(because By default iredmail config /Amavisd/ClamAV/SpamAssassin/greylisting for anti spam and mail anti-virus).

II/Install Iredmail

Install iredmail as normal But only choose phpmyadmin(for managed greylisting easier) and Awstats

III/Remove some services not use

Because we setup iredmail as Mail gateway so We not use some services:dovecot,pysieved

IV/Change some config

1/Edit /etc/postfix/main.cf

mydestination =
local_recipient_maps =
local_transport =error:local mail delivery disabled

relay_recipient_maps = hash:/etc/postfix/relay_recipients

relay_domains = test.vn

transport_maps = hash:/etc/postfix/transport

comments all line with mysql_* or ldap_*

2/ edit /etc/postfix/master.cf

comment line

#local unix - n n - - local

3/edit /etc/postfix/transport

test.vn smtp:192.168.22.233 #with 192.168.22.233(IP mail server backend as exchange...)

4/create /etc/postfix/relay_recipients

u1@test.vn OK
u2@test.vn OK
ug@test.vn OK
u3@test.vn OK
u4@test.vn OK

5/hashing Databases

postmap /etc/postfix/transport
postmap /etc/postfix/relay_recipients

V/Populating relay_recipients from Active Directory


Note that this script requires perl and Net::LDAP(you need install perl-ldap by yum). However, this does NOT have to be on your email gateway.

Edit the script so that values below are correct:
$VALID = "/etc/postfix/relay_recipients";
$dc1="dc1.test.vn";
$dc2="dc2.test.vn";
$hqbase="cn=Users,dc=test,dc=vn";
$user="cn=user,cn=Users,dc=test,dc=vn";
$passwd="password";

If You have any problem script perl please send mail to quan.hoa@conheotiensinh.co.cc.I will edit for you

VI/Create Bash shell automatic update relay_recipients from Active directory

create bash shell /opt/ad.sh with info:

cd /etc/postfix ; ./getadsmtp.pl && /usr/sbin/postmap relay_recipients
/usr/sbin/postfix reload

use crontab run as your schedule

Beside you can use iredmail for multi domain(can get relay_recipients from Multi Active directory).

Thanks

quan.hoa@conheotiensinh.co.cc



Posted by at 1 comment:

Friday, August 13, 2010

Config cluster Load balancer layer 7 support SSL with Heatbeat,Nginx and Haproxy

I/INTRO

As Document http://conheotiensinh.blogspot.com/2010/06/setting-up-high-availability-load.html.I config Haproxy load balance HTTPS with stunnel(It very easy for config and deploy).But with stunnel you can't detech IP source access to haproxy and Performance can't same as Nginx.So I will intro to you 1 solution resove this problem with Nginx as SSL Reverse Proxy,Heartbeat as cluster and haproxy load balance.

Nginx [engine x] is a HTTP and reverse proxy server, as well as a mail proxy server written by Igor Sysoev. It has been running for more than five years on many heavily loaded Russian sites including Rambler (RamblerMedia.com). According to Netcraft nginx served or proxied 4.70% busiest sites in April 2010. Here are some of success stories: FastMail.FM, Wordpress.com,sourceforge.net....


II/INSTALL

Step 1:config IP As image


Step 2:install haproxy by rpm packet(if you need install haproxy with last version 1.4.8.Please contact me with email:quan.hoa@conheotiensinh.co.cc,I will give it to you) or you can download Haproxy from http://rpm.pbone.net/


Step 4:Install Nginx by rpm packet(if you need install nginx with last version 0.7.67.Please contact me with email:quan.hoa@conheotiensinh.co.cc,I will give it to you) or you can download Nginx from http://rpm.pbone.net/

III/CONFIG

Step 1:config haproxy on both Server .You config as image



Step 3:config Nginx on both serve as image


Step 4:access haproxy status pages with url https://192.168.129.133/haproxy?stats



Step 5:stop Server 1 and access haproxy status page:


if you have question.Please contact me with email quan.hoa@conheotiensinh.co.cc

Thanks

quan.hoa@conheotiensinh.co.cc
Posted by at 1 comment:

Friday, August 6, 2010

LOADBALANCE WITH MULTI PPPoE INTERFACE IN PFSENSE 2.0


I/Intro

Now pfsense release version 1.2.3 .It only support 1 interface use PPPoE.But with pfsense 2.0(Beta 4)you can use multi interface use PPPoE and Version 2.0 change config load balance outbound.So I will intro to you config multi interface use PPPoE.


II/Install Pfsense as previous Document

III/Config multi interface use PPPoE config as images


Note:you can create PPPoE Server for test this document with pfsense

IV/config load balance with pfsense

As previous version (1.2.3) you can config as http://conheotiensinh.blogspot.com/2009/10/multi-wan-load-balancing-outbound-use.html.But with pfsense version 2.0 load balance outbound change config.

step1:config gateway (system ->routing) config 2 gateway as images with 192.168.127.128 and 192.168.128.129 IP of PPPoe server (it will auto detect when connect via PPPoE)


step 2:config groups(system ->routing) change to Groups tab and create group as image


Step 3:view status of Gateway and Groups when 2 line connect


Step 4:Test disconnect 1 interface and view status
Step 5:create rule as image


Thanks

Conheotiensinh(quan.hoa@conheotiensinh.co.cc)
Posted by at No comments:
Subscribe to: Posts (Atom)